Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

As soon as I get rid of one...here's another!


  • Please log in to reply
2 replies to this topic

#1 drpaul88

drpaul88

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 13 February 2012 - 11:42 AM

I just got rid of the system restore virus (I thought so) and now it seems something else is going on. It's not the same. I still have all my icons and no windows pop up but something is wrong. Malwarebytes finds nothing but spyware dr & superantispyware keep finding stuff.

Should I just do a system restore from the previous virus issue?

Thanks,

Paul

BC AdBot (Login to Remove)

 


#2 drpaul88

drpaul88
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 13 February 2012 - 12:52 PM

If it matters, I re-ran the FSS, Farbar & aswMBR like the first one & here are the logs:

Farbar Service Scanner Version: 12-02-2012 01
Ran by Paul (administrator) on 13-02-2012 at 11:43:52
Running from "C:\Documents and Settings\Paul\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(3) IPSec(5) NetBT(6) pctgntdi(10) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar Version: 18-01-2012
Ran by Paul (administrator) on 13-02-2012 at 11:45:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : paul-c5d256c778

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ec.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : ec.rr.com

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-19-D1-2D-2A-02

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Monday, February 13, 2012 11:13:07 AM

Lease Expires . . . . . . . . . . : Tuesday, February 14, 2012 11:13:07 AM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.65.147, 74.125.65.99, 74.125.65.103, 74.125.65.104
74.125.65.105, 74.125.65.106



Pinging google.com [74.125.45.106] with 32 bytes of data:



Reply from 74.125.45.106: bytes=32 time=33ms TTL=53

Reply from 74.125.45.106: bytes=32 time=33ms TTL=53



Ping statistics for 74.125.45.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=93ms TTL=53

Reply from 72.30.2.43: bytes=32 time=94ms TTL=53



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 94ms, Average = 93ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 2d 2a 02 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.101 192.168.2.101 20
192.168.2.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.101 192.168.2.101 20
224.0.0.0 240.0.0.0 192.168.2.101 192.168.2.101 20
255.255.255.255 255.255.255.255 192.168.2.101 192.168.2.101 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 17 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/13/2012 11:04:57 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.6.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]

Error: (02/13/2012 07:38:14 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2584052): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/13/2012 07:38:04 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.

Error: (02/13/2012 07:37:23 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB2539581): RICHED20' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/13/2012 07:36:42 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.

Error: (02/13/2012 07:36:06 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Excel 2003 (KB2596954): EXCEL' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/13/2012 07:35:23 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.

Error: (02/13/2012 03:04:48 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Security Update for Office 2003 (KB2584052): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/13/2012 03:04:39 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.

Error: (02/13/2012 03:04:06 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB2539581): RICHED20' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (02/13/2012 11:15:13 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/13/2012 11:14:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
intelppm
PCTSD
SASDIFSV
SASKUTIL

Error: (02/13/2012 11:12:04 AM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (02/13/2012 11:12:02 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.

Error: (02/13/2012 11:08:53 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (02/13/2012 11:08:53 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (02/13/2012 11:07:21 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (02/13/2012 11:01:28 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the sdCoreService service.

Error: (02/13/2012 07:38:30 AM) (Source: Service Control Manager) (User: )
Description: The Apache2.2 service terminated with service-specific error 1 (0x1).

Error: (02/13/2012 07:38:14 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2003 (KB2584052).


Microsoft Office Sessions:
=========================
Error: (02/13/2012 11:04:57 AM) (Source: Application Error)(User: )
Description: jusched.exe2.0.6.1user32.dll5.1.2600.5512000187f1

Error: (02/13/2012 07:38:14 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2584052): MSO1603(NULL)

Error: (02/13/2012 07:38:04 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.(NULL)(NULL)(NULL)

Error: (02/13/2012 07:37:23 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Update for Office 2003 (KB2539581): RICHED201603(NULL)

Error: (02/13/2012 07:36:42 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.(NULL)(NULL)(NULL)

Error: (02/13/2012 07:36:06 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Security Update for Excel 2003 (KB2596954): EXCEL1603(NULL)

Error: (02/13/2012 07:35:23 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.(NULL)(NULL)(NULL)

Error: (02/13/2012 03:04:48 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Security Update for Office 2003 (KB2584052): MSO1603(NULL)

Error: (02/13/2012 03:04:39 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1402. Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient permissions to access the registry or contact your Information Technology department for assistance.(NULL)(NULL)(NULL)

Error: (02/13/2012 03:04:06 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft Office Professional Edition 2003Update for Office 2003 (KB2539581): RICHED201603(NULL)


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Avery Wizard 3.1 (Version: 3.1.5)
AVG 2011 (Version: 10.0.1424)
AVG 2011 (Version: 10.0.2112)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.15)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
dj_sf_software_req (Version: 90.0.235.000)
ESET Online Scanner v3
Free Audio CD Burner version 1.4.7
Free DVD Video Burner version 3.0.1
Free DVD Video Converter version 1.5.12
Free YouTube to MP3 Converter version 3.10.5.722
GIMP 2.6.11 (Version: 2.6.11)
Google Gmail Notifier
Google Talk Plugin (Version: 2.6.1.5251)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2427.2330)
Google Update Helper (Version: 1.3.21.99)
GoToMeeting 4.5.0.457
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.0.44.0 (Version: 13.0.44.0)
iTunes (Version: 10.5.3.3)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Mozilla Firefox 10.0.1 (x86 en-US) (Version: 10.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Musicnotes Software Suite 1.5.5 (Version: 1.5.5)
Paint.NET v3.5.7 (Version: 3.57.0)
Palm (Version: 4.1.0420)
Plus! Image (Version: 1.0.1.102)
PowerDVD
QuickBooks (Version: 19.0.4013.705)
QuickBooks Pro 2009 (Version: 19.0.4013.705)
QuickTime (Version: 7.71.80.42)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor (Version: 8.0)
SUPERAntiSpyware (Version: 5.0.1142)
SupportSoft Assisted Service (Version: 15)
Toolbox (Version: 90.0.146.000)
Uninstall 1.0.0.1
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinX Free DVD Ripper 4.5.12
XAMPP 1.7.4

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1013.89 MB
Available physical RAM: 444.89 MB
Total Pagefile: 2443.18 MB
Available Pagefile: 1913.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:197.96 GB) NTFS

========================= Users: ========================================

User accounts for \\PAUL-C5D256C778

Administrator Guest HelpAssistant
Paul SUPPORT_388945a0


**** End of log ****



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 11:47:01
-----------------------------
11:47:01.781 OS Version: Windows 5.1.2600 Service Pack 3
11:47:01.781 Number of processors: 2 586 0x604
11:47:01.781 ComputerName: PAUL-C5D256C778 UserName: Paul
11:47:02.312 Initialize success
11:49:56.203 AVAST engine defs: 12021301
11:50:38.640 The log file has been saved successfully to "C:\Documents and Settings\Paul\Desktop\aswMBR.txt"

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 PM

Posted 13 February 2012 - 08:39 PM

Hello can you post what SUPER keeps findinh?

Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users