Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect + IE keeps opening in background


  • Please log in to reply
2 replies to this topic

#1 sglynn

sglynn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 02 November 2011 - 02:03 PM

Pretty desperate here, so any help is a huge plus, thanks. A computer had fake AV virus + search engine redirects and popups. Start menu files and local users documents and settings folders were all hidden as well. Combofix, MalwareBytes, superANTISPYWARE, Spybot SD, Avira rescue disk scan were all ran. Got a few odd combofix errors when running (access denied errors before it starts scanning) but most of the tools all found some issues and removed them. Computer runs completely fine now, except the search engine redirect and IE keeps showing up in the task manager using 90-100MB of RAM.

Running tdsskiller will not run, renamed it and tried multiple times. If I right click and runas myself (an admin)the error I get is "a device attached to the system is not functioning".

From the securitycheck log, Java is old due to corporate time card posting requirements. IE was correct version but tried to downgrade when solving issue. OS is Windows XP SP3 32-bit

GMER giving error: LoadDriver("C:/Docume~1\Owner\Locals~\Temp\awtyakog.sys") error oxc000010e: cannot create a stable subkey under a volatile parent key. When it eventually opens I get the "found system modification error" and choose "NO". Only Services/Registry/Files are checkable, the rest is greyed out. This happens in safe mode as well. After a scan, the log is blank. Not on a router, running on a corporate network switch

Here is the MiniToolBox log and SecurityCheck log:

MiniToolBox by Farbar
Ran by Owner (administrator) on 02-11-2011 at 09:17:42
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : PAWILOF1LPT001

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nexstar.tv

nexstar.tv



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : nexstar.tv

Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN

Physical Address. . . . . . . . . : 00-21-5C-73-88-25

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.119

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 10.145.0.6

10.16.100.10

10.17.100.10

Lease Obtained. . . . . . . . . . : Wednesday, November 02, 2011 8:50:55 AM

Lease Expires . . . . . . . . . . : Thursday, November 03, 2011 8:50:55 AM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nexstar.tv

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-1C-7E-3C-8F-BA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.145.3.62

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 10.145.0.1

DHCP Server . . . . . . . . . . . : 10.145.0.6

DNS Servers . . . . . . . . . . . : 10.145.0.6

10.16.100.10

10.17.100.10

Primary WINS Server . . . . . . . : 10.16.100.10

Secondary WINS Server . . . . . . : 10.145.0.6

10.17.100.10

Lease Obtained. . . . . . . . . . : Wednesday, November 02, 2011 8:43:36 AM

Lease Expires . . . . . . . . . . : Wednesday, November 02, 2011 8:43:36 PM

Server: pawilof1adh001.nexstar.tv
Address: 10.145.0.6

Name: google.com
Addresses: 173.194.64.105, 173.194.64.106, 173.194.64.147, 173.194.64.99
173.194.64.103, 173.194.64.104



Pinging google.com [173.194.64.105] with 32 bytes of data:



Reply from 173.194.64.105: bytes=32 time=60ms TTL=44

Reply from 173.194.64.105: bytes=32 time=57ms TTL=44



Ping statistics for 173.194.64.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 60ms, Average = 58ms

Server: pawilof1adh001.nexstar.tv
Address: 10.145.0.6

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 72.30.2.43, 98.137.149.56
98.139.180.149



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=96ms TTL=47

Request timed out.



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 96ms, Average = 96ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 5c 73 88 25 ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x3 ...00 1c 7e 3c 8f ba ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.145.0.1 10.145.3.62 10
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.119 25
10.145.0.0 255.255.252.0 10.145.3.62 10.145.3.62 10
10.145.3.62 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.145.3.62 10.145.3.62 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.119 192.168.1.119 25
192.168.1.119 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.119 192.168.1.119 25
224.0.0.0 240.0.0.0 10.145.3.62 10.145.3.62 10
224.0.0.0 240.0.0.0 192.168.1.119 192.168.1.119 25
255.255.255.255 255.255.255.255 10.145.3.62 10.145.3.62 1
255.255.255.255 255.255.255.255 192.168.1.119 192.168.1.119 1
Default Gateway: 10.145.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/02/2011 08:43:44 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/02/2011 08:43:44 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/02/2011 08:43:44 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/02/2011 08:43:44 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/01/2011 10:00:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/01/2011 09:40:14 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (11/01/2011 09:33:06 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (11/01/2011 09:33:05 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/01/2011 08:49:06 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/01/2011 08:49:06 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (11/02/2011 09:09:17 AM) (Source: DCOM) (User: Owner)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/02/2011 08:59:07 AM) (Source: DCOM) (User: Owner)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/02/2011 08:56:09 AM) (Source: DCOM) (User: Owner)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/02/2011 08:45:12 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
eeCtrl
Fips
intelppm
PCIIde
SASDIFSV
SASKUTIL
TMEI3E

Error: (11/02/2011 08:45:12 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (11/02/2011 08:44:07 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/02/2011 08:44:06 AM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (10/31/2011 09:50:32 AM) (Source: DCOM) (User: Owner)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/29/2011 11:26:27 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (10/29/2011 11:26:19 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (10/13/2011 01:31:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1060 seconds with 300 seconds of active time. This session ended with a crash.

Error: (09/06/2011 04:12:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18354 seconds with 720 seconds of active time. This session ended with a crash.

Error: (11/29/2010 09:49:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5727 seconds with 420 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
32 Bit HP CIO Components Installer (Version: 6.1.1)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
6500_E709_Help (Version: 1.00.0000)
6500_E709a (Version: 50.0.165.000)
Access 97 Runtime
Allok Video to FLV Converter 4.2.0528
ALPS Touch Pad Driver
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AT&T Communication Manager (Version: 6.10.0025.0)
AT&T Connection Software (Version: 5.00.0013.0)
avast! Free Antivirus (Version: 6.0.1289.0)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 2.35)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Cisco AnyConnect VPN Client (Version: 2.4.0202)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
CleanUp!
CrossLoop 2.72 (Version: 2.72)
Defraggler (Version: 1.21)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Driver Installer (Version: 2.2.0.536)
Driver Installer (Version: 2.3.0.797)
Fax (Version: 130.0.418.000)
GearDrvs (Version: 1)
GPBaseService2 (Version: 130.0.371.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Driver Diagnostics (Version: 1.03.0009)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Product Detection (Version: 9.7.3)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4631)
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 11.01.0000)
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.563)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 7 (Version: 1.6.0.70)
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 130.0.374.000)
Matrox PowerDesk (Version: 1.03.0020.0617 2.05 GXM/VEOS)
Maxtor Manager (Version: 4.02.0303)
mCore (Version: 9.09.0000)
mDrWiFi (Version: 9.09.0000)
Membership Manager
mHelp (Version: 9.09.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office XP Web Components (Version: 10.0.6765.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIWA (Version: 9.09.0000)
mLogView (Version: 9.09.0000)
mMHouse (Version: 9.09.0000)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (en-US))
mPfMgr (Version: 9.09.0000)
mPfWiz (Version: 9.09.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.09.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
mWlsSafe (Version: 9.00.0000)
mZConfig (Version: 9.09.0000)
Nero 7 Essentials (Version: 7.03.0581)
neroxml (Version: 1.0.0)
Network (Version: 130.0.374.000)
Nokia Connectivity Adapter Cable DKU-5
Norton 360 (Version: 1.2.0.10)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF-XChange 3
Picasa 2 (Version: 2.0)
ProductContext (Version: 50.0.165.000)
Qualitative
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5404)
Safari (Version: 5.34.51.22)
Scan (Version: 13.0.0.0)
SeaTools for Windows (Version: 1.2.0.5)
Shop for HP Supplies (Version: 13.0)
Simmons Choices 3 (Version: 2.5.0.0)
Skype™ 5.0 (Version: 5.0.156)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
Status (Version: 130.0.373.000)
SUPERAntiSpyware (Version: 4.41.1000)
The KMR Software Product (Version: 2.5.0.0)
Toolbox (Version: 130.0.648.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.07)
TOSHIBA Controls (Version: v3.31.3800)
TOSHIBA Direct Disc Writer (Version: 1.1.0.0)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection (Version: 2.0.1.7)
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Mic Effect (Version: 2.08.04)
TOSHIBA Mobile Extension3 (Version: 3.86.00.XP)
TOSHIBA Password Utility (Version: 2.01.09)
TOSHIBA PC Diagnostic Tool (Version: 3.2.4)
TOSHIBA Power Saver (Version: 7.10.00)
TOSHIBA Recovery Disc Creator (Version: 1.0.0.6c)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Boot Utility (Version: 1.3.1.1C)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Security Assist (Version: 1.2.0)
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA TouchPad On/Off Utility V2.5.1.0 (Version: 2.5.1.0)
TOSHIBA Utilities (Version: 4.30.15)
TOSHIBA Wireless Key Logon (Version: 3.0.0.1)
TOSHIBA Zooming Utility (Version: 2.00.00.24c)
TrayApp (Version: 130.0.376.000)
TrueSuite Access Manager (Version: 2.00.01.00)
TV Avails
Uninstall for TOSHIBA Mobile Extension3
UnloadSupport (Version: 11.0.0)
USB Display Device (Trigger 1+) 10.08.0323.0159 (Version: 10.08.0323.0159)
VIEW Reports 32
VIEW32 (Version: 2.0.4.0)
WeatherBug (Version: 7.0.0.7)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 2038.86 MB
Available physical RAM: 1703.02 MB
Total Pagefile: 3934.41 MB
Available Pagefile: 3806.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.23 MB

========================= Partitions: =====================================

1 Drive c: (SQ004818P01) (Fixed) (Total:143.61 GB) (Free:101.46 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:149.05 GB) (Free:96.76 GB) NTFS

========================= Users: ========================================

User accounts for \\PAWILOF1LPT001

Administrator ASPNET Guest
HelpAssistant Main User (name removed for security purpose) Owner
SUPPORT_388945a0


**** End of log ****



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 21
Java™ 6 Update 7
Out of date Java installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Edited by sglynn, 02 November 2011 - 02:51 PM.


BC AdBot (Login to Remove)

 


#2 sglynn

sglynn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 09 November 2011 - 02:11 PM

For anyone having similar issue (I've run into this 3 times now), I wanted to post my final solution.

I ran Sophos Anti-Rootkit (www.sophos.com/support/cleaners/sar_15_sfx.exe) and removed all checked issues. Updated and ran SUPERAntiSpyware a second time using full scan (http://www.superantispyware.com/). Finally I ran HitMan Pro (http://www.surfright.nl/en/downloads), removed any items, after a reboot I ran it again and it finally found and removed the MBR infection (other programs removed it but it came back). After rebooting, Windows would no longer load (Stop error 0x0000007b). I booted from windows CD and at command prompt used bootrec /FixMBR and:
bcdedit /export C:\BCD_Backup
c:
cd boot
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
bootrec /RebuildBcd

This restored me to windows and resolved the recurring issue on the Windows 7 machine that was infected. Before I received this computer I gave up on the XP machine and did a backup/reinstall.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:51 PM

Posted 10 November 2011 - 05:10 PM

Thanks for your reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users