Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

start now .com


  • Please log in to reply
2 replies to this topic

#1 mbphotos

mbphotos

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 July 2011 - 09:48 PM

I have been trying to find someone to help me remove a hijack program called start now .com. It took over both my firefox and IE browsers and now I have no idea where to go from here! Can anyone help me please!

Edited by Orange Blossom, 04 July 2011 - 09:56 PM.
Moved to AII forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:32 PM

Posted 04 July 2011 - 10:15 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 mbphotos

mbphotos
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 04 July 2011 - 11:29 PM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
iolo technologies' System Mechanic
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
AVS Registry Cleaner version 1.1
Java™ 6 Update 18
Java™ 6 Update 22
Java™ SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
iolo Common Lib ioloServiceManager.exe
``````````End of Log````````````


MiniToolBox by Farbar
Ran by Owner (administrator) on 04-07-2011 at 20:43:51
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : YOUR-79C3DB13E8

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : hsd1.wa.comcast.net.

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2

Physical Address. . . . . . . . . : 00-1C-25-6C-C7-61

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 98.225.12.53

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 98.225.8.1

DHCP Server . . . . . . . . . . . : 68.87.69.10

DNS Servers . . . . . . . . . . . : 68.87.69.150

68.87.85.102

Lease Obtained. . . . . . . . . . : Monday, July 04, 2011 4:57:33 PM

Lease Expires . . . . . . . . . . : Wednesday, July 06, 2011 7:31:02 PM

Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

Name: google.com
Addresses: 74.125.127.103, 74.125.127.104, 74.125.127.99, 74.125.127.147
74.125.127.106, 74.125.127.105



Pinging google.com [72.14.213.147] with 32 bytes of data:



Reply from 72.14.213.147: bytes=32 time=37ms TTL=52

Reply from 72.14.213.147: bytes=32 time=25ms TTL=52



Ping statistics for 72.14.213.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 37ms, Average = 31ms

Server: cns.beaverton.or.bverton.comcast.net
Address: 68.87.69.150

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=71ms TTL=51

Reply from 209.191.122.70: bytes=32 time=72ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 72ms, Average = 71ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 25 6c c7 61 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.225.8.1 98.225.12.53 20
98.225.8.0 255.255.248.0 98.225.12.53 98.225.12.53 20
98.225.12.53 255.255.255.255 127.0.0.1 127.0.0.1 20
98.255.255.255 255.255.255.255 98.225.12.53 98.225.12.53 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 98.225.12.53 98.225.12.53 20
224.0.0.0 240.0.0.0 98.225.12.53 98.225.12.53 20
255.255.255.255 255.255.255.255 98.225.12.53 98.225.12.53 1
Default Gateway: 98.225.8.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/04/2011 05:07:12 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Scan -- Error 1706.No valid source could be found for product Scan. The Windows Installer cannot continue.

Error: (07/04/2011 04:02:09 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Scan -- Error 1706.No valid source could be found for product Scan. The Windows Installer cannot continue.

Error: (07/03/2011 11:27:08 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Scan -- Error 1706.No valid source could be found for product Scan. The Windows Installer cannot continue.

Error: (07/03/2011 01:17:58 PM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (07/03/2011 01:18:28 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (07/03/2011 01:03:24 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0604bc60.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/29/2011 06:09:37 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Scan -- Error 1706.No valid source could be found for product Scan. The Windows Installer cannot continue.

Error: (06/29/2011 06:08:36 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: Scan -- Error 1706.No valid source could be found for product Scan. The Windows Installer cannot continue.

Error: (06/26/2011 09:47:25 AM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]

Error: (06/25/2011 10:47:26 PM) (Source: Application Error) (User: )
Description: Faulting application officelivesignin.exe, version 2.0.2313.0, faulting module officelivesignin.exe, version 2.0.2313.0, fault address 0x00003ce4.
Processing media-specific event for [officelivesignin.exe!ws!]


System errors:
=============
Error: (07/04/2011 05:00:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (07/04/2011 05:00:02 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service hung on starting.

Error: (07/04/2011 04:58:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (07/04/2011 03:46:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.

Error: (07/04/2011 03:45:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (07/04/2011 03:45:36 PM) (Source: Service Control Manager) (User: )
Description: The MSCamSvc service hung on starting.

Error: (07/04/2011 03:44:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (07/04/2011 02:30:19 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001C256CC761.

Error: (07/04/2011 02:29:31 PM) (Source: Dhcp) (User: )
Description: The IP address lease 98.225.12.53 for the Network Card with network address 001C256CC761 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (07/03/2011 11:22:44 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 71%
Total physical RAM: 895.48 MB
Available physical RAM: 256.61 MB
Total Pagefile: 2166.1 MB
Available Pagefile: 1195 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.39 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:143.95 GB) (Free:22.82 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:5.08 GB) (Free:1.79 GB) FAT32

================= Users: ==================================================

User accounts for \\YOUR-79C3DB13E8

-------------------------------------------------------------------------------
Administrator ASPNET Guest
HelpAssistant Kitty Owner
SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7024

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/4/2011 8:53:17 PM
mbam-log-2011-07-04 (20-53-17).txt

Scan type: Quick scan
Objects scanned: 181642
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Will do last part now GMER FILE TO BE POSTED SHORTLY!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users