Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet interrupted


  • This topic is locked This topic is locked
33 replies to this topic

#16 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 09 December 2011 - 10:35 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8345

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2011 9:31:21 PM
mbam-log-2011-12-09 (21-31-21).txt

Scan type: Quick scan
Objects scanned: 188084
Time elapsed: 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 


#17 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 09 December 2011 - 10:38 PM

2011-09-05 06:21:26 . 2011-09-10 20:40:19 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{aa415bdb-e048-4c0c-b67f-24162a0aa11d}\chrome.manifest.vir
2011-09-05 06:21:26 . 2011-09-10 20:40:19 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{aa415bdb-e048-4c0c-b67f-24162a0aa11d}\install.rdf.vir
2011-09-05 06:21:26 . 2011-09-10 20:40:19 1,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{aa415bdb-e048-4c0c-b67f-24162a0aa11d}\chrome\xulcache.jar.vir
2011-09-05 06:21:26 . 2011-09-10 20:40:19 256 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{aa415bdb-e048-4c0c-b67f-24162a0aa11d}\defaults\preferences\xulcache.js.vir
2011-09-05 06:20:57 . 2011-09-05 06:20:57 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\bjxcvnjqgj.tmp.vir
2011-09-05 01:56:05 . 2011-09-05 01:56:08 27,136 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Temp\penkdvih.dll.vir
2011-09-04 20:08:52 . 2011-09-05 04:03:20 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{67fce687-e0ac-4fe3-a020-dfb9aca2e9e0}\chrome.manifest.vir
2011-09-04 20:08:52 . 2011-09-05 04:03:20 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{67fce687-e0ac-4fe3-a020-dfb9aca2e9e0}\install.rdf.vir
2011-09-04 20:08:52 . 2011-09-05 04:03:20 1,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{67fce687-e0ac-4fe3-a020-dfb9aca2e9e0}\chrome\xulcache.jar.vir
2011-09-04 20:08:52 . 2011-09-05 04:03:20 256 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{67fce687-e0ac-4fe3-a020-dfb9aca2e9e0}\defaults\preferences\xulcache.js.vir
2011-09-04 19:54:29 . 2011-09-04 20:01:54 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{7f3e7c26-57c8-448e-8b4c-44650e3451c2}\chrome.manifest.vir
2011-09-04 19:54:29 . 2011-09-04 20:01:54 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{7f3e7c26-57c8-448e-8b4c-44650e3451c2}\install.rdf.vir
2011-09-04 19:54:29 . 2011-09-04 20:01:54 1,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{7f3e7c26-57c8-448e-8b4c-44650e3451c2}\chrome\xulcache.jar.vir
2011-09-04 19:54:29 . 2011-09-04 20:01:54 256 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{7f3e7c26-57c8-448e-8b4c-44650e3451c2}\defaults\preferences\xulcache.js.vir
2011-09-04 19:17:11 . 2011-09-04 19:48:02 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{af42e5f6-3cbb-4614-8682-e0951193b76a}\chrome.manifest.vir
2011-09-04 19:17:11 . 2011-09-04 19:48:02 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{af42e5f6-3cbb-4614-8682-e0951193b76a}\install.rdf.vir
2011-09-04 19:17:11 . 2011-09-04 19:48:02 1,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{af42e5f6-3cbb-4614-8682-e0951193b76a}\chrome\xulcache.jar.vir
2011-09-04 19:17:11 . 2011-09-04 19:48:02 256 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{af42e5f6-3cbb-4614-8682-e0951193b76a}\defaults\preferences\xulcache.js.vir
2011-08-09 01:11:10 . 2011-08-09 03:34:14 40,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0107.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:25:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0110.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:12:17 55,808 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0182.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 04:26:49 51,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0379.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 07:43:20 57,344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0560.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 03:19:40 41,472 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0643.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 04:30:01 51,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0705.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 01:32:38 29,696 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0887.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:13:08 54,784 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1008.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:35:31 56,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1115.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 07:50:55 57,344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1301.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 03:35:17 41,984 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1375.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:38:19 56,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1408.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 07:38:31 56,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1545.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 04:28:33 51,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1837.tmp.vir
2011-08-09 01:11:10 . 2011-08-10 01:34:50 59,904 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2234.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 03:44:07 45,568 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2903.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 06:49:15 56,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2976.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 02:38:41 38,400 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3382.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 01:11:11 26,112 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3526.tmp.vir
2011-08-09 01:11:10 . 2011-08-09 05:06:48 60,416 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL4036.tmp.vir
2011-07-23 07:05:54 . 2011-07-23 07:35:02 21,504 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1993.tmp.vir
2011-07-16 23:02:20 . 2011-07-17 03:29:19 134 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{8975a6a2-2ad5-4c49-817c-83561fff0325}\chrome.manifest.vir
2011-07-16 23:02:20 . 2011-07-17 03:29:19 1,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{8975a6a2-2ad5-4c49-817c-83561fff0325}\chrome\xulcache.jar.vir
2011-07-16 23:02:20 . 2011-07-17 03:29:19 256 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{8975a6a2-2ad5-4c49-817c-83561fff0325}\defaults\preferences\xulcache.js.vir
2011-07-16 23:02:20 . 2011-07-17 03:29:19 771 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\Mozilla\Firefox\Profiles\wuh9seyk.default\extensions\{8975a6a2-2ad5-4c49-817c-83561fff0325}\install.rdf.vir
2011-05-25 04:17:27 . 2011-05-25 04:17:27 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-conhost.reg.dat
2011-05-25 03:56:35 . 2011-07-04 05:06:52 11,913 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Application Data\5B06.1D8.vir
2011-05-21 09:10:10 . 2011-05-21 09:18:44 192 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\bC06511LfFmE06511\bC06511LfFmE06511.vir
2011-05-21 09:02:08 . 2011-05-21 09:02:08 1,052 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_eyxdkxlg.reg.dat
2011-05-15 21:21:19 . 2011-05-15 21:21:19 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\wiow.sys.vir
2011-04-29 02:10:26 . 2011-04-29 02:10:26 1,022 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mjxohigu.reg.dat
2011-04-24 09:30:52 . 2011-04-24 09:30:52 54,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rsvij.sys.vir
2011-04-23 23:09:09 . 2011-04-23 23:11:13 157 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\svc2dll.dat.vir
2011-04-14 06:10:37 . 2011-04-14 06:10:37 20,992 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\4M.doc.vir
2011-03-20 21:11:42 . 2011-04-25 01:02:09 54,272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\4M.xls.vir
2011-03-06 08:06:53 . 2011-03-06 08:16:06 20,992 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0188.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 06:12:13 24,576 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0275.tmp.vir
2011-03-06 08:06:53 . 2011-04-05 05:49:56 22,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0610.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 05:08:01 24,064 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1011.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 08:02:09 29,696 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1368.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 05:05:07 24,064 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1613.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 06:08:40 24,576 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1751.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 06:11:55 24,576 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2022.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 06:06:33 24,576 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2180.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 08:04:40 27,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2633.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 05:36:17 25,600 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2636.tmp.vir
2011-03-06 08:06:53 . 2011-04-05 05:56:31 22,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3259.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 05:17:32 25,088 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3288.tmp.vir
2011-03-06 08:06:53 . 2011-03-06 08:06:53 19,968 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3348.tmp.vir
2011-03-06 08:06:53 . 2011-04-12 05:27:05 24,064 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3694.tmp.vir
2011-02-04 05:07:18 . 2011-02-11 07:57:46 35,840 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0003.tmp.vir
2011-02-04 05:07:18 . 2011-02-06 11:50:01 35,840 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0199.tmp.vir
2011-02-04 05:07:18 . 2011-02-19 07:55:46 39,424 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0392.tmp.vir
2011-02-04 05:07:18 . 2011-02-05 04:55:54 30,720 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0423.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 05:57:25 34,304 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0444.tmp.vir
2011-02-04 05:07:18 . 2011-02-05 05:12:12 31,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0683.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 03:46:46 36,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL0847.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 06:19:21 33,792 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1025.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 07:09:05 37,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1063.tmp.vir
2011-02-04 05:07:18 . 2011-02-13 04:57:33 39,936 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1082.tmp.vir
2011-02-04 05:07:18 . 2011-02-06 07:27:09 32,768 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1474.tmp.vir
2011-02-04 05:07:18 . 2011-02-05 04:45:48 30,720 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1687.tmp.vir
2011-02-04 05:07:18 . 2011-02-04 07:20:38 25,600 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL1704.tmp.vir
2011-02-04 05:07:18 . 2011-02-19 07:01:44 38,912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2030.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 05:48:29 34,816 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2150.tmp.vir
2011-02-04 05:07:18 . 2011-02-08 04:07:29 33,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2161.tmp.vir
2011-02-04 05:07:18 . 2011-02-23 05:03:02 39,424 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2370.tmp.vir
2011-02-04 05:07:18 . 2011-02-04 07:19:59 25,088 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2372.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 06:25:30 37,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2479.tmp.vir
2011-02-04 05:07:18 . 2011-02-13 04:58:37 39,936 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2620.tmp.vir
2011-02-04 05:07:18 . 2011-02-11 07:13:52 35,328 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2697.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 03:13:32 36,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2787.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 04:15:18 39,424 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL2793.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 06:31:29 33,792 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3232.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 05:29:34 34,816 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3373.tmp.vir
2011-02-04 05:07:18 . 2011-02-04 05:07:18 25,088 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3449.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 06:07:54 34,304 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3482.tmp.vir
2011-02-04 05:07:18 . 2011-02-10 05:58:08 33,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3646.tmp.vir
2011-02-04 05:07:18 . 2011-02-11 05:59:18 34,304 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3739.tmp.vir
2011-02-04 05:07:18 . 2011-02-19 07:56:45 38,912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3764.tmp.vir
2011-02-04 05:07:18 . 2011-02-05 05:15:14 30,720 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3789.tmp.vir
2011-02-04 05:07:18 . 2011-02-23 04:58:03 38,912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3850.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 03:01:30 36,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL3987.tmp.vir
2011-02-04 05:07:18 . 2011-02-04 07:20:31 25,600 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL4009.tmp.vir
2011-02-04 05:07:18 . 2011-02-12 05:26:48 37,376 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\~WRL4030.tmp.vir
2010-12-15 06:19:52 . 2010-12-15 06:19:52 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_obvj.reg.dat
2010-12-15 06:13:43 . 2010-12-16 08:09:50 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-12-15 04:56:22 . 2010-12-15 04:56:22 882 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-BitTorrent.reg.dat
2010-12-15 04:56:22 . 2010-12-15 04:56:22 436 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SearchAssist.reg.dat
2010-12-15 04:56:13 . 2010-12-15 04:56:13 169 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Search Protection.reg.dat
2010-12-15 04:56:13 . 2010-12-15 04:56:13 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-12-15 04:56:13 . 2010-12-15 04:56:13 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2010-12-15 04:56:12 . 2010-12-15 04:56:12 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2010-12-15 04:46:59 . 2011-12-09 08:19:44 4,970 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-15 04:41:29 . 2011-12-09 08:04:05 1,326 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-12-14 03:12:58 . 2010-12-15 07:31:00 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse.vir
2010-12-12 06:29:43 . 2010-12-12 10:44:29 4,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir
2010-12-12 04:38:11 . 2010-12-14 03:09:15 16,943 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\CLI.exe.c88dbd71.ini.vir
2010-11-30 06:11:41 . 2009-06-02 17:17:27 75,776 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\WS2Fix.exe.vir
2010-11-30 06:11:41 . 2008-10-01 21:51:40 87,552 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\VACFix.exe.vir
2010-11-30 06:11:41 . 2007-09-06 06:22:23 289,144 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\VCCLSID.exe.vir
2010-11-30 06:11:41 . 2008-03-03 05:38:24 77,312 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\UIFix.exe.vir
2010-11-30 06:11:41 . 2006-09-15 06:34:48 167,936 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\unzip.exe.vir
2010-11-30 06:11:40 . 2006-01-09 16:36:06 40,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\swsc.exe.vir
2010-11-30 06:11:40 . 2006-12-01 12:20:32 79,360 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\swxcacls.exe.vir
2010-11-30 06:11:40 . 2006-04-27 23:49:30 288,417 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\SrchSTS.exe.vir
2010-11-30 06:11:40 . 2006-08-30 01:43:54 135,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\swreg.exe.vir
2010-11-30 06:11:40 . 2006-09-20 04:13:00 20,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\SmiUpdate.exe.vir
2010-11-30 06:11:40 . 2003-06-06 03:13:00 53,248 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\Process.exe.vir
2010-11-30 06:11:40 . 2009-04-05 05:52:04 180,224 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\ProxyDisable.exe.vir
2010-11-30 06:11:40 . 2008-09-03 17:39:15 24,576 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\Reboot.exe.vir
2010-11-30 06:11:40 . 2006-03-08 04:45:34 16,384 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\restart.exe.vir
2010-11-30 06:11:40 . 2009-09-13 17:08:16 2,192,834 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\SmitfraudFix.cmd.vir
2010-11-30 06:11:40 . 2008-11-30 00:58:21 82,944 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\IEDFix.C.exe.vir
2010-11-30 06:11:40 . 2008-05-19 03:40:35 82,944 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\IEDFix.exe.vir
2010-11-30 06:11:40 . 2008-09-20 18:45:23 80,384 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\o4Patch.exe.vir
2010-11-30 06:11:40 . 2008-05-28 05:17:49 3,584 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\Policies.exe.vir
2010-11-30 06:11:40 . 2004-08-01 00:50:36 51,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\dumphive.exe.vir
2010-11-30 06:11:40 . 2007-08-21 14:00:06 1,536 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\exit.exe.vir
2010-11-30 06:11:40 . 2008-07-22 18:27:17 82,432 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\GenericRenosFix.exe.vir
2010-11-30 06:11:40 . 2008-12-16 05:44:04 77,824 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\HostsChk.exe.vir
2010-11-30 06:11:40 . 2001-08-28 20:00:00 4,224 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\beep_XP_original.sys.vir
2010-11-30 06:11:40 . 2008-08-18 18:19:03 82,432 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\404Fix.exe.vir
2010-11-30 06:11:40 . 2008-12-12 07:57:43 78,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\Agent.OMZ.Fix.exe.vir
2010-11-30 06:11:40 . 2008-08-07 22:27:22 4,080 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix\beep_2K_original.sys.vir
2010-10-17 20:30:22 . 2010-10-17 20:30:22 5,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\{41A5776F-7FFD-4F41-8DDE-4F697AA99E8F}\chrome\content\overlay.xul.vir
2010-10-17 20:30:22 . 2010-10-17 20:30:22 2,138 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\{41A5776F-7FFD-4F41-8DDE-4F697AA99E8F}\chrome\content\_cfg.js.vir
2010-10-17 20:30:22 . 2010-10-17 20:30:22 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\{41A5776F-7FFD-4F41-8DDE-4F697AA99E8F}\install.rdf.vir
2010-10-17 20:30:22 . 2010-10-17 20:30:22 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\{41A5776F-7FFD-4F41-8DDE-4F697AA99E8F}\chrome.manifest.vir
2010-07-04 19:31:34 . 2010-06-12 16:23:43 19,219 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\Readme!.txt.vir
2010-07-04 19:31:34 . 2010-06-12 15:58:32 23,687 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\IMG-CVSP.X3_Keygen-(CORE).jpg.vir
2010-07-04 19:31:34 . 2010-06-12 16:24:28 8,629 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\Install notes! (CORE).txt.vir
2010-07-04 19:31:34 . 2010-04-08 18:14:02 16,384 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\CVSP.X3_Keygen-(AGAiN).exe.vir
2010-07-04 19:31:34 . 2010-06-12 16:22:38 31,958 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\IMG-CVSP.X3_Keygen-(AGAiN).jpg.vir
2010-07-04 19:31:34 . 2010-06-12 16:30:04 8,395 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\Install notes! (AGAiN).txt.vir
2010-07-04 19:31:34 . 2010-06-12 06:22:12 57,684 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\IMG_''Phone Corel'' screen.jpg.vir
2010-07-04 19:31:34 . 2010-06-12 16:34:40 229,032 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\My Documents\Downloads\Corel VideoStudio Pro X3 v13.6.2.36 + Keygen by AGAiN [RH]\Keygens_Backup.rar.vir
2010-02-10 01:57:31 . 2010-02-10 01:57:32 1,872,472 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Desktop\SmitfraudFix.exe.vir
2009-11-28 20:22:15 . 2009-11-28 20:51:27 1,644 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\iPod Agent.exe.d3d822f0.ini.vir
2009-03-25 03:26:53 . 2011-12-04 05:55:37 13,134 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst.vir
2009-03-25 03:26:53 . 2011-03-26 03:57:06 76,297 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst.vir
2009-03-25 03:26:50 . 2009-03-25 03:26:50 0 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\Program Files\Common Files\Adobe\Workflow\Options.txt.vir
2008-12-18 03:52:02 . 2008-12-18 03:52:02 511 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\dscstart.exe.52aa3248.ini.vir
2008-12-18 03:51:34 . 2004-08-11 23:24:58 2,852 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
2008-12-18 03:51:34 . 2004-08-11 23:23:30 1,340 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\John Dunham\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini.vir
2008-12-13 04:19:35 . 2008-12-13 04:33:58 0 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse.vir
2004-08-11 23:24:24 . 2004-08-11 23:24:58 2,852 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.vir
2004-08-11 23:23:29 . 2004-08-11 23:23:30 1,340 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini.vir
2000-12-06 06:00:00 . 2000-12-06 06:00:00 415,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\comct332.ocx.vir

No change with the computer. Internet is back to running very slow again and going up and down.

#18 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 11 December 2011 - 04:41 PM

Hello Sundog1871,

Can you tell me please how you are connected to the internet? Is it a wireless connection to a router or are is your pc directly connected with a cable? Are there any other pcs on this network? Do they have the same internet problem? Please answer these questions in your next reply.

I'd like you to run the following scan:

Mini ToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

===================================================================================

In your next reply, please copy/paste the contents of the following:
  • MiniToolBox Result.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#19 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 11 December 2011 - 07:37 PM

The PC is directly connected by cable (MediaCom). It is just one PC.

MiniToolBox by Farbar
Ran by John Dunham (administrator) on 11-12-2011 at 18:29:04
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : John

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

Physical Address. . . . . . . . . : 00-21-9B-0C-A9-FB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 173.28.209.4

Subnet Mask . . . . . . . . . . . : 255.255.224.0

Default Gateway . . . . . . . . . : 173.28.192.1

DHCP Server . . . . . . . . . . . : 74.84.119.224

DNS Servers . . . . . . . . . . . : 97.64.183.164

97.64.209.37

Lease Obtained. . . . . . . . . . : Sunday, December 11, 2011 2:57:25

Lease Expires . . . . . . . . . . : Thursday, December 15, 2011 9:23:03

Server: sprdc-dns-dts10.mcomdc.com
Address: 97.64.183.164

Name: google.com
Addresses: 74.125.227.80, 74.125.227.81, 74.125.227.82, 74.125.227.83
74.125.227.84



Pinging google.com [74.125.227.82] with 32 bytes of data:



Reply from 74.125.227.82: bytes=32 time=46ms TTL=50

Reply from 74.125.227.82: bytes=32 time=43ms TTL=52



Ping statistics for 74.125.227.82:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 46ms, Average = 44ms

Server: sprdc-dns-dts10.mcomdc.com
Address: 97.64.183.164

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56

Ping request could not find host yahoo.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 97.64.183.164

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 9b 0c a9 fb ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 173.28.192.1 173.28.209.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 173.28.209.4 173.28.209.4 20
173.28.192.0 255.255.224.0 173.28.209.4 173.28.209.4 20
173.28.209.4 255.255.255.255 127.0.0.1 127.0.0.1 20
173.28.255.255 255.255.255.255 173.28.209.4 173.28.209.4 20
224.0.0.0 240.0.0.0 173.28.209.4 173.28.209.4 20
255.255.255.255 255.255.255.255 173.28.209.4 173.28.209.4 1
Default Gateway: 173.28.192.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 03:22:03 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/09/2011 04:44:30 AM) (Source: Application Error) (User: )
Description: Faulting application safari.exe, version 5.34.52.7, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [safari.exe!ws!]

Error: (12/09/2011 01:55:01 AM) (Source: Application Error) (User: )
Description: Faulting application WebKit2WebProcess.exe, version 7534.52.7.3, faulting module unknown, version 0.0.0.0, fault address 0x057d4162.
Processing media-specific event for [WebKit2WebProcess.exe!ws!]

Error: (12/08/2011 11:13:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (12/08/2011 11:13:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/08/2011 11:13:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/07/2011 04:51:39 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (12/05/2011 06:47:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/03/2011 03:26:17 AM) (Source: Application Error) (User: )
Description: Faulting application winword.exe, version 9.0.0.2717, faulting module winword.exe, version 9.0.0.2717, fault address 0x00264731.
Processing media-specific event for [winword.exe!ws!]

Error: (12/03/2011 03:07:28 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/11/2011 03:00:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/11/2011 03:00:01 PM) (Source: System Error) (User: )
Description: Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 04050202, parameter4 e80aaca0.

Error: (12/11/2011 02:31:51 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).

Error: (12/11/2011 02:31:33 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/11/2011 02:31:23 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/11/2011 02:26:30 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolumeShadowCopy1C:C:

Error: (12/11/2011 02:21:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 3 time(s).

Error: (12/11/2011 02:21:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/11/2011 02:20:37 PM) (Source: Service Control Manager) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/11/2011 02:20:31 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

**** End of log ****

#20 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 13 December 2011 - 09:17 AM

Hi,

Can you disable your Avira Anti Virus software?

Do your connection issues remain the same?

If they do, please re-enable Avira.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#21 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 14 December 2011 - 09:25 PM

Disabling Avira certainly helped stabalize the Internet connection. I restarted the PC and with Avira disabled everything seemed to be working pretty good. After a while the Internet started going up and down a bit, but not nearly as much as before. When I start IE, Task Manager is still showing an extra iexplorer.exe that starts taking up a bunch of memory. It seems like the longer I am on, the more frequent the Internet starts going up and down. But it is better than before.

#22 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 15 December 2011 - 03:38 AM

After using the Internet for a while, it is still pretty bad. It is better than before, but not much. If I go into Task Manager and End Process for thr iexplorer.exe processes that are taking up huge memory, the Internet connection starts running clean. But then the iexplorer.exe processes just start ramping up memory and the problems start again. It seems like some of the iexplorer.exe process that are the ones I am actually running are just running up memory. It's hard to tell which is which with Task Manager not having the title or menu bar, but it looks like some IE windows that are just sitting on Google or Amazon just keep ramping up memory.

#23 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 16 December 2011 - 06:43 AM

Hi Sundog 1871,

As we've seen some improvement with disabling Avira, can you please uninstall it completely:
  • Click start > Control Panel > Add or Remove Program
  • Click on your Avira to highlight.
  • Click on Change/Remove.
Allow it to uninstall then re-boot

How are things now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#24 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 19 December 2011 - 05:55 AM

Hello Sundog1871,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#25 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 19 December 2011 - 08:11 PM

A few days ago I removed Avira and the Avira tolbar and restarted the PC. Everything went back to being as bad as it was before. It has nnot gotten any better since.

#26 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 20 December 2011 - 03:45 AM

This is so frustrating. The connection goes down about every 30 seconds. It takes 10 minutes just to make a post like this.

#27 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 20 December 2011 - 01:19 PM

Hi Sundog1871,

I'd like you to try running IE without add-ons:
  • click start
  • click All Programs
  • click Accessories
  • click System Tools
  • click Internet Explorer (No Add-ons)

How is your internet connection now?


Do your problems only occur with IE. Can you try another browser?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#28 Sundog1871

Sundog1871
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 20 December 2011 - 11:24 PM

No change running IE without add-ons or wth just using Safari.

I restarted the PC and just watched the internet cable box for a while. Even without running any browser the connection keeps going up and down. The lights on the box show active for 45 seconds. they go black. Takes 15 seconds to reset the connection. After another 45 seconds, goes black...etc.

So I'm thinking this might be a cable issue. It seems odd that it started right after I got a virus and that a few things we tried resulted in immediate improvements (other than removing Avaira, which had an immediate un-improvement). Maybe it is all coincidence?

I check the Mediacom boards and some people have reported the same types of problems. I opened a thred on the Mediacom board to see if they can find anything wrong with the cable.

#29 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 21 December 2011 - 02:35 PM

Hello Sundog1871,

While you check out whether there is a cable problem can you also carry out the following:

I'd like you to run System File Checker:

You will be asked to insert your Windows CD during this operation.

Please login to your machine as Administrator.

Now open a Command Prompt window:
  • click start
  • click All Programs
  • click Accessories
  • click Command Prompt

Type or copy/paste the following into the Command Window and press enter:

sfc /scannow

==========================================================================

I'd like you to run a scan with MBAM:

Please download Malwarebytes' Anti-Malware (v1.51) and save it to your desktop.

Download Link 1

Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

===================================================================================




I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • MBAM Log
  • ESETScan
How is your machine running now?.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#30 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:17 AM

Posted 25 December 2011 - 11:18 AM

Hello Sundog1871,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users