Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help!


  • Please log in to reply
29 replies to this topic

#1 mkat

mkat

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 28 February 2012 - 02:36 PM

I am a new member and confess that things have been done a bit backwards to your suggestions. I have been alerted by my cable company that one or more of my computers was infected with the Alureon bot. I did everything they suggested to no avail. In desperation I asked my nephew who is an engineer working for a large aeronautic engineering company, knows his way around computers, etc. for some help. He suggested that I run combofix - so I did among other scans. Somehow I didn't see your website that also gave some instructions and he didn't include any either, so I thought it was simply a scanner tool. Nothing seemed to work so one of my computers I did a complete clean re-install. It seemed to be ok, but I truly have no way of knowing. I have done many scans on this computer as well and it always comes up clean but this morning I recieved another email and super-imposed notice on the web stating that there has been suspicious acitiviy, etc. Thus I decided to run the combo fix again - then saw your instructions :-( Oops - thus, I have done things a bit backwards. I ran it on both computers and did save the log in my documents to send to you if you are still able to help me. Because of this and the age of the computer I have been using I have purchased a new one, but dont even want to hook it up to my network modem or router until i fully understand what I am dealing with and figure out if I have gotten rid of it, can it be stored in my router and infect my new computer... As you can tell - I'm pretty much a novice when it comes to computers. What I do know I have learned through trial and error or off the internet simply trying to keep my systems clean and keep ahead of my kids. If there is any way you can help me I will be eternally grateful to you! Thank you.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 29 February 2012 - 04:32 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 March 2012 - 12:18 PM

Forgive the late response! I just saw it today - for some reason I didnot get an email notification.

I tried to produce a log from my pc (I also have a laptop connected as well) and it ran, but no logs poped up. I do, however have logs generated by combofix run on both computers, would they help?

This morning I spent several hours on the phone with comcast security technitians and they are saying that all my activity from yesterday looks ok, however, I really want to make sure that these two computers are clean and that my router settings are correct before I connect a new computer to it.

Thank you for your response, please advise if you want me to attach the combofix logs from each computer.

#4 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 March 2012 - 12:23 PM

Actually, rather than wait, here are the two logs :

combofix log(my kids pc)
laptop combofix log (my computer)

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 02 March 2012 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

We do not provide advice on two computer in the same topic.
It is difficult at time to oversee one computer you can imagine that the difficulties increases with 2.

I will deal here with your laptop ComboFix log (my computer)

What other tools did you run and were unable to get a log.
===

Your ComboFix log is clean.

Lets first reset you router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the log and let me know what issues you are having with this computer.
===


For your son's computer please start a new topic in this forum.
Post a fresh ComboFix log and when completed post in this topic link/URL for my review.
You can also run and post the log for the SecurityCheck.
I will expedite the matter.
===

#6 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 March 2012 - 12:17 PM

Thank you for your help. I'm glad to hear that the combofix log is clean and I certainly understand about the confusion of two computers.

I have already re-set my router as well as the dns settings on both computers. I am running the security check for this laptop and will post the log below. The only thing I am noticing is that through my content filter (bsecure or cloud care) I'm noticing that every once in a while a notice pops up stating that the website is blocked because of a third party firewall or my internet connection is lost - which it is not. Sometimes the address listed is a google address or double click. I am just wanting to confirm that I have completely gotten rid of any virus, trojan, malware that might still be lingering on this computer. I plan to give it to my oldest as soon as my new computer arrives.

"For your son's computer please start a new topic in this forum.
Post a fresh ComboFix log and when completed post in this topic link/URL for my review.
You can also run and post the log for the SecurityCheck.
I will expedite the matter."

Here is the link to the new topic I started: http://www.bleepingcomputer.com/forums/topic444926.html

Thank you and have a nice day.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 03 March 2012 - 01:28 PM

Your security check log is clean.

I am noticing is that through my content filter (bsecure or cloud care) I'm noticing that every once in a while a notice pops up stating that the website is blocked because of a third party firewall or my internet connection is lost


Could it be that the problem is cause while bsecure/cloud care and that AVAST are both working simultaneously?


AVG Technologies Acquires Bsecure Technologies
http://www.darkreading.com/smb-security/167901073/security/news/232300037/avg-technologies-acquires-bsecure-technologies.html

It's not recommended that two virus protection programs be active simultaneously.

Can you disable AVAST and find out if the problem persists or not.

===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

Posted Image

===

#8 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 March 2012 - 08:09 PM

Could it be that the problem is cause while bsecure/cloud care and that AVAST are both working simultaneously?


AVG Technologies Acquires Bsecure Technologies
http://www.darkreading.com/smb-security/167901073/security/news/232300037/avg-technologies-acquires-bsecure-technologies.html

It's not recommended that two virus protection programs be active simultaneously.

Can you disable AVAST and find out if the problem persists or not.

Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mary at 20:04:14 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2007.1041 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bsecure\InetCtrl.exe
C:\Program Files\Bsecure\BsecAV.exe
C:\Program Files\Bsecure\BSecAMX.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Bsecure\BsecTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [CloudCare] c:\program files\bsecure\BsecTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330131478531
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C76B7AB-B06A-4D84-90FF-FF582080C1BE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-2-25 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-2-25 196440]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-2-25 112984]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-25 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-25 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-25 337112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-25 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-25 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-2-25 131288]
R2 Bsecure;CloudCare;c:\program files\bsecure\InetCtrl.exe [2012-2-26 66344]
R2 BsecureAV;CloudCare AntiVirus;c:\program files\bsecure\BsecAV.exe [2012-2-26 161776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-25 652360]
R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2012-2-24 1464856]
R3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [2012-2-26 21624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-25 20464]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-2-24 6607744]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2012-2-24 49152]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
.
=============== Created Last 30 ================
.
2012-03-04 00:52:19 -------- d--h--w- c:\windows\PIF
2012-03-01 18:19:42 -------- d-----w- c:\documents and settings\mary\.cmmfs
2012-03-01 18:01:58 -------- d-----w- c:\documents and settings\all users\CMMFS
2012-03-01 18:01:57 -------- d-----w- c:\program files\CMMFS 2007
2012-02-28 19:40:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-28 15:28:15 -------- d-sha-r- C:\cmdcons
2012-02-28 15:26:50 98816 ----a-w- c:\windows\sed.exe
2012-02-28 15:26:50 518144 ----a-w- c:\windows\SWREG.exe
2012-02-28 15:26:50 256000 ----a-w- c:\windows\PEV.exe
2012-02-28 15:26:50 208896 ----a-w- c:\windows\MBR.exe
2012-02-27 03:03:08 -------- d-----w- c:\program files\common files\Windows Microsoft Shared
2012-02-27 03:03:07 49088 ----a-w- c:\windows\system32\drivers\BsecFltr.sys
2012-02-27 03:03:07 21624 ----a-w- c:\windows\system32\drivers\BSecACFltr.sys
2012-02-27 03:03:06 -------- d-----w- c:\program files\Bsecure
2012-02-26 00:34:47 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-02-26 00:34:18 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-02-26 00:34:17 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-02-26 00:33:53 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-02-25 23:31:50 -------- d-----w- c:\documents and settings\mary\local settings\application data\Google
2012-02-25 23:31:43 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-25 23:31:03 41184 ----a-w- c:\windows\avastSS.scr
2012-02-25 23:30:35 -------- d-----w- c:\program files\AVAST Software
2012-02-25 23:30:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-02-25 23:07:08 -------- d-----w- c:\documents and settings\mary\application data\SUPERAntiSpyware.com
2012-02-25 23:06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-25 23:06:39 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-25 23:05:29 -------- d-----w- c:\documents and settings\mary\application data\Malwarebytes
2012-02-25 23:05:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 23:05:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-25 23:05:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-25 23:02:00 82171 ----a-w- c:\documents and settings\all users\application data\1330210757.bdinstall.bin
2012-02-25 22:01:10 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-02-25 21:37:50 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-02-25 21:37:28 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-25 21:37:13 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-25 21:36:57 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-25 21:36:57 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-25 21:36:57 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-25 21:36:57 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-25 21:36:57 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-25 21:36:57 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-25 21:36:57 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-25 21:36:57 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-25 21:36:57 -------- d-----w- C:\a9d3da39c8b046bf6274
2012-02-25 21:34:10 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-02-25 21:09:07 -------- d-----w- c:\windows\system32\appmgmt
2012-02-25 21:09:06 -------- d-----w- c:\documents and settings\all users\application data\Vodafone
2012-02-25 17:25:45 -------- d-sh--w- c:\documents and settings\mary\IECompatCache
2012-02-25 17:08:37 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2012-02-25 17:08:28 1415 ----a-w- c:\documents and settings\all users\application data\1330179394.3740.bin
2012-02-25 17:08:12 66057 ----a-w- c:\documents and settings\all users\application data\1330179394.3948.bin
2012-02-25 17:08:11 -------- d-----w- c:\program files\Bitdefender
2012-02-25 16:59:17 -------- d-sh--w- c:\documents and settings\mary\PrivacIE
2012-02-25 16:58:03 -------- d-----w- C:\sh4ldr
2012-02-25 16:58:03 -------- d-----w- c:\program files\Enigma Software Group
2012-02-25 16:57:49 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-25 16:57:45 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-02-25 14:21:06 -------- d-----w- c:\documents and settings\mary\application data\QuickScan
2012-02-25 14:15:14 -------- d-----w- c:\program files\common files\Bitdefender
2012-02-25 14:09:52 -------- d-sh--w- c:\documents and settings\mary\IETldCache
2012-02-25 05:57:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-25 05:57:12 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-02-25 05:41:29 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-25 05:41:15 -------- d-----w- c:\windows\ie8updates
2012-02-25 05:41:10 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-25 05:41:10 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-25 05:41:10 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-25 05:41:10 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-25 05:41:10 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-25 05:41:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-25 05:41:10 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-25 05:40:48 -------- dc-h--w- c:\windows\ie8
2012-02-25 05:22:11 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-02-25 05:21:50 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
2012-02-25 05:21:50 81920 ------w- c:\windows\system32\ieencode.dll
2012-02-25 05:18:49 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-02-25 05:18:40 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-25 05:17:20 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-02-25 05:17:20 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-25 05:16:10 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-25 05:15:19 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-25 05:15:09 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-02-25 05:15:09 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-02-25 05:15:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-02-25 05:14:56 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-02-25 05:13:22 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-02-25 05:12:19 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-25 04:45:58 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-02-25 04:45:58 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-02-25 04:45:58 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-02-25 04:45:58 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-02-25 04:45:58 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-02-25 04:45:58 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-02-25 04:45:58 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-02-25 04:45:58 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-02-25 04:45:58 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-02-25 04:45:57 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-02-25 04:45:57 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-02-25 04:45:56 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-25 04:44:45 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-02-25 04:43:59 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-02-25 04:43:51 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-02-25 04:38:57 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-02-25 04:37:26 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-02-25 04:36:19 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-02-25 04:35:43 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-02-25 04:35:42 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-02-25 04:35:24 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-25 04:35:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-25 04:35:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-25 04:34:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-25 04:34:39 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-02-25 04:31:30 -------- d-----w- c:\windows\system32\PreInstall
2012-02-25 04:25:42 -------- d-----w- c:\documents and settings\mary\application data\ElevatedDiagnostics
2012-02-25 02:01:24 -------- d-----w- c:\windows\ServicePackFiles
2012-02-25 02:01:16 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-02-25 02:01:15 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-02-25 01:59:10 19569 ----a-w- c:\windows\002978_.tmp
2012-02-25 01:06:37 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-02-25 01:06:37 6607744 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-02-25 01:06:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-02-25 00:54:41 -------- d-sh--w- c:\documents and settings\mary\UserData
2012-02-25 00:51:49 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-02-25 00:38:58 12288 ------w- c:\windows\HPNICVersion.dll
2012-02-25 00:38:53 101376 ----a-w- c:\windows\system32\drivers\v1e5132.sys
2012-02-25 00:38:46 66424 ----a-w- c:\windows\system32\NicEtCoE.dll
2012-02-25 00:38:46 28536 ----a-w- c:\windows\system32\NicCo.dll
2012-02-25 00:05:15 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2012-02-25 00:05:15 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2012-02-25 00:05:15 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2012-02-25 00:04:31 -------- d-----w- c:\windows\Downloaded Installations
2012-02-25 00:04:31 -------- d-----w- c:\program files\HPQ
2012-02-25 00:01:31 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-02-24 22:57:02 -------- d-----w- c:\program files\hp deskjet 950c series
2012-02-24 22:54:46 -------- d-----w- c:\program files\Broadcom
2012-02-24 22:44:53 -------- d-----w- c:\documents and settings\mary\application data\Vodafone
2012-02-24 22:40:47 -------- d-----w- c:\program files\ATI Technologies
2012-02-24 22:40:35 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-02-24 22:40:35 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-02-24 22:40:35 221184 ----a-w- c:\program files\common files\installshield\iscript\IScript.dll
2012-02-24 22:40:35 217088 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-02-24 22:40:35 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-02-24 22:38:33 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-02-24 22:38:31 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-02-24 22:38:25 -------- d-----w- c:\program files\Synaptics
2012-02-24 22:38:21 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2012-02-24 22:38:21 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-02-24 22:38:21 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-02-24 22:38:21 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-02-24 22:38:20 173352 ----a-w- c:\windows\system32\SynCOM.dll
2012-02-24 22:38:20 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-02-24 22:33:07 -------- d-----w- c:\documents and settings\mary\application data\Intel
2012-02-24 22:30:36 154496 ----a-w- c:\windows\system32\Prounstl.exe
2012-02-24 22:30:31 62840 ----a-w- c:\windows\system32\NicInstE.dll
2012-02-24 22:30:31 28272 ----a-w- c:\windows\system32\NicCo2.dll
2012-02-24 22:30:31 250776 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2012-02-24 22:30:31 179048 ----a-w- c:\windows\system32\e1000msg.dll
2012-02-24 22:29:59 49152 ----a-w- c:\windows\system32\drivers\rismc32.sys
2012-02-24 22:29:56 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-02-24 22:29:54 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll
2012-02-24 22:29:46 920088 ----a-w- c:\windows\system32\mesoludlg.exe
2012-02-24 22:29:46 -------- d-----w- c:\program files\common files\postureAgent
2012-02-24 22:29:19 -------- d-----w- c:\program files\common files\Intel
2012-02-24 22:29:13 920088 ----a-w- c:\windows\system32\heciudlg.exe
2012-02-24 22:29:13 45056 ----a-w- c:\windows\system32\drivers\HECI.sys
2012-02-24 22:28:43 151552 ----a-w- c:\windows\system32\igfxCoIn_v5043.dll
2012-02-24 22:28:43 1498560 ----a-w- c:\windows\system32\igkrng400.bin
2012-02-24 22:24:33 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-02-24 22:21:24 -------- d-----w- c:\windows\RegisteredPackages
2012-02-24 22:21:21 -------- d-----w- c:\program files\Vodafone
2012-02-24 22:20:34 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-02-24 22:19:57 32356 ------w- c:\windows\system32\pusbfd1.sys
2012-02-24 22:19:57 26629 ------w- c:\windows\system32\pusbfd2.vxd
2012-02-24 22:16:37 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-02-24 22:16:37 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-02-24 22:16:37 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-02-24 22:16:37 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-02-24 22:16:36 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-02-24 22:16:36 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-02-24 22:16:36 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-02-24 22:16:36 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-02-24 22:15:49 -------- d-----w- C:\SWSetup
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20:08:19.34 ===============



It isn't virus protection, it is a content filter that blocks inappropriate websites, etc. I will call and check into it, but don't think it is that?

#9 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 March 2012 - 08:11 PM

Again, I thank you for all your help. Mary

Here is the Attach.txt log you also requested:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2012 3:31:22 PM
System Uptime: 3/3/2012 2:04:00 PM (6 hours ago)
.
Motherboard: Hewlett-Packard | | 30BE
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | U10 | 778/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 57.77 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 901.988 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: HP Integrated Module
Device ID: USB\VID_03F0&PID_171D\5&5E82F8&0&1
Manufacturer:
Name: HP Integrated Module
PNP Device ID: USB\VID_03F0&PID_171D\5&5E82F8&0&1
Service:
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_103C1379&REV_1000\4&1057CC6A&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_103C1379&REV_1000\4&1057CC6A&0&0102
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Fingerprint Sensor
Device ID: USB\VID_08FF&PID_2580\5&496CF89&0&2
Manufacturer:
Name: Fingerprint Sensor
PNP Device ID: USB\VID_08FF&PID_2580\5&496CF89&0&2
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0004\3&B1BFB68&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0004\3&B1BFB68&0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
Service:
.
==== System Restore Points ===================
.
RP1: 2/24/2012 3:37:32 PM - System Checkpoint
RP2: 2/24/2012 3:44:18 PM - Installed Microsoft Office Enterprise 2007
RP3: 2/24/2012 3:50:28 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP4: 2/24/2012 5:19:10 PM - Installed Windows XP KB885855.
RP5: 2/24/2012 5:19:21 PM - Installed Windows XP KB888239.
RP6: 2/24/2012 5:19:29 PM - Installed Windows XP KB892559.
RP7: 2/24/2012 5:19:35 PM - Installed Windows XP KB896256.
RP8: 2/24/2012 5:19:43 PM - Installed Windows XP KB909095.
RP9: 2/24/2012 5:19:50 PM - Installed Windows XP KB912436.
RP10: 2/24/2012 5:19:55 PM - Installed Windows XP KB918005.
RP11: 2/24/2012 5:20:02 PM - Installed Windows XP KB883667.
RP12: 2/24/2012 5:20:08 PM - Installed Windows XP KB885464.
RP13: 2/24/2012 5:20:14 PM - Installed Windows XP KB888402.
RP14: 2/24/2012 5:20:20 PM - Installed Windows XP KB889673.
RP15: 2/24/2012 5:20:27 PM - Installed Windows XP KB914642.
RP16: 2/24/2012 5:20:32 PM - Installed Windows XP KB915326.
RP17: 2/24/2012 5:21:14 PM - Installed Windows Installer KB893803v2.
RP18: 2/24/2012 5:29:54 PM - Installed RICOH Media Driver ver.2.10.00.04
RP19: 2/24/2012 5:38:33 PM - Installed Windows XP Wdf01009.
RP20: 2/24/2012 5:41:03 PM - Installed Windows Installer KB893803v2.
RP21: 2/24/2012 7:01:00 PM - Installed HP Wireless Assistant
RP22: 2/24/2012 7:03:26 PM - Removed HP Wireless Assistant
RP23: 2/24/2012 7:03:28 PM - Installed HP Wireless Assistant
RP24: 2/24/2012 7:04:10 PM - Installed Embedded Security for HP ProtectTools Driver.
RP25: 2/24/2012 7:38:50 PM - Installed Combined NIC Driver Installer
RP26: 2/24/2012 8:05:06 PM - Removed Intel® PROSet/Wireless WiFi Software.
RP27: 2/24/2012 8:59:16 PM - Installed Windows XP Service Pack 3.
RP28: 2/24/2012 11:24:34 PM - Installed %1 %2.
RP29: 2/24/2012 11:31:27 PM - Software Distribution Service 3.0
RP30: 2/24/2012 11:38:12 PM - Software Distribution Service 3.0
RP31: 2/25/2012 12:22:18 AM - Software Distribution Service 3.0
RP32: 2/25/2012 9:00:44 AM - Software Distribution Service 3.0
RP33: 2/25/2012 9:10:53 AM - Software Distribution Service 3.0
RP34: 2/25/2012 9:12:15 AM - Installed Windows XP WgaNotify.
RP35: 2/25/2012 11:58:03 AM - Installed SpyHunter
RP36: 2/25/2012 4:07:24 PM - Software Distribution Service 3.0
RP37: 2/25/2012 4:25:44 PM - Software Distribution Service 3.0
RP38: 2/25/2012 4:33:10 PM - Software Distribution Service 3.0
RP39: 2/25/2012 5:01:09 PM - Printer Driver Microsoft XPS Document Writer Installed
RP40: 2/25/2012 6:02:26 PM - Removed SpyHunter
RP41: 2/25/2012 6:30:35 PM - avast! Free Antivirus Setup
RP42: 2/26/2012 2:13:49 PM - Software Distribution Service 3.0
RP43: 2/26/2012 10:27:45 PM - Software Distribution Service 3.0
RP44: 2/29/2012 4:33:18 PM - System Checkpoint
RP45: 3/1/2012 3:09:36 PM - Software Distribution Service 3.0
RP46: 3/3/2012 12:35:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
avast! Internet Security
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
CloudCare
Crown Money Map™ Financial Software 2007
Embedded Security for HP ProtectTools Driver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Broadband Wireless Modules
hp deskjet 950c series (Remove only)
HP Wireless Assistant
Intel PROSet Wireless
Intel® Active Management Technology Device Software
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RICOH Media Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows PowerShell™ 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
2/25/2012 9:01:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2510531).
2/25/2012 9:01:04 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Internet Explorer 8 for Windows XP (KB2544521).
2/25/2012 4:09:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Office File Validation 2010 (KB2553065), 32-bit Edition.
2/25/2012 12:18:07 PM, error: Service Control Manager [7016] - The BitDefender Virus Shield service has reported an invalid current state 14.
2/25/2012 12:09:29 PM, error: Service Control Manager [7000] - The bdsandbox service failed to start due to the following error: The specified procedure could not be found.
.
==== End Of File ===========================

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 04 March 2012 - 10:37 AM

It isn't virus protection, it is a content filter that blocks inappropriate websites,


Try this.

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

if that does not solve the problem;

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Do you use Firefox and installed this type of addon?
https://addons.mozilla.org/en-US/firefox/addon/foxfilter/

If still no joy please give me an example of where you are trying to go and the error message is any.

#11 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 March 2012 - 08:12 AM

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

Do you use Firefox and installed this type of addon?
https://addons.mozilla.org/en-US/firefox/addon/foxfilter/

If still no joy please give me an example of where you are trying to go and the error message is any.



To begin - the above does not apply - I do not have any of this installed. I am currently doing the other tasks and will repost when done. Thank you

Edited by nasdaq, 05 March 2012 - 10:25 AM.


#12 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 March 2012 - 08:40 AM

I'm not sure if the tasks you suggested work, but in time I'm sure I'll find out. Basically I wanted to make sure that there wasn't any change to the registry or MBR from this alureon virus and to make sure that it was completely gone.

Everything seems to be working ok, but what I have been noticing (before I completed the suggested tasks) was that every once in a while - like this morning when I clicked the link on yahoo to get to this site) - I get a block site notice from bsecure because of a 'third party firewall or network connection is lost" Not sure why? I click the back button and re-clicked the link and it went directly to your site but then I got another smaller window that google is blocked giving me the option to override. What is strange to me about this particular box is that I deleted and did not re0install any google search engine, add-ons or chrome as I was reading that the alureon came off links from their search engine, so what is causing my computer to seek out google? This is how the virus began revealing itself in the beginning.

In regards to the thirdparty firewall, the only programs I have running are Malwarebytes and Avast, which I'm told are ok to run together. Cloudcare - or bsecure content filter which does not include a virus protection or security suite - I just blocks catagories we choose such as proxy servers, porn, etc.

also, I was given the website dns-ok.us to check to make sure that my modem isn't going to 'rogue' servers, everytime I have checked I get a green light.

I hope all this makes sense to you. Thank you

#13 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 March 2012 - 10:06 AM

I have just recieved several of these notices from malware bytes that it is blocking a malicious outgoing site: here is the log. What does it mean?

2012/03/05 07:52:46 -0500 COOK-85C3B29002 Mary MESSAGE Starting database refresh
2012/03/05 07:52:46 -0500 COOK-85C3B29002 Mary MESSAGE Stopping IP protection
2012/03/05 07:52:46 -0500 COOK-85C3B29002 Mary MESSAGE IP Protection stopped
2012/03/05 07:52:51 -0500 COOK-85C3B29002 Mary MESSAGE Database refreshed successfully
2012/03/05 07:52:51 -0500 COOK-85C3B29002 Mary MESSAGE Starting IP protection
2012/03/05 07:52:55 -0500 COOK-85C3B29002 Mary MESSAGE IP Protection started successfully
2012/03/05 10:01:32 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:01:35 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:01:41 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:01:53 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:02:17 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:03:05 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:03:34 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:03:37 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:03:43 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:03:55 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/03/05 10:04:19 -0500 COOK-85C3B29002 Mary IP-BLOCK 208.73.210.29 (Type: outgoing)

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 05 March 2012 - 10:33 AM

Let see what this scan will show/remove.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#15 mkat

mkat
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 05 March 2012 - 11:14 AM

I tried to run the ESET online - didn't do anyting at first, tried again, got an activeX warning, approved, then got an install window, clicked install, now nothing...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users