Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware.agent


  • Please log in to reply
5 replies to this topic

#1 somae

somae

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 12 April 2012 - 05:28 PM

Mbam found adware.agent on our computer during a full scan. I saw that you were recommending additional steps. We're using windows xp sp3. We have avast antivirus and online armor firewall.

I started suspecting an infection when the computer kept scrolling down the screen without my trying to do it. It only happened at yahoo when I was trying to attach a file to an email.

Thanks.

Edited by somae, 12 April 2012 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 13 April 2012 - 10:43 PM

Hello, did you remove them?

Post that log please.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed




Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 15 April 2012 - 09:30 PM

I don't see a way to add the logs as attachments.

The virus was removed (as I recall) by clicking "remove" (or something like that) in Mbam.

Thanks.

The logs:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: DELL-TOP [administrator]

Protection: Disabled

4/12/2012 8:17:58 AM
mbam-log-2012-04-12 (08-17-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319061
Time elapsed: 1 hour(s), 45 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\soma\Local Settings\Temp\mCJ4n_LH.exe.part (Adware.Agent) -> Quarantined and deleted successfully.

(end)
______________________________________________________

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2012 at 08:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8458
Trace Rules Database Version: 6270

Scan type : Complete Scan
Total Scan Time : 00:57:41

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Limited User

Memory items scanned : 407
Memory threats detected : 0
Registry items scanned : 34904
Registry threats detected : 0
File items scanned : 42088
File threats detected : 45

Adware.Tracking Cookie
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TRTVU6CS ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TRTVU6CS ]
cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
cloudfront.mediamatters.org [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
files.youporn.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
insight.randomhouse.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media-vimg-net.vimg.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.kyte.tv [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcbayarea.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcchicago.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcconnecticut.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcdfw.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbclosangeles.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcmiami.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcnewyork.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcphiladelphia.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.nbcwashington.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media.oprah.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
media6.nfb.ca [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
static.discoverymedia.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
videos.mediaite.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
www.baronsmedia.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\32H8QN2W ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\SOMA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8KFUSVUW.DEFAULT\COOKIES.SQLITE ]

______________________________________________________

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 15-04-2012 at 18:16:59
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14220 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DELL-TOP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : myhome.westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : myhome.westell.com

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-E9-AE-61

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.47

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, April 15, 2012 5:23:36 PM

Lease Expires . . . . . . . . . . : Monday, April 16, 2012 5:23:36 PM

Server: dslrouter
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.37, 173.194.43.34, 173.194.43.39, 173.194.43.40
173.194.43.38, 173.194.43.36, 173.194.43.32, 173.194.43.41, 173.194.43.46
173.194.43.35, 173.194.43.33



Pinging google.com [173.194.43.37] with 32 bytes of data:



Reply from 173.194.43.37: bytes=32 time=27ms TTL=56

Reply from 173.194.43.37: bytes=32 time=25ms TTL=56



Ping statistics for 173.194.43.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 27ms, Average = 26ms

Server: dslrouter
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=124ms TTL=57

Reply from 72.30.38.140: bytes=32 time=106ms TTL=57



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 124ms, Average = 115ms

Server: dslrouter
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 e9 ae 61 ...... Intel® PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.47 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.47 192.168.1.47 20
192.168.1.47 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.47 192.168.1.47 20
224.0.0.0 240.0.0.0 192.168.1.47 192.168.1.47 20
255.255.255.255 255.255.255.255 192.168.1.47 192.168.1.47 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 \Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 \Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 \Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 \Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 \Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 \Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/11/2012 10:13:22 AM) (Source: MsiInstaller) (User: admin)admin
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/11/2012 09:00:22 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.

Error: (04/08/2012 02:20:31 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (04/05/2012 10:56:50 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/05/2012 10:56:50 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/28/2012 09:00:44 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.

Error: (03/14/2012 09:00:22 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.

Error: (03/07/2012 10:00:18 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.

Error: (02/29/2012 10:00:21 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.

Error: (02/22/2012 10:00:51 AM) (Source: NTBackup) (User: )
Description: End Backup of 'C:' 'Warnings or errors were encountered.'


Verify: On

Mode: Append

Type: Inc


Consult the backup report for more details.


System errors:
=============
Error: (04/15/2012 05:24:09 PM) (Source: 0) (User: )
Description:

Error: (04/15/2012 05:19:37 AM) (Source: 0) (User: )
Description:

Error: (04/14/2012 06:24:43 PM) (Source: 0) (User: )
Description:

Error: (04/14/2012 05:05:01 AM) (Source: 0) (User: )
Description:

Error: (04/13/2012 05:15:24 PM) (Source: 0) (User: )
Description:

Error: (04/13/2012 01:09:24 PM) (Source: 0) (User: )
Description:

Error: (04/13/2012 04:56:36 AM) (Source: 0) (User: )
Description:

Error: (04/12/2012 00:26:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
viamraid

Error: (04/12/2012 00:25:47 PM) (Source: 0) (User: )
Description:

Error: (04/11/2012 11:35:23 AM) (Source: 0) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (04/11/2012 10:13:22 AM) (Source: MsiInstaller)(User: admin)admin
Description: Product: Java Auto Updater -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (04/11/2012 09:00:22 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc

Error: (04/08/2012 02:20:31 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (04/05/2012 10:56:50 PM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454hungapp0.0.0.000000000

Error: (04/05/2012 10:56:50 PM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.4454hungapp0.0.0.000000000

Error: (03/28/2012 09:00:44 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc

Error: (03/14/2012 09:00:22 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc

Error: (03/07/2012 10:00:18 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc

Error: (02/29/2012 10:00:21 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc

Error: (02/22/2012 10:00:51 AM) (Source: NTBackup)(User: )
Description: C:Warnings or errors were encountered.OnAppendInc


=========================== Installed Programs ============================

1600 (Version: 47.0.1.000)
1600_Help (Version: 47.1.14.000)
1600Trb (Version: 47.1.14.000)
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Ahead InCD
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
AnswerWorks Runtime
ASTRA32 - Advanced System Information Tool 2.05 (Version: 2.05)
avast! Free Antivirus (Version: 7.0.1426.0)
Avi2Dvd 0.6.4 (Version: 0.6.4)
BufferChm (Version: 45.4.157.000)
CambridgeSoft ChemDraw Plugin Net 12.0 (Version: 12.0)
Copy (Version: 45.4.157.000)
Corel Applications
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
ESET Online Scanner v3
Fax (Version: 47.0.1.000)
Free Easy Burner V 5.1 (Version: 5.1.0.0)
GnuWin32: Gzip-1.3.12-1 (Version: 1.3.12-1)
Haali Media Splitter
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
ImgBurn (Version: 2.5.6.0)
InstantShare (Version: 45.4.157.000)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4363)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
IsoBuster 2.8.5 (Version: 2.8.5)
Java™ 7 Update 3 (Version: 7.0.30)
JavaFX 2.0.3 (Version: 2.0.3)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2003 Web Components (Version: 11.0.5614.0)
Microsoft Office Basic Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mplayer 0.6.9 (Version: 0.6.9)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NirSoft WebVideoCap
Online Armor 5.5 (Version: 5.5)
OpenOffice.org 3.2 (Version: 3.2.9483)
PanoStandAlone (Version: 45.4.157.000)
PDF-Viewer (Version: 2.0.42.9)
Photo Explosion Deluxe (Version: 2.0)
PhotoGallery (Version: 45.4.157.000)
Platform (Version: 1.34)
ProductContext (Version: 47.1.14.000)
QFolder (Version: 1.00.0000)
Quicken 2001 Basic
Readme (Version: 47.0.1.000)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SkinsHP1 (Version: 45.4.157.000)
Smart Defrag 2 (Version: 2.3)
SoundMAX (Version: 5.12.01.5246)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.3 (Version: 4.3.0)
SUPERAntiSpyware (Version: 5.0.1118)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VIA Platform Device Manager (Version: 1.34)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
XML Notepad 2007 (Version: 2.3.0.0)
Xvid 1.2.2 final uninstall (Version: 1.2)
Xvid Video Codec (Version: 1.3.2)
ZeroFootprint Crypt 4.03.05

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 765.98 MB
Available physical RAM: 386.57 MB
Total Pagefile: 1492.48 MB
Available Pagefile: 1196.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.83 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:189.91 GB) (Free:144.67 GB) NTFS
3 Drive d: (InCD) (CDROM) (Total:0.56 GB) (Free:0.54 GB) FS_UDF
4 Drive e: (InCD) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DELL-TOP

admin Administrator ASPNET
Guest HelpAssistant soma


**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 16 April 2012 - 10:00 AM

This looks pretty good.. It's copy/paste not attach in this section.

Lets run a last scan and tell me how it is. Actually I see ESEY on line scanner is installed ..Did you run that yet? If not do that .
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 somae

somae
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 19 April 2012 - 04:25 AM

I ran ESET and it didn't find any problems.

Thanks again.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:44 AM

Posted 19 April 2012 - 11:40 PM

You're welcome!!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users