Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Disabled Windows Firewall


  • Please log in to reply
15 replies to this topic

#1 Tucktayuctuc

Tucktayuctuc

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 09:45 AM

I recently had a virus or maybe several infect my PC. I run Win XP Home edition and my Security center is affected. I cannot get my firewall to work and my Security center is also having issues. I tried to uninstall and re-install with Microsoft Update center to no avail.

I ran a simple program and this is the log file I get with the error messages. Any idea how to fix?

Farbar Service Scanner Version: 09-06-2012
Ran by Owner (administrator) on 16-06-2012 at 10:24:58
Running from "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A2PUJWKH"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

Also, I found another issue with my UAC (Does not exist) I think mine is changed to a third party access point. How would I fix this issue and make sure I have sole access to my UAC?

Edited by hamluis, 16 June 2012 - 10:52 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 11:04 AM

Welcome aboard Posted Image

Let's see if you're fairly clean first.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 01:02 PM

Ok first notepad log
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
COMODO Internet Security
Armored Fist 3 (remove only)
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
SpywareBlaster 4.2
SpywareBlaster 4.2 Out of Date!
Java™ 6 Update 24
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Minitoolbox log:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Owner (administrator) on 16-06-2012 at 12:44:50
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14828 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [SECOND]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : second

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.nh.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.nh.comcast.net.

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-16-EC-35-2B-89

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::216:ecff:fe35:2b89%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Saturday, June 16, 2012 12:26:55 PM

Lease Expires . . . . . . . . . . : Tuesday, June 19, 2012 12:26:55 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-7C-A0-B4-BB-6D-3A

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.nh.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-02

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.2%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.193, 74.125.226.197, 74.125.226.192, 74.125.226.198
74.125.226.195, 74.125.226.196, 74.125.226.200, 74.125.226.206, 74.125.226.199
74.125.226.194, 74.125.226.201



Pinging google.com [74.125.226.193] with 32 bytes of data:



Reply from 74.125.226.193: bytes=32 time=42ms TTL=52

Reply from 74.125.226.193: bytes=32 time=42ms TTL=52



Ping statistics for 74.125.226.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 42ms, Average = 42ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=73ms TTL=47

Reply from 209.191.122.70: bytes=32 time=72ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 72ms, Maximum = 73ms, Average = 72ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 ec 35 2b 89 ...... VIA PCI 10/100Mb Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 06 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"

Catalog5 07 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2012 00:27:42 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/16/2012 11:43:14 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/16/2012 11:43:00 AM) (Source: Bonjour Service) (User: )
Description: 384: ERROR: read_msg errno 10053 (An established connection was aborted by the software in your host machine.)

Error: (06/16/2012 11:43:00 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/16/2012 11:23:59 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/16/2012 11:23:48 AM) (Source: Bonjour Service) (User: )
Description: 384: ERROR: read_msg errno 10053 (An established connection was aborted by the software in your host machine.)

Error: (06/16/2012 11:23:48 AM) (Source: Bonjour Service) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/15/2012 11:25:39 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/14/2012 06:06:33 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/14/2012 11:29:15 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070424morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/15/2009 05:50:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 6Microsoft Office Outlook12.0.6504.500012.0.6215.1000110


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player (Version: 11)
AIM 7
AIM Toolbar
AIMTunes
AOL Instant Messenger
AOL Radio Toolbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Armored Fist 3 (remove only)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Display Driver (Version: 8.231-060221a1-030895C-ATI)
Bonjour (Version: 3.0.0.10)
Calculator Powertoy for Windows XP (Version: 1.00.0001)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 1.0
Canon MP Navigator EX 5.1
Canon MX890 series MP Drivers
Canon MX890 series On-screen Manual
Canon MX890 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Canon Utilities Solution Menu
Comodo Dragon (Version: 19.2.0.0)
COMODO GeekBuddy (Version: 3.3.217083.59)
COMODO Internet Security (Version: 5.10.31649.2253)
Consolas Font Family (Version: 1.00.0000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
Dropbox (Version: 1.4.7)
Genie 3.2
Genie2 Basic 2.0
Genie2 Professional 2.0
GeoPDF Toolbar (Version: 4.00.0078)
GeoPDF Toolbar (Version: 4.00.008)
getPlus® for Adobe (Version: 1.5.2.35)
Google Chrome (Version: 19.0.1084.56)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
iPod for Windows 2005-09-23 (Version: 4.3.0)
iTunes (Version: 10.6.3.25)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 8 (Version: 1.5.0.80)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 13 (Version: 6.0.130)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 14.0.8117.416)
LightScribe 1.4.67.1 (Version: 1.4.67.1)
Logitech Desktop Messenger
Logitech Print Service
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero Suite
OpenOffice.org 2.4 (Version: 2.4.9310)
Pando Media Booster (Version: 2.3.6.0)
Platform (Version: 1.13)
PowerDVD
QuickTime (Version: 7.72.80.56)
QuickTime Alternative 1.75 (Version: 1.75)
Real Alternative 1.50 (Version: 1.50)
Realtek AC'97 Audio
Safari (Version: 5.34.57.2)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Segoe UI (Version: 14.0.4327.805)
Simutronics Game Entry
Skype Click to Call (Version: 6.0.10201)
Skype™ 5.8 (Version: 5.8.158)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SpywareBlaster 4.2 (Version: 4.2.0)
StormFront
Strata 1.0
TeamViewer 6 (Version: 6.0.10462)
Uniblue PixelPerfect
Unit Conversion Tool 5.1
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Platform Device Manager (Version: 1.13)
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP (Version: 1.00.0001)
WebFldrs XP (Version: 9.50.7523)
WhiteSmoke US Toolbar (Version: 6.8.10.0)
Windows Easy Transfer for Windows 7
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Install Manager

========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 1022.42 MB
Available physical RAM: 261.23 MB
Total Pagefile: 2456.38 MB
Available Pagefile: 1689.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.26 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:76.68 GB) (Free:28.16 GB) NTFS

========================= Users: ========================================

User accounts for \\SECOND

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****

MBA LOG:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SECOND [administrator]

Protection: Enabled

6/16/2012 12:56:11 PM
mbam-log-2012-06-16 (12-56-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223583
Time elapsed: 27 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CouponAlert_2pInstaller.Start (PUP.MyWebSearch) -> No action taken.
HKCR\CouponAlert_2pInstaller.Start.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} (Adware.OneToolBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (Rogue.Installer) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Owner\Local Settings\Application Data\{92fd2a9d-4fa1-aed0-da5b-5a29df07d6ed}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{92fd2a9d-4fa1-aed0-da5b-5a29df07d6ed}\n.) Good: (%systemroot%\system32\wbem\wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\Local Settings\Temp\DM\Installer_for_adobe-reader_014202\ExecIwantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 01:09 PM

Some items in your MBAM log are marked "No action taken".
Re-run MBAM, fix all issues and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 02:44 PM

Ok, I ran MAB the second time and had it fix the remaining issues as stated in this 2nd log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SECOND [administrator]

Protection: Enabled

6/16/2012 3:07:19 PM
mbam-log-2012-06-16 (15-07-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223343
Time elapsed: 30 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2pInstaller.Start (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2pInstaller.Start.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 03:47 PM

I still need aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 05:32 PM

I am not sure which log you are refering too. I have copied each log as I have seen and done each task.

#8 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 05:34 PM

2012/06/16 12:55:30 -0400 SECOND Owner MESSAGE Starting protection
2012/06/16 12:55:43 -0400 SECOND Owner MESSAGE Protection started successfully
2012/06/16 12:55:46 -0400 SECOND Owner MESSAGE Starting IP protection
2012/06/16 12:56:09 -0400 SECOND Owner MESSAGE IP Protection started successfully
2012/06/16 13:04:35 -0400 SECOND Owner MESSAGE Executing scheduled update: Daily
2012/06/16 13:04:39 -0400 SECOND Owner MESSAGE Database already up-to-date
2012/06/16 14:59:49 -0400 SECOND Owner MESSAGE Starting protection
2012/06/16 15:00:16 -0400 SECOND Owner MESSAGE Protection started successfully
2012/06/16 15:00:20 -0400 SECOND Owner MESSAGE Starting IP protection
2012/06/16 15:00:46 -0400 SECOND Owner MESSAGE IP Protection started successfully
2012/06/16 15:48:21 -0400 SECOND MESSAGE Starting protection
2012/06/16 15:49:00 -0400 SECOND Owner MESSAGE Protection started successfully
2012/06/16 15:49:03 -0400 SECOND Owner MESSAGE Starting IP protection
2012/06/16 15:50:11 -0400 SECOND Owner MESSAGE IP Protection started successfully

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 05:34 PM

Re-read my reply #2 (last step).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 06:13 PM

No such file exists.

Here are all the files in that folder:


Languages
License
mbam
chameleon
mbamext.dll
mbamnet.dll
mbamservice
unins000.dat file
unins outlook item
changes rich .txt format
mbam compiled HTML format
mbam.dll
mbamcore.dll
mbamgui
mbampt
unins000
ssubtmr6.dll
vbalsgrid6.ocx

and this:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SECOND [administrator]

Protection: Enabled

6/16/2012 6:35:13 PM
mbam-log-2012-06-16 (18-35-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223114
Time elapsed: 32 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 06:27 PM

Hmmmm....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 06:35 PM

Hmmmmmm????

I did as instructed. Posted each log, still unsure as to which LOG you are refereing.
No desktop logs exist.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 06:37 PM

Unfortunately I can't explain better.
Please re-read my previous reply carefully and post aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Tucktayuctuc

Tucktayuctuc
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2012 - 06:38 PM

I have copy and pasted a ton of information. What do you read or see in what I have sent so far? My windows Firewall still is not fixed.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:11 PM

Posted 16 June 2012 - 06:42 PM

One and last time....
I still need aswMBR log which you didn't post.
I will not reply until it's posted.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users