Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what else to do to fix my problems


  • Please log in to reply
12 replies to this topic

#1 dholler09

dholler09

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 29 May 2012 - 11:20 AM

I know this forum probably sees a lot of these, but I really have no clue what is going on or where to start fixing it beyond what I've tried. Here's what has been happening lately with my computer.

I hear the windows chimes go off when I have nothing running.

When clicking on a website link off google, I get redirected to other sites. The seem to be fairly harmless, just not the destination I was looking for, ie wikipedia, youtube. I was doing a search on how to fix it and that is how I found this place.

After browsing for a while or working on anything, the computer starts to get slower, and freezes up. It sometimes will take clicking on a window for a program a few times before it comes up, like things are getting to bogged down by something.

Rarely, I have a window or two that flash on the screen, but I haven't clicked on anything.

Sometimes my sound goes out and won't play anything. I get a WaveOut error when playing an mp3.

I've noticed when looking at the task manager when things are getting slow, that an svchost.exe is taking over 1,000,000 (kb?) in the processes.

=========================================================================== ====
What I did thus far to fix the issue was to defrag, cleanup, I've updated and ran AVG, MalwareBytes, Glary Register Repair, Spybot Search and Destroy, and this new rkill.exe program that I heard would help. It did, but the problems seem to keep coming back. I've restarted a number of times, but like I said things seem to keep on happening.

What sort of things do you need to know, or should I do in order to figure out what the problem is, and then fix this? Are there better programs than AVG to prevent this?

Incidentally, the person who set this computer up also has ZoneAlarm running.

This computer isn't my home computer, so I'm not always around it. I'm a relative newbie, so I'll try to get any information that is necessary as long as someone tells me how to do it.

THANKS!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 29 May 2012 - 07:01 PM

Hello, lets get some sytem info...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


and this new rkill.exe program

did you run this before MalwareBytes?

This tool simply does the following:
1.Terminates approximately 320+ known rogue processes

2.Deletes some of the more annoying protection processes commonly being used today:

•c:\Windows\svchast


•c:\Windows\svchasts


•c:\Windows\svohost


•C:\program files\Windows Police Pro\Windows Police Pro.exe


3.Uses the reg command to fix the following policy restrictions:

•Disable TaskManager


•Disable Regedit


•Disable Run menu option in the Startup Menu

Im other words it stops these so a tool as MBAm can remove them. If you reboot before running the next tool the malware are released from RKill and are not cleaned.


So rerun RKILL

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 01 June 2012 - 08:49 PM

When I get back home in a few weeks, I'll try this out! Thanks for the reply, it's much appreciated!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 01 June 2012 - 09:30 PM

No problem/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 22 June 2012 - 05:57 PM

I do believe I ran Rkill and than Malwarebytes in that order and directly following one another. Here's the list that came from that program:
MiniToolBox by Farbar Version: 09-06-2012
Ran by cschiff (administrator) on 22-06-2012 at 17:53:50
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : CoonieBear

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC

Physical Address. . . . . . . . . : 00-24-E8-23-19-29

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 5:46:34 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

Server: router.belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.225.3, 74.125.225.8, 74.125.225.7, 74.125.225.5
74.125.225.9, 74.125.225.1, 74.125.225.6, 74.125.225.0, 74.125.225.2
74.125.225.14, 74.125.225.4



Pinging google.com [74.125.225.3] with 32 bytes of data:



Reply from 74.125.225.3: bytes=32 time=34ms TTL=53

Reply from 74.125.225.3: bytes=32 time=32ms TTL=53



Ping statistics for 74.125.225.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 34ms, Average = 33ms

Server: router.belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=187ms TTL=48

Reply from 72.30.38.140: bytes=32 time=109ms TTL=48



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 187ms, Average = 148ms

Server: router.belkin
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 e8 23 19 29 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.2 192.168.2.2 20
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 05:46:53 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 12.0.0.4493, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Not enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Not enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Not enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Not enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: Not enough storage is available to process this command.


System errors:
=============
Error: (06/22/2012 05:46:32 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0024E8231929. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (06/22/2012 05:42:20 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (06/22/2012 04:59:18 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 04:58:18 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 01:59:18 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 01:58:18 PM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 01:30:19 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (06/22/2012 11:58:18 AM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 10:29:18 AM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.

Error: (06/22/2012 09:13:18 AM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits. The data is the error.


Microsoft Office Sessions:
=========================
Error: (05/28/2012 05:46:53 PM) (Source: Application Hang)(User: )
Description: firefox.exe12.0.0.4493hungapp0.0.0.000000000

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabNot enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabNot enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabNot enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabNot enough storage is available to complete this operation.

Error: (05/28/2012 04:46:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtNot enough storage is available to process this command.


=========================== Installed Programs ============================


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3070.91 MB
Available physical RAM: 1535.79 MB
Total Pagefile: 4955.79 MB
Available Pagefile: 3429 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.44 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:465.72 GB) (Free:404.1 GB) NTFS

========================= Users: ========================================

User accounts for \\COONIEBEAR

Administrator cschiff Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 22 June 2012 - 08:10 PM

Ok, aftee you post the other logs it appears Minitoolbox skipped this
•List Installed Programs

You can rerun it with only that checked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 23 June 2012 - 12:15 AM

Sorry about that. Here's what came up:

MiniToolBox by Farbar Version: 09-06-2012
Ran by cschiff (administrator) on 23-06-2012 at 00:15:06
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.8.4990)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign 1.5 (Version: 1.5)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9 (Version: 9.0.0)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 1.2.2735.37383)
ATI Display Driver (Version: 8.493-080512a-064246C-Dell)
AVG Free 8.5
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.2)
Bonjour (Version: 3.0.0.10)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
CameraHelperMsi (Version: 13.31.1038.0)
CCleaner (Version: 2.32)
Choice Guard (Version: 1.2.87.0)
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Backup and Recovery Manager (Version: 1.0.0)
Dell Support Center (Version: 2.1.08060)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diagnostics Utility (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
erLT (Version: 1.20.138.34)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
Glary Registry Repair 3.3.0.852
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J4500 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 100.0.170.000)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.1.42)
J4500 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 14.0.8050.1202)
KODAK Share Button App (Version: 4.00.0000.0000)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
Musicmatch® Jukebox (Version: 9.00.5067)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
OpenOffice.org 3.1 (Version: 3.1.9399)
PowerDVD DX (Version: 8.2.5024)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.52.7)
Scan (Version: 10.1.0.0)
Segoe UI (Version: 14.0.4327.805)
Shop for HP Supplies (Version: 10.0)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.9 (Version: 5.9.115)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 110.0.180.000)
Sun Clock 6.5 (Version: 6.5)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 110.0.180.000)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Video Mover
VideoToolkit01 (Version: 100.0.128.000)
Wacom Tablet Driver
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Format Runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Toolbar

**** End of log ****

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 23 June 2012 - 09:12 AM

May I see the MBAM and TDSS logs,please.
Also are you still being redirected?

Edited by boopme, 23 June 2012 - 09:13 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 23 June 2012 - 03:04 PM

I haven't noticed it since I've been back at this computer. I ran the TDSS Killer thing and it came up with one problem which I hit cure on. It closed my window down, so I don't have the name of it any more.

The Rkill didn't find anything:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/23/2012 at 12:52:02.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 06/23/2012 at 12:52:14.

The Malware bytes found just one item. Rootkit.Agent.gen in TDSSKiller_Quarantine\23.03.2012_12.16.58\mbr0000\tdlfs0000\tsk0003.dta

Should I remove that selected file?

#10 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 23 June 2012 - 06:19 PM

I have still been getting directed to different sites rather than the ones I've been picking on google throughout the day today.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 23 June 2012 - 07:58 PM

OK then we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 dholler09

dholler09
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 14 July 2012 - 10:31 AM

OK then we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.



I used the Defogger, and I still have the Disable/ReEnable screen up, should I leave that up?

Also, the actual DDs program asks me to post the logs here....but I think you are asking me to do in in the other area? I just want to make sure I post it to the correct place.

Also, I tried doing the GMER thing and it did't work...I got this error LocalDriver Error0xC00000022: Cannot creat a stable subkey under a volatile parent key. When I hit ok, the program does come up. Should I continue working with that?

Edited by dholler09, 14 July 2012 - 10:36 AM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:19 AM

Posted 14 July 2012 - 04:41 PM

Yes keep it disabled now and post i the new topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users