Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I've been infected by every virus possible


  • Please log in to reply
90 replies to this topic

#1 LaShunda

LaShunda

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 24 January 2012 - 07:26 PM

I think I've had every virus known to a computer. I guess I don't know what I'm doing when posting on Bleeping Computer because this is my second time but I never received a response from the first post. I've had so many viruses that I just think I need to throw my computer out and buy a new one. Today I came home from work and I had a new virus. Win32:Downloader-MOB. The other day it said I had a RootKit. I currently have AVAST for security because I can't update my firewall or change any settings. I also have Malwarebytes but I'm afraid to use it because it was on my computer during another recent virus. I can't delete. So many of my registry files have been changed from viruses that I can't tell what's going on with my computer anymore. Is there any help for me? I've tried to scan my files but the report won't generate. I just don't know what to do any more.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 24 January 2012 - 08:29 PM

Hello, this is your other topic
http://www.bleepingcomputer.com/forums/topic434264.html/page__p__2522284#entry2522284
I did reply/// Alls good tho'


Lets run this:
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Run MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 25 January 2012 - 12:38 PM

I guess I don't know how to look at my replies because I didn't see one previously. Your response came to my email this time so I got it. Thanks for responding and sorry about the last one. Please try and be patient because I know hardly anything about computers and about posting results. I saw a report save to my desktop but didn't know how to get on here so I just copied and pasted it.

Here's the report from the Minitoolbox and MBAM:

MiniToolBox by Farbar Version: 18-01-2012
Ran by lashunda (administrator) on 25-01-2012 at 11:06:07
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter = Wireless Network Connection (Connected)
NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : LASHUNDA-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter
Physical Address. . . . . . . . . : 00-22-3F-FC-E0-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::38d5:8f09:a922:9943%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 17, 2012 6:34:12 PM
Lease Expires . . . . . . . . . . : Thursday, January 26, 2012 6:46:21 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218112575
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-62-C9-1C-00-23-54-13-04-F4
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-23-54-13-04-F4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{80F2DC83-79E6-40C3-9E5F-259CE4504E6A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.113
74.125.227.114
74.125.227.115
74.125.227.116
74.125.227.112



Pinging google.com [74.125.227.115] with 32 bytes of data:

Reply from 74.125.227.115: bytes=32 time=29ms TTL=52

Reply from 74.125.227.115: bytes=32 time=26ms TTL=53



Ping statistics for 74.125.227.115:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 29ms, Average = 27ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:

Reply from 98.139.180.149: bytes=32 time=385ms TTL=45

Reply from 98.139.180.149: bytes=32 time=370ms TTL=45



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 370ms, Maximum = 385ms, Average = 377ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 22 3f fc e0 9c ...... NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter
10 ...00 23 54 13 04 f4 ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.{80F2DC83-79E6-40C3-9E5F-259CE4504E6A}
14 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.68 281
192.168.1.68 255.255.255.255 On-link 192.168.1.68 281
192.168.1.255 255.255.255.255 On-link 192.168.1.68 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::38d5:8f09:a922:9943/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/25/2012 10:39:51 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (01/25/2012 10:39:51 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/25/2012 10:39:41 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (01/25/2012 10:39:41 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/25/2012 10:39:31 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/25/2012 10:39:21 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (01/25/2012 10:39:21 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/25/2012 10:39:11 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (01/25/2012 10:39:11 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/25/2012 10:39:01 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (1104) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (01/24/2012 04:11:12 PM) (Source: DCOM) (User: lashunda)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}lashunda-PClashundaS-1-5-21-2409556786-1300974862-2268723455-1000LocalHost (Using LRPC)

Error: (01/21/2012 04:00:02 AM) (Source: nvstor32) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (01/17/2012 06:45:28 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding740{E9513610-F218-4DDA-B954-2C7E6BA7CABB}

Error: (01/17/2012 06:45:15 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (01/17/2012 06:36:58 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic System Host

Error: (01/17/2012 06:36:55 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic Service Host

Error: (01/17/2012 06:36:21 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE

Error: (01/17/2012 06:36:21 PM) (Source: Service Control Manager) (User: )
Description: 30000Roxio Hard Drive Watcher 9

Error: (01/17/2012 06:36:21 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (01/17/2012 06:36:21 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE


Microsoft Office Sessions:
=========================
Error: (01/25/2012 10:39:51 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (01/25/2012 10:39:51 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/25/2012 10:39:41 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (01/25/2012 10:39:41 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/25/2012 10:39:31 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/25/2012 10:39:21 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (01/25/2012 10:39:21 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/25/2012 10:39:11 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (01/25/2012 10:39:11 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (01/25/2012 10:39:01 AM) (Source: ESENT)(User: )
Description: wuaueng.dll1104SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


=========================== Installed Programs ============================

2Wire Wireless Client
32 Bit HP CIO Components Installer (Version: 7.1.8)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0.1)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Ask Toolbar (Version: 1.7.1.0)
AT&T Yahoo! High Speed Internet Home Networking Installer
avast! Free Antivirus (Version: 6.0.1367.0)
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.37)
BlackBerry Device Software Updater (Version: 6.0.1.6)
BlackBerry® Media Sync (Version: 3.0.0.39)
BLOCKBUSTER Movielink
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite Deluxe (Version: .1707)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F2200_Software (Version: 100.0.206.000)
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)
DVD Play (Version: 2.4.5411)
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
F2200 (Version: 100.0.206.000)
F2200_Help (Version: 100.0.206.000)
Family Feud Battle of the Sexes (remove only)
Fiesta (Version: 10.0.0330)
FrostWire 4.20.6 (Version: 4.20.6.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 16.0.912.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
GPBaseService (Version: 100.0.187.000)
Hardware Diagnostic Tools (Version: 5.1.4861.15)
HP Active Support Library (Version: 3.1.6.1)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Demo (Version: 1.00.0000)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Recovery Manager RSS (Version: 84.0.0.7)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.003.001.001)
HPAsset component for HP Active Support Library (Version: 3.0.0.6)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
HPTCSSetup (Version: 1.0.964.2626)
iCloud (Version: 1.0.1.29)
iTunes (Version: 10.5.1.42)
Java™ 6 Update 26 (Version: 6.0.260)
LabelPrint (Version: 2.2.2913)
LightScribe System Software (Version: 1.18.3.2)
LightScribeTemplateLabeler (Version: 1.10.23.1)
M86Security Secure Browsing
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.52)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.1 (Version: 3.1.9399)
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)
Power2Go (Version: 5.6.4109)
PowerDirector (Version: 6.5.2926)
PSSWCORE (Version: 2.03.0000)
Python 2.5.2 (Version: 2.5.2150)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5657)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Media Manager (Version: 9.4.067)
Safari (Version: 5.34.51.22)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Scan (Version: 10.1.0.0)
Shop for HP Supplies (Version: 10.0)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.0 (Version: 5.0.156)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
Symantec Technical Support Advanced Chat Controls (Version: 3.5.3)
Symantec Technical Support Web Controls (Version: 3.5.3)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
VideoToolkit01 (Version: 110.0.171.000)
WebReg (Version: 100.0.170.000)
Windows NT Backup - Restore Utility (Version: 1.0)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1917.76 MB
Available physical RAM: 627.2 MB
Total Pagefile: 4338.38 MB
Available Pagefile: 706.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.69 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:138.03 GB) (Free:62.94 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.07 GB) NTFS

========================= Users: ========================================

User accounts for \\LASHUNDA-PC

Administrator Guest lashunda

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini091511-01.dmp
C:\Windows\Minidump\Mini121111-01.dmp
C:\Windows\Minidump\Mini121711-01.dmp

**** End of log ****

MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19048
lashunda :: LASHUNDA-PC [administrator]

1/25/2012 11:11:50 AM
mbam-log-2012-01-25 (11-11-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 269540
Time elapsed: 24 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 25 January 2012 - 04:47 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 26 January 2012 - 07:14 PM

Hi. I finally saw your post to my other question. I'm sorry but it took ESET so long to run like several hours that I feel asleep. When I got home from work today somebody in my family had closed it out so I didn't get the report. The only virus I saw it captured was something like Win:32 Toolbar.Zugo application. The program had finished but I didn't have time before going to work to save the report. I forgot to tell my family not to touch the computer.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 26 January 2012 - 08:09 PM

Hello, it should be here. As you saud you had may infections yet these logs are seeing little.

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 27 January 2012 - 05:39 PM

This all that was in the log for ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

I've had lots of viruses because I can't update windows, I can't change my firewall settings, and lots of my registry keys have been altered by the viruses so I can't do much on my computer. Like I can't delete some files like Malwarebytes. I get lots of errors in my Event Logs. I can't save logs appropriately. I can't use System Repair or retore. My computer won't restart normally unless I tell it to. I can't update Java or delete it. Here's a list of the viruses I've had in the last month.

Win32: FunWeb-J (PUP)
JS: Pdfka-gen (EXpl)
JS: PornPopA (PUP)
Win32: Zango-AQ (PUP)
JS: IFrame-DK (Trj)
Win32: FakeAlert-BQI (Trj)
Java:CVE-2011-3544J (Expl)
Java:CVE-2010-0842C (Expl)
Java:CVE-2011-3544F (Expl)
JS/Hilto.C
JS/Hilto.F
Jave:CVE-2011-3544W
Win32:Alureon-AOV

Win32:Alureon-AOL (Trj)
RootKit.ZeroAccess inserted into tcp/ip stack
Win32\Toolbar.Zugo Application
Win32:Downloader-MOB
aai.exe

Here are some of the registry key information taken from MBAM logs:

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\lashunda\AppData\Local\aai.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\lashunda\AppData\Local\Temp\0.27551146372276514.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\lashunda\AppData\Local\aai.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\lashunda\AppData\Local\Temp\0.27551146372276514.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.



I receive errors like App failed to initialize 0X80070006
The handle is invalid
DcomLaunch access is denied
Repair action - system file integrity check and repair failed error code 0X490

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 27 January 2012 - 07:24 PM

Thamnk you.. Some of the infections removed so far were info stealers.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 28 January 2012 - 02:47 PM

See I told you something was going on. I have so have logs from DDS and a couple of other logs I tried from researching viruses and prior to joining bleepingcomputer.com. A lot of my registry keys have been changed. Here is the FSS log.

Farbar Service Scanner Version: 18-01-2012 01
Ran by lashunda (administrator) on 28-01-2012 at 13:45:09
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 23:46] - [2010-06-16 10:39] - 0912776 ____A (Microsoft Corporation) 6A10AFCE0B38371064BE41C1FBFD3C6B

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-04-27 18:21] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2010-04-27 18:21] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 03 February 2012 - 10:55 AM

Hi. It's been a few days since I've received a reply to my last post and I was wondering if you are still helping me?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 03 February 2012 - 11:17 AM

Sorry I got stuck in Jury Duty.. I will get someone here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 03 February 2012 - 11:34 AM

LaShunda

Hi,i would help you as boopme is busy now.I will take a look at your logs and guide you.

Thanks

Edited by narenxp, 03 February 2012 - 11:38 AM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:30 AM

Posted 03 February 2012 - 11:38 AM

You are missing registry keys related to firewall.Before we could fix it,we need to analyze your ESET log which indicates that PC was infected by zero access rootkit .We have to make sure that PC is clean

I need you run these tools and post the logs

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 03 February 2012 - 11:46 AM.


#14 LaShunda

LaShunda
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 03 February 2012 - 01:41 PM

I don't know how to post the log from TDSS but it came back showing that it found nothing. If you tell me how to post it I will. I don't want to run the rest of the programs because I can't use the computer while they are running and it will shut the TDSS log down. If you still need the TDSS log even though it's showing it found "0" threats just tell me how to post it.

Thanks for your help.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:30 AM

Posted 03 February 2012 - 02:29 PM

Popping in....
Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.opping in
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users