Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant string of problems and I have no clue


  • Please log in to reply
9 replies to this topic

#1 jsms1095

jsms1095

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:10 AM

Posted 27 January 2012 - 10:37 AM

Hi,

Around New Year's, my computer was infected by XP internet security 2012. Since I couldn't run any of my antivirus software and I couldn't access the internet, I paid for a repair person to come and fix it. He was able to get me back into the computer, and I ran continuous scans until everything came back clean. I was running Symantec Endpoint Protection, Malwarebytes, and SuperAntiSpyware. When all of those were finished, I ran Spybot.

Since then, however, my scans keep picking up problems. (I have been running any one of those programs every night.) Earlier this week, I somehow picked up something called UltraDefraggerFraud. Almost all of my icons disappeared from my desktop and start menu. Many small windows cascaded down my screen with warnings about hard drive failure and other windows demanded that I scan and repair the damage. I couldn't figure out how to get to the internet, so I called the repair person again. I believe that he used rKill and something called unhide to restore my icons and I began the endless run of scans again. It has been 48 hours of constant scanning and I am still picking up alerts. Is this normal? The latest scan that ended this morning showed the following:

Malwarebytes: Heuristics.Reserved.Word.Exploit

SuperAntiSpyware: Trojan.Agent/Gen-PEC

Symantec: content/overlay.xul and xulcache.jar

I don't know how they keep getting through. I have Windows Security Center, but it doesn't seem to be running. Does that mean that I don't have a firewall?

I cannot boot in safemode. It apparently has something to do with my graphics driver. This is the message that I get: Cannot Display This Video Mode.

I have Win XP sp 3.

I have some of last night's scan logs. I'm not exactly sure how to do Symantec's log.
Thanks,
Janet


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: JANET [administrator]

1/26/2012 8:23:35 PM
mbam-log-2012-01-26 (20-23-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 521149
Time elapsed: 11 hour(s), 17 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\user\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2012 at 07:44 AM

Application Version : 5.0.1142

Core Rules Database Version : 8173
Trace Rules Database Version: 5985

Scan type : Complete Scan
Total Scan Time : 11:21:10

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 776
Memory threats detected : 0
Registry items scanned : 22190
Registry threats detected : 0
File items scanned : 290337
File threats detected : 33

Adware.Tracking Cookie
konac.kontera.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BJVRNDZN ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NZZQYFXN.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\RARSFX7\PROCS\EXPLORER.EXE

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:10 AM

Posted 27 January 2012 - 04:48 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jsms1095

jsms1095
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:10 AM

Posted 27 January 2012 - 09:04 PM

Here are the logs. Thanks!

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````


Farbar Service Scanner Version: 18-01-2012 01
Ran by user (administrator) on 27-01-2012 at 19:58:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar Version: 18-01-2012
Ran by user (administrator) on 27-01-2012 at 20:00:21
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 49455
"network.proxy.type", 0
Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
D-Link WDA-1320 Desktop Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JANET

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : D-Link WDA-1320 Desktop Adapter

Physical Address. . . . . . . . . : 00-15-E9-47-77-C3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.252.0.12

Lease Obtained. . . . . . . . . . : Friday, January 27, 2012 9:34:42 AM

Lease Expires . . . . . . . . . . : Saturday, January 28, 2012 9:34:41 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-13-20-E9-C5-7E

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.113.104, 74.125.113.105, 74.125.113.106, 74.125.113.103
74.125.113.147, 74.125.113.99



Pinging google.com [74.125.115.99] with 32 bytes of data:



Request timed out.

Reply from 74.125.115.99: bytes=32 time=29ms TTL=53



Ping statistics for 74.125.115.99:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 29ms, Average = 29ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=92ms TTL=56

Reply from 98.137.149.56: bytes=32 time=96ms TTL=56



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 96ms, Average = 94ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 e9 47 77 c3 ...... D-Link WDA-1320 Desktop Adapter - Packet Scheduler Miniport
0x3 ...00 13 20 e9 c5 7e ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
255.255.255.255 255.255.255.255 192.168.1.3 3 1
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/27/2012 02:17:47 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Tracking Cookies in File: Unavailable by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (01/26/2012 08:34:42 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Tracking Cookies in File: Unavailable by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (01/26/2012 00:45:33 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/26/2012 05:44:57 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d>>ropan.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Security Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d>>ropan.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Security Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (01/25/2012 07:37:36 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1476571294.

Error: (01/25/2012 07:36:11 PM) (Source: Application Hang) (User: )
Description: Hanging application SymCorpUI.exe, version 11.0.5002.290, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2012 04:21:40 PM) (Source: Application Hang) (User: )
Description: Hanging application SymCorpUI.exe, version 11.0.5002.290, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2012 10:51:19 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/25/2012 10:51:16 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.

Error: (01/25/2012 10:50:17 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 49ef8e09, P4 mscorlib, P5 2.0.0.0, P6 4e154d36, P7 f4f, P8 7, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (01/27/2012 09:35:26 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/26/2012 08:00:39 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/26/2012 05:44:25 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/25/2012 11:51:36 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/25/2012 10:49:28 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/22/2012 07:32:10 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/22/2012 06:37:49 AM) (Source: 0) (User: )
Description:

Error: (01/18/2012 00:00:43 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/14/2012 11:50:14 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/14/2012 11:06:28 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (01/27/2012 02:17:47 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Tracking Cookies in File: Unavailable by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (01/26/2012 08:34:42 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Tracking Cookies in File: Unavailable by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (01/26/2012 00:45:33 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/26/2012 05:44:57 AM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d>>ropan.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Security Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d>>ropan.class by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Security Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Risk Found!Trojan.Gen.2 in File: c:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-32dd487d by: Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (01/25/2012 07:37:36 PM) (Source: Application Hang)(User: )
Description: 1476571294

Error: (01/25/2012 07:36:11 PM) (Source: Application Hang)(User: )
Description: SymCorpUI.exe11.0.5002.290hungapp0.0.0.000000000

Error: (01/25/2012 04:21:40 PM) (Source: Application Hang)(User: )
Description: SymCorpUI.exe11.0.5002.290hungapp0.0.0.000000000

Error: (01/25/2012 10:51:19 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\USER\RECENT\DESKTOP.INI

Error: (01/25/2012 10:51:16 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3ccc.exe2.0.0.049ef8e09mscorlib2.0.0.04e154d36f4f7n3ctrye2kn3c34sgl4zqyrbfte4m13nbNIL

Error: (01/25/2012 10:50:17 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3ccc.exe2.0.0.049ef8e09mscorlib2.0.0.04e154d36f4f7n3ctrye2kn3c34sgl4zqyrbfte4m13nbNIL


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
AbiWord 2.8.6 (Version: 2.8.6)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
Alice in Vivaldi's Four Seasons 1.0
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.750.0)
ATI Display Driver (Version: 8.671-091104a-091523C-ATI)
Barbie™ Beauty Boutique™ CD-ROM
Beauty and the Beast Magical Ballroom
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.149.000)
c3100_Help (Version: 70.0.149.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Full Existing (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Full New (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Light (Version: 2009.1104.959.17837)
Catalyst Control Center Graphics Previews Common (Version: 2009.1104.959.17837)
Catalyst Control Center HydraVision Full (Version: 2009.1104.959.17837)
Catalyst Control Center InstallProxy (Version: 2009.1104.959.17837)
ccc-core-preinstall (Version: 2009.1104.959.17837)
ccc-core-static (Version: 2009.1104.959.17837)
ccc-utility (Version: 2009.1104.959.17837)
CCC Help English (Version: 2009.1104.0958.17837)
Creative Driver
Creative Memories Memory Manager 2 (Version: 2.0)
D&D Character Generator Demo
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
Disney's You Can Fly! with Tinker Bell (Version: 1.0)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 70.0.149.000)
Heroes of Might and Magic II
High-Definition Video Playback (Version: 7.3.10900.8.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential (Version: 1.9.1.3)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevicesMFC (Version: 70.0.170.000)
ISODisk 1.1
iTunes (Version: 10.5.3.3)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.1.2)
Java™ 6 Update 18 (Version: 6.0.180)
Little Mermaid II Return to the Sea
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Memory Manager Shared Components Update (Version: 2.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Compatibility Toolkit 5.6 (Version: 5.6.7324.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 97, Professional Edition
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Might and Magic IX (Version: 1.0)
Might and MagicŪ VI
Monsters Jr
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
My Little Pony
My Little Pony (Version: 1.00.0000)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Audio Pack 1 (Version: 2.0.13100.0.10)
Nero Core Components 10 (Version: 2.0.20100.9.13)
Nero Kwik Media (Version: 1.6.16800.75.100)
Nero Kwik Media (Version: 10.6.12300)
Nero Update (Version: 11.0.10022.15.0)
NeroKwikMedia Help (CHM) (Version: 10.6.10700)
NewCopy_CDA (Version: 70.0.149.000)
Nutcracker Game 2.3
OCR Software by I.R.I.S 7.0 (Version: 7.0)
PanoStandAlone (Version: 70.0.170.000)
ProductContextNPI (Version: 70.0.149.000)
QuickTime (Version: 7.71.80.42)
Reader Rabbit Toddler
Readme (Version: 70.0.149.000)
Rhapsody
Rosetta Stone Version 3 (Version: 3.3.5.2)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Secret Agent™ Barbie™
SolutionCenter (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.0.1142)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 11.0.5002.333)
Timez Attack (Version: 4.04)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3796)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0443)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0211)
TurboTax 2010 wpaiper (Version: 010.000.1181)
TurboTax 2010 wrapper (Version: 010.000.0157)
Unload (Version: 7.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Zoo Tycoon: Complete Collection

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2045.49 MB
Available physical RAM: 1111.7 MB
Total Pagefile: 3938.37 MB
Available Pagefile: 3053.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:372.6 GB) (Free:313.21 GB) NTFS

========================= Users: ========================================

User accounts for \\JANET

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 user


**** End of log ****



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: JANET [administrator]

1/27/2012 8:05:41 PM
mbam-log-2012-01-27 (20-05-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172973
Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 20:29:48
-----------------------------
20:29:48.421 OS Version: Windows 5.1.2600 Service Pack 3
20:29:48.421 Number of processors: 2 586 0x602
20:29:48.421 ComputerName: JANET UserName: user
20:29:50.656 Initialize success
20:38:37.750 AVAST engine defs: 12012600
20:42:05.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:42:05.906 Disk 0 Vendor: ST3400832AS 3.06 Size: 381554MB BusType: 3
20:42:06.984 Disk 0 MBR read successfully
20:42:06.984 Disk 0 MBR scan
20:42:07.109 Disk 0 Windows XP default MBR code
20:42:07.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381543 MB offset 63
20:42:07.187 Disk 0 scanning sectors +781401600
20:42:07.343 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:58.843 Service scanning
20:43:00.531 Modules scanning
20:43:28.890 Disk 0 trace - called modules:
20:43:28.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:43:28.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ddeab8]
20:43:29.015 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x89e5bf18]
20:43:29.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89db9b00]
20:43:37.203 AVAST engine scan C:\WINDOWS
20:44:20.484 AVAST engine scan C:\WINDOWS\system32
20:50:31.375 AVAST engine scan C:\WINDOWS\system32\drivers
20:51:05.843 AVAST engine scan C:\Documents and Settings\user
20:55:23.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\scan logs for bc\MBR.dat"
20:55:23.421 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\scan logs for bc\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:10 AM

Posted 27 January 2012 - 09:27 PM

We have number of issues there....

1. Have you disabled system restore for whatever reason?

2. "hosts" file is missing.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Re-run MiniToolbox.
Checkmark following boxes:
  • List content of Hosts
Click Go and post the result.

3. Several registry keys are missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.


Restart computer, post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jsms1095

jsms1095
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:10 AM

Posted 27 January 2012 - 10:08 PM

Hi,

I had not turned off System Restore, but it is on now. I followed all of the above steps--here are the logs that you asked for. Thanks,

MiniToolBox by Farbar Version: 18-01-2012
Ran by user (administrator) on 27-01-2012 at 21:59:16
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost


**** End of log ****



Farbar Service Scanner Version: 18-01-2012 01
Ran by user (administrator) on 27-01-2012 at 22:00:51
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:10 AM

Posted 27 January 2012 - 10:27 PM

Well done :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 jsms1095

jsms1095
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:10 AM

Posted 28 January 2012 - 09:45 AM

Sorry for the delay--the scan was running for a long time. The ESET scan did find something. Here is the log, thanks,

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8f7fa97ec55f1147be86fe3ddea2f452
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 07:29:38
# local_time=2012-01-28 02:29:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=252220
# found=1
# cleaned=1
# scan_time=11105
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nzzqyfxn.default\extensions\{b444f6a0-a6ec-4a29-a8ec-55ac4134c89c}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:10 AM

Posted 28 January 2012 - 11:38 AM

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

======================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 jsms1095

jsms1095
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:10 AM

Posted 28 January 2012 - 01:12 PM

Broni,

Thank you!!

Janet

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:10 AM

Posted 28 January 2012 - 02:19 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users