Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dormant Viruses in PC - Comodo does not detect


  • Please log in to reply
7 replies to this topic

#1 brianmatzat

brianmatzat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 23 January 2012 - 07:25 AM

Hello,

My parents have tasked me with cleaning their PC. They are liable to click on just about anything so I figured the PC would have a virus. I have Comodo Internet Security Premium installed on the PC, and it picked up the original infection, but after quarantining the infected files, I ran a scan on Pandascan, and the results are below:

Cookie/Traffic... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\dad\cookies\dad@trafficmp[1].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@bs.serving-sys[2].txt
Cookie/BurstNe... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\dad\cookies\dad@burstnet[2].txt
Cookie/YieldMa... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@ad.yieldmanager[1].txt
2. c:\documents and settings\dad\cookies\dad@ad.yieldmanager[2].txt
3. c:\documents and settings\mom\cookies\mom@ad.yieldmanager[2].txt
4. c:\documents and settings\katie\cookies\katie@ad.yieldmanager[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@serving-sys[2].txt
Cookie/Zedo Tracking Cookie Latent Hide + Info
1. c:\documents and settings\mom\cookies\mom@zedo[2].txt
2. c:\documents and settings\dad\cookies\dad@zedo[1].txt
Cookie/Questio... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\mom\cookies\mom@questionmarket[2].txt
Cookie/Azjmp Tracking Cookie Latent Hide + Info
1. c:\documents and settings\katie\cookies\katie@azjmp[1].txt
Cookie/Adverti... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@advertising[1].txt
2. c:\documents and settings\dad\cookies\dad@advertising[1].txt
Cookie/Target Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@target[2].txt
Cookie/FastCli... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\katie\cookies\katie@fastclick[1].txt
2. c:\documents and settings\brian\cookies\brian@fastclick[1].txt
3. c:\documents and settings\dad\cookies\dad@fastclick[2].txt
Generic Trojan Virus Latent Hide + Info
1. f:\recycler\s-1-5-21-839522115-688789844-725345543-1006\dc11.exe
2. f:\recycler\s-1-5-21-839522115-688789844-725345543-1006\dc12.exe
Cookie/Atlas D... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\katie\cookies\douoe73r.txt
2. c:\documents and settings\brian\cookies\pxiyld0u.txt
3. c:\documents and settings\mom\cookies\mom@atdmt[2].txt
4. c:\documents and settings\dad\cookies\dad@atdmt[1].txt
Cookie/RealMed... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\dad\cookies\dad@247realmedia[2].txt
Cookie/PointRo... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\brian\cookies\brian@ads.pointroll[1].txt
2. c:\documents and settings\mom\cookies\mom@ads.pointroll[1].txt
Generic Trojan Virus Latent Hide + Info
1. f:\recycler\s-1-5-21-839522115-688789844-725345543-1006\dc10.exe
2. f:\recycler\s-1-5-21-839522115-688789844-725345543-1006\dc13.exe
Cookie/Doublec... Tracking Cookie Latent Hide + Info
1. c:\documents and settings\katie\cookies\katie@doubleclick[2].txt
2. c:\documents and settings\dad\cookies\dad@doubleclick[2].txt
3. c:\documents and settings\brian\cookies\d86oq5gm.txt
4. c:\documents and settings\mom\cookies\mom@doubleclick[1].txt
Threats (17)

I'm wondering if it's worth it to go through the cleaning process or if it would be more time efficient just to wipe the hard drive and start over. The viruses detected from Pandascan were listed as low risk and dormant, but I'm weary of letting my parents access their accounts online knowing that their PC is infected.

Edited by hamluis, 23 January 2012 - 08:10 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 23 January 2012 - 12:37 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 brianmatzat

brianmatzat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 23 January 2012 - 06:42 PM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
COMODO Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (3.5.7) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````
<hr>

Farbar Service Scanner Version: 18-01-2012 01
Ran by Brian (administrator) on 23-01-2012 at 16:57:46
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
cmdHlp(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****

<hr>

MiniToolBox by Farbar Version: 18-01-2012
Ran by Brian (administrator) on 23-01-2012 at 16:59:38
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [MATZATPC]. Some commands may not be available.
The RPC server is unavailable.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=156.154.70.22 register=PRIMARY
add dns name="Local Area Connection" addr=156.154.71.22 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : matzatpc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-39-68-D0

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 156.154.70.22

156.154.71.22

Lease Obtained. . . . . . . . . . : Monday, January 23, 2012 8:01:32 AM

Lease Expires . . . . . . . . . . : Tuesday, January 24, 2012 8:01:32 AM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 156.154.70.22

Name: google.com
Addresses: 74.125.65.99, 74.125.65.147, 74.125.65.106, 74.125.65.104
74.125.65.103, 74.125.65.105



Pinging google.com [74.125.65.99] with 32 bytes of data:



Reply from 74.125.65.99: bytes=32 time=1250ms TTL=51

Reply from 74.125.65.99: bytes=32 time=50ms TTL=51



Ping statistics for 74.125.65.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 1250ms, Average = 650ms

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 156.154.70.22

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Request timed out.

Reply from 209.191.122.70: bytes=32 time=1549ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 1549ms, Maximum = 1549ms, Average = 1549ms

Server: UnKnown
Address: 156.154.70.22

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 39 68 d0 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/19/2012 08:21:25 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 62 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (01/19/2012 07:00:46 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (01/19/2012 07:00:03 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 62 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (12/24/2011 04:04:36 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (12/18/2011 08:57:05 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (12/17/2011 02:47:44 PM) (Source: System.EnterpriseServices) (User: )
Description: System.EnterpriseServices failed to install. Please fix the problem (see exception below) and run 'regasm System.EnterpriseServices.dll' again to install System.EnterpriseServices.

Exception:
'System.Runtime.InteropServices.COMException (0x8004E00F): COM+ was unable to talk to the Microsoft Distributed Transaction Coordinator
at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String bstrPartitionIDOrName)
at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type t)'

Error: (12/17/2011 02:47:44 PM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (12/17/2011 01:27:27 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog

Error: (12/17/2011 01:20:32 PM) (Source: System.EnterpriseServices) (User: )
Description: System.EnterpriseServices failed to install. Please fix the problem (see exception below) and run 'regasm System.EnterpriseServices.dll' again to install System.EnterpriseServices.

Exception:
'System.Runtime.InteropServices.COMException (0x8004E00F): COM+ was unable to talk to the Microsoft Distributed Transaction Coordinator
at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String bstrPartitionIDOrName)
at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type t)'

Error: (12/17/2011 01:20:31 PM) (Source: COM+) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)


System errors:
=============
Error: (01/22/2012 08:01:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/21/2012 02:02:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/21/2012 01:51:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/21/2012 01:26:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/21/2012 07:46:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/19/2012 08:27:31 PM) (Source: DCOM) (User: SYSTEM)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error: (01/19/2012 07:41:37 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/19/2012 06:59:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/19/2012 06:43:00 PM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (01/18/2012 09:18:37 PM) (Source: Print) (User: Mom)
Description: The document 14" Metal Platform Base Bed... owned by Mom failed to print on printer Canon MP490 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1966080. Number of bytes printed: 1149684. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\MATZATPC. Win32 error code returned by the print processor: 14" Metal Platform Base Bed...0. 14" Metal Platform Base Bed...1


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.5.0 (Version: 9.5.0)
Canon i560
Canon MP Navigator EX 3.0
Canon MP490 series MP Drivers
Canon Utilities My Printer
COMODO Internet Security (Version: 5.4.58750.1355)
Coupon Printer for Windows (Version: 5.0.0.0)
CutePDF Writer 2.8
DESI Labeling System (Version: 2.5)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LogMeIn (Version: 4.1.1868)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional 2007 Trial (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper (Version: 2.28)
Mozilla Firefox (3.5.7) (Version: 3.5.7 (en-US))
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
Picasa 3 (Version: 3.8)
SoundMAX (Version: 5.12.01.5246)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1014.07 MB
Available physical RAM: 380.29 MB
Total Pagefile: 2442.59 MB
Available Pagefile: 1685.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.34 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:596.16 GB) (Free:573.09 GB) NTFS
4 Drive f: () (Fixed) (Total:70.95 GB) (Free:63.4 GB) NTFS

========================= Users: ========================================

User accounts for \\MATZATPC

Administrator ASPNET Brian
Dad Guest HelpAssistant
Katie LogMeInRemoteUser Mom
SUPPORT_388945a0


**** End of log ****


<hr>

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brian :: MATZATPC [administrator]

1/23/2012 5:03:43 PM
mbam-log-2012-01-23 (17-03-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266424
Time elapsed: 17 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

<hr>

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 17:29:08
-----------------------------
17:29:08.953 OS Version: Windows 5.1.2600 Service Pack 3
17:29:08.953 Number of processors: 2 586 0x304
17:29:08.953 ComputerName: MATZATPC UserName: Brian
17:29:10.093 Initialize success
17:30:13.312 AVAST engine defs: 12012301
17:30:24.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
17:30:24.218 Disk 0 Vendor: WDC_WD6401AALS-00J7B1 05.00K05 Size: 610480MB BusType: 3
17:30:24.218 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
17:30:24.218 Disk 1 Vendor: WDC_WD800JD-75HKA1 14.03G14 Size: 76293MB BusType: 3
17:30:24.234 Disk 0 MBR read successfully
17:30:24.234 Disk 0 MBR scan
17:30:24.281 Disk 0 Windows XP default MBR code
17:30:24.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63
17:30:24.296 Disk 0 scanning sectors +1250242560
17:30:24.359 Disk 0 scanning C:\WINDOWS\system32\drivers
17:30:32.125 Service scanning
17:30:33.234 Modules scanning
17:30:38.000 Disk 0 trace - called modules:
17:30:38.031 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:30:38.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fceab8]
17:30:38.031 3 CLASSPNP.SYS[f788dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x86fd0d98]
17:30:40.640 AVAST engine scan C:\WINDOWS
17:31:09.046 AVAST engine scan C:\WINDOWS\system32
17:32:57.390 AVAST engine scan C:\WINDOWS\system32\drivers
17:33:21.375 AVAST engine scan C:\Documents and Settings\Brian
17:37:17.187 AVAST engine scan C:\Documents and Settings\All Users
17:37:59.218 Scan finished successfully
17:41:54.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Brian\Desktop\MBR.dat"
17:41:54.234 The log file has been saved successfully to "C:\Documents and Settings\Brian\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 23 January 2012 - 08:08 PM

I don't see anything malicious so far.

Since you're using Comodo firewall make sure you disable Windows firewall.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 brianmatzat

brianmatzat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 January 2012 - 02:53 PM

C:\Documents and Settings\Mom\Desktop\Sally\Desktop\Various Pictures\halloweenclipartfree.exe multiple threats deleted - quarantined
C:\Documents and Settings\Mom\Desktop\Sally\Desktop\Various Pictures\patterns\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\Documents and Settings\All Users\Documents\couponprinter(4).exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc10.exe a variant of Win32/Adware.XPAntivirus.AF application cleaned by deleting - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc11.exe a variant of Win32/Adware.XPAntivirus.AE application cleaned by deleting - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc12.exe a variant of Win32/Adware.XPAntivirus.AE application cleaned by deleting - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc13.exe a variant of Win32/Adware.XPAntivirus.AF application cleaned by deleting - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc14.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc15.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc16.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc17.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined
F:\RECYCLER\S-1-5-21-839522115-688789844-725345543-1006\Dc18.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 24 January 2012 - 03:05 PM

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 brianmatzat

brianmatzat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 January 2012 - 06:47 PM

Wow. Incredibly helpful. Thank you so much! Back to full strength!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 24 January 2012 - 08:11 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users