Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

right media virus


  • Please log in to reply
12 replies to this topic

#1 cgrammie2

cgrammie2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 06 February 2012 - 08:04 PM

For the past couple of weeks I have been unsuccessfully trying to rid my computer of right media virus - neither avast or malwarebytes detect it - however spybot does detect and remove it only to have it come back over and over again. What can I do to be permanently rid of this nuisance? Thanks for your help!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 06 February 2012 - 08:29 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 07 February 2012 - 12:33 AM

Thank you for your prompt response! I have followed your instructions - results are posted below:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
McAfee Security Scan Plus
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Windows Defender
Java™ 6 Update 29
Out of date Java installed!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MsMpEng.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````


Farbar Service Scanner Version: 05-02-2012
Ran by Linda Cross (administrator) on 06-02-2012 at 19:19:25
Running from "C:\Documents and Settings\Linda Cross\Local Settings\Temporary Internet Files\Content.IE5\NLG43PPK"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(14) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0F000000040000000100000002000000030000000E0000000F0000000D0000000C0000000B000000050000000A00000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by Linda Cross (administrator) on 06-02-2012 at 19:22:32
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14324 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Grammie

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ph.cox.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : ph.cox.net

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0B-DB-29-29-F4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 98.177.172.199

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 98.177.172.1

DHCP Server . . . . . . . . . . . : 172.19.73.31

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Monday, February 06, 2012 7:22:22 PM

Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 7:22:22 PM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.227.147, 74.125.227.148, 74.125.227.144, 74.125.227.145
74.125.227.146



Pinging google.com [74.125.227.81] with 32 bytes of data:



Reply from 74.125.227.81: bytes=32 time=46ms TTL=57

Reply from 74.125.227.81: bytes=32 time=43ms TTL=57



Ping statistics for 74.125.227.81:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 46ms, Average = 44ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=46ms TTL=56

Reply from 209.191.122.70: bytes=32 time=46ms TTL=56



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 46ms, Average = 46ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db 29 29 f4 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.177.172.1 98.177.172.199 20
98.177.172.0 255.255.252.0 98.177.172.199 98.177.172.199 20
98.177.172.199 255.255.255.255 127.0.0.1 127.0.0.1 20
98.255.255.255 255.255.255.255 98.177.172.199 98.177.172.199 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 98.177.172.199 98.177.172.199 20
255.255.255.255 255.255.255.255 98.177.172.199 98.177.172.199 1
Default Gateway: 98.177.172.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 01:29:53 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/24/2012 05:16:51 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/17/2012 00:39:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/13/2012 05:35:35 AM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (01/10/2012 11:33:51 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/03/2012 10:58:39 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/27/2011 10:20:57 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/27/2011 10:19:23 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/27/2011 08:53:44 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/27/2011 08:31:18 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (02/06/2012 07:24:34 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/06/2012 07:24:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (02/06/2012 07:23:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (02/06/2012 07:23:53 AM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error:
%%3

Error: (02/05/2012 09:47:54 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/05/2012 09:47:54 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (02/05/2012 09:46:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (02/05/2012 09:46:34 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error:
%%3

Error: (02/04/2012 08:54:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (02/04/2012 08:54:06 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Core LC service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (02/01/2012 01:29:53 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/24/2012 05:16:51 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/17/2012 00:39:18 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/13/2012 05:35:35 AM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (01/10/2012 11:33:51 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/03/2012 10:58:39 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/27/2011 10:20:57 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/27/2011 10:19:23 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/27/2011 08:53:44 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/27/2011 08:31:18 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.


=========================== Installed Programs ============================

Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player (Version: 10.1.4.20)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
avast! Free Antivirus (Version: 6.0.1367.0)
BACS (Version: 3.26.0000)
Banctec Service Agreement (Version: 1.00.0004)
BCM V.92 56K Modem
Britannica Ready Reference
Broadcom Advanced Control Suite (Version: 3.26.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
DAO (Version: 3.50)
Dell Picture Studio - Dell Image Expert (Version: 3.4.1)
Dell ResourceCD
Dell Solution Center (Version: 1.00.0000)
DellSupport (Version: 6.0.3062)
EarthLink Free Trial (Version: 1.00.0000)
Easy CD Creator 5 Basic (Version: 5.3.4.21)
ERUNT 1.1j
Google Toolbar for Internet Explorer (Version: 1.0.0)
Help and Support Customization (Version: 1.00.0000)
Intel® Extreme Graphics Driver
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Lexmark X1100 Series
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Publisher 2002 (Version: 10.0.6626.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Helper
Musicmatch® Jukebox (Version: 10.00.4015)
Paint Shop Pro 7 (Version: 7.05.0000)
QuickTime
Rhapsody
Spybot - Search & Destroy (Version: 1.6.2)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VoiceScribe 8.0 (Version: 8.0)
VoiceScribe Typing Module for Word 8.0 (Version: 8.0)
Watchtower Library 2006 - English Edition
WebFldrs XP (Version: 9.50.6513)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061017.133151)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 8.1 (4331))
Yahoo! Messenger (Version: 5.5)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1022.48 MB
Available physical RAM: 433.17 MB
Total Pagefile: 1696.47 MB
Available Pagefile: 1189.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.79 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:55.84 GB) (Free:29.57 GB) NTFS

========================= Users: ========================================

User accounts for \\GRAMMIE

Administrator Courteney Guest
HelpAssistant Linda Cross SUPPORT_388945a0
SUPPORT_3f151ab9


**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda Cross :: GRAMMIE [administrator]

Protection: Enabled

2/6/2012 8:14:20 PM
mbam-log-2012-02-06 (20-14-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 211804
Time elapsed: 1 hour(s), 28 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Linda Cross\Desktop\FSS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Cross\Local Settings\Temporary Internet Files\Content.IE5\RL6EILXF\FSS[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 22:08:51
-----------------------------
22:08:51.093 OS Version: Windows 5.1.2600 Service Pack 3
22:08:51.093 Number of processors: 1 586 0x204
22:08:51.093 ComputerName: GRAMMIE UserName:
22:08:52.406 Initialize success
22:08:53.968 AVAST engine defs: 12020601
22:09:36.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:09:36.687 Disk 0 Vendor: IC35L060AVV207-0 V22OA66A Size: 57220MB BusType: 3
22:09:36.718 Disk 0 MBR read successfully
22:09:36.718 Disk 0 MBR scan
22:09:36.718 Disk 0 Windows XP default MBR code
22:09:36.718 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
22:09:36.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57184 MB offset 64260
22:09:36.765 Disk 0 scanning sectors +117178110
22:09:36.859 Disk 0 scanning C:\WINDOWS\system32\drivers
22:09:53.546 Service scanning
22:09:54.906 Modules scanning
22:10:14.968 Disk 0 trace - called modules:
22:10:15.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:10:15.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fd5ab8]
22:10:15.000 3 CLASSPNP.SYS[f7533fd7] -> nt!IofCallDriver -> \Device\00000064[0x86f3df18]
22:10:15.015 5 ACPI.sys[f749a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f4d940]
22:10:15.828 AVAST engine scan C:\WINDOWS
22:10:35.984 AVAST engine scan C:\WINDOWS\system32
22:14:34.937 AVAST engine scan C:\WINDOWS\system32\drivers
22:14:59.437 AVAST engine scan C:\Documents and Settings\Linda Cross
22:22:32.437 AVAST engine scan C:\Documents and Settings\All Users
22:23:47.984 Scan finished successfully
22:24:48.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda Cross\Desktop\MBR.dat"
22:24:48.546 The log file has been saved successfully to "C:\Documents and Settings\Linda Cross\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 07 February 2012 - 12:36 AM

I don't see anything malicious there.

Any ill symptoms?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 07 February 2012 - 06:29 PM

I'm so surprised you found nothing malicious! I've just run spybot and again it detected and removed right media - in addition to sluggishness here's what I've been experiencing. A couple months ago I downloaded CutePDF Writer software which converts my completed Excel file into a PDF file. Ever since this download and every time I go on the internet I receive the following message: "Internet Explorer - Seach Provider Default - A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Google (www.google.com). Internet search will now open search settings where you can change this setting or install more seach providers". I then click "OK" and a new screen appears "Manage Add Ons - View and manage your Internet Explorer add-ons", etc. I have uninstalled and reinstalled the CutePDF Writer software as well as Internet Explorer 8 and I'm still unsuccessful in getting rid of this screen. Also IE has set Bing as my default and I can't change it to Google. I'll be able do the Temp File Cleaner and the Eset scan later tonite and post the results. THANKS AGAIN for your help!

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 07 February 2012 - 06:53 PM

Let's see....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 08 February 2012 - 02:40 AM

The Temp File Cleaner (TFC) didn't work. Eset scan found no infected files and no log report.
Thank you.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 08 February 2012 - 12:07 PM

Explain "didn't work".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 08 February 2012 - 12:21 PM

I actually downloaded TFC twice - once the night before, clicked on start, the desktop disappeared as it said it would and left it up all night and nothing. I downloaded it again last nite clicked start the desktop disappeared and again no sign of any activity whatsoever - I left it open like that for a couple hours before I gave up and went to bed.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 08 February 2012 - 12:39 PM

Run it from safe mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 08 February 2012 - 07:46 PM

I'm working on a special project for my job and will be unable to do any more troubleshooting for the next several days - please don't close out my "case". I'll contact you again when I'm able to resume everything.

thanks much for your help!!

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:45 PM

Posted 08 February 2012 - 08:18 PM

We don't close topics :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 cgrammie2

cgrammie2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 08 February 2012 - 08:39 PM

okay thanks much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users