Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast- malicious url blocked


  • Please log in to reply
17 replies to this topic

#1 broskeeper

broskeeper

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 August 2012 - 03:08 PM

Hello,


I keep getting numerous (malicious url blocked) from Avast. I did Avast full scan and time boot scan. The full scan comes up with nothing and the boot scan says mal ware in my system restore and can't fix them. One more thing svchost.exe has to close when I connect to the internet. I had a bad virus that took over my desktop and by luck was able to get on the internet by using aol at the bottom next to the clock. I found your site and read how to gain control back with help from iexplore and unhide. I think Avast Pro took out the virus at this time.



Please go slow and explain why and what each step is that we're doing. It helps that I understand what is going on, Please, I would like to Thank You in advance for your help.


Best Regards,
Rudy

Edited by hamluis, 20 August 2012 - 10:55 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 19 August 2012 - 04:11 PM

If Avast is reporting malware in system restore then delete your restore points and create a new one.



Download the program below unzip it to your desktop and set it to run on the next boot.
http://technet.microsoft.com/en-us/sysinternals/bb897426.aspx


Then clear all of your restore points and create a new one you can do this by turning off system restore and rebooting and turning it back on and rebooting again.
http://support.microsoft.com/kb/310405

Then download Erunt and create a backup of your registry and then download ntregopt and run it and then reboot.
http://www.larshederer.homepage.t-online.de/erunt/

Now defrag your machine with auslogics select defrag and optimize just uncheck the boxes that suggest installing other software when installing auslogics disk defrag.
http://www.auslogics.com/en/downloads/disk-defrag/disk-defrag-setup.exe

Download Ad-ware Cleaner Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


Download Autoruns and Autorunsc unzip Autoruns to your desktop run it.See any entries that read file not found when you see them right click and select delete (or just simply uncheck if you do not feel comfy deleting)do this only for the entries that read file not found also uncheck any scheduled task that are set to run on your machine,close the program.
http://download.sysinternals.com/files/Autoruns.zip



1. Right click on My Computer > Properties > Hardware Tab > Device Manager
2. Left click the IDE ATA/ATAPI Controllers group
3. Right click on Primary IDE and hit Uninstall if there are more than one then unistall them all each one will request a reboot wait until you have uninstalled them all and when the last one reuquest the reboot then do it.
4. Reboot the computer, the Primary IDE drivers will re-install themselves after you reboot.
5. Go back to the Device Manager and Left click the IDE ATA/ATAPI Controllers group again.
6. Right click on Primary IDE Channel and go to Properties > Advanced Settings tab.
7. Make sure that both Device's Modes are on "DMA if available".
8. Link Explaining http://msdn.microsoft.com/en-us/library/windows/hardware/gg463526.aspx

Open msconfig and disable everything from your startup except avast.





Please download TFC by Old Timer and save it to your desktop.
tempfilecleaner
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.If TFC doesnt prompt a reboot then please do so manually

#3 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 August 2012 - 06:18 PM

# AdwCleaner v1.801 - Logfile created 08/19/2012 at 19:07:11
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Rudy - RLDELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rudy\Local Settings\Temporary Internet Files\Content.IE5\Q8GZTXNY\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Rudy\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Rudy\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\FCTB41534
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v6.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Rudy\Application Data\Mozilla\Firefox\Profiles\0qojcu8t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Rudy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",

*************************

AdwCleaner[S1].txt - [3999 octets] - [19/08/2012 19:07:11]

########## EOF - C:\AdwCleaner[S1].txt - [4127 octets] ##########

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 19 August 2012 - 07:22 PM

How are things now?Have you copmpleted everything?

Please download FarbarServiceScanner and run it on the computer with the issue.


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please ATTACH the log to your reply.

Please download MINITOOLBOX and run it.

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and Attach the result.

#5 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 August 2012 - 08:25 PM

Still got the pop ups, And getting ready to try the FarbarServiceScanner now

#6 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 19 August 2012 - 11:45 PM

Fubar Scan...........

Farbar Service Scanner Version: 06-08-2012
Ran by Rudy (administrator) on 20-08-2012 at 00:35:23
Running from "C:\Documents and Settings\Rudy\Local Settings\Temporary Internet Files\Content.IE5\IJL6NY0J"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000009000000040000000100000002000000030000000B0000000A00000008000000050000000600000007000000


**** End of log ****


minitoolbox Scan.................





MiniToolBox by Farbar Version: 23-07-2012
Ran by Rudy (administrator) on 20-08-2012 at 00:39:24
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : RLDELL

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-76-7D-29

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Monday, August 20, 2012 12:30:27 AM

Lease Expires . . . . . . . . . . : Thursday, August 23, 2012 12:30:27 AM

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.228.73, 74.125.228.78, 74.125.228.64, 74.125.228.65
74.125.228.66, 74.125.228.67, 74.125.228.68, 74.125.228.69, 74.125.228.70
74.125.228.71, 74.125.228.72



Pinging google.com [74.125.228.64] with 32 bytes of data:



Reply from 74.125.228.64: bytes=32 time=39ms TTL=54

Reply from 74.125.228.64: bytes=32 time=39ms TTL=54



Ping statistics for 74.125.228.64:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 39ms, Average = 39ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=172ms TTL=47

Reply from 72.30.38.140: bytes=32 time=124ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 124ms, Maximum = 172ms, Average = 148ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f 76 7d 29 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2012 07:59:32 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 07:46:49 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 07:14:39 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 06:41:43 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 02:43:13 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/18/2012 05:44:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/18/2012 08:32:48 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/17/2012 05:29:35 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/16/2012 08:25:26 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/16/2012 04:08:32 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]


System errors:
=============
Error: (08/20/2012 00:37:44 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 00:34:20 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 00:30:22 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00123F767D29 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/19/2012 11:36:36 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00123F767D29 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/19/2012 10:57:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/19/2012 07:59:38 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2012 07:58:26 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/19/2012 07:58:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/19/2012 07:54:26 PM) (Source: Service Control Manager) (User: )
Description: The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2012 07:54:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.22beta
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader 9.3.4 (Version: 9.3.4)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
AudibleManager
Auslogics Disk Defrag (Version: 3.5)
avast! Pro Antivirus (Version: 7.0.1451.0)
CCleaner (Version: 3.10)
CDBurnerXP (Version: 4.3.8.2631)
Corel Photo Album 6 (Version: 6.00)
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell ResourceCD
Dell Support 3.2.1 (Version: 5.5.2096)
Dell System Restore (Version: 2.00.0000)
Digital Content Portal (Version: 1.00.0000)
DVD Shrink 3.2
EarthLink setup files (Version: 2005.1.47.0)
ERUNT 1.1j
Google Chrome (Version: 21.0.1180.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel Matrix Storage Manager
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections (Version: 8.00.0005)
Intel® PROSafe for Wired Connections (Version: 99.99.9999)
Internet Explorer Default Page (Version: 1.00.03)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Kaspersky Anti-Virus 2011 (Version: 11.0.2.556)
Learn2 Player (Uninstall Only)
Macromedia Flash Player (Version: 7.0.19.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mouse Suite v1.2
Move Media Player
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MuVo Driver
Nero Media Player
Nero OEM
NeroVision Express 2
NSIS KLDownloaderLite
NTREGOPT 1.1j
PowerDVD 5.5
Qualxserve Service Agreement (Version: 1.11.0000)
QuickBooks Simple Start Special Edition (Version: )
QuickTime (Version: 7.70.80.34)
RealFlight G3 R/C Simulator
RealPlayer Basic
Sonic DLA (Version: 4.95)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Assistant
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 1022.09 MB
Available physical RAM: 469.57 MB
Total Pagefile: 2459.05 MB
Available Pagefile: 2028.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.38 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.12 GB) (Free:33.74 GB) NTFS

========================= Users: ========================================

User accounts for \\RLDELL

Administrator Guest HelpAssistant
Rudy SUPPORT_388945a0


**** End of log ****

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 20 August 2012 - 06:26 PM

Edit: .

Uninstall kaspersky then run the removal tool.

http://support.kaspersky.com/faq/?qid=208279463


Then download and run winsock fix for xp

http://files1.majorgeeks.com/files/49de010bfd34f149fc319dd839707a36/spyware/winsockxpfix.exe

Now download the program below run it then hit the fix hosts button then the fix dns then hit the scan button let it finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe



Now post a fresh minitool box log there is still more work to be done.

Edited by InadequateInfirmity, 20 August 2012 - 06:30 PM.


#8 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 20 August 2012 - 09:52 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Rudy (administrator) on 20-08-2012 at 22:51:16
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 10:40:06 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/20/2012 04:24:33 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/20/2012 00:46:33 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 07:59:32 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 07:46:49 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 07:14:39 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 06:41:43 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/19/2012 02:43:13 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/18/2012 05:44:25 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (08/18/2012 08:32:48 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]


System errors:
=============
Error: (08/20/2012 10:40:13 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (08/20/2012 10:39:11 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).

Error: (08/20/2012 10:37:23 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 10:37:04 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 10:36:58 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00123F767D29 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/20/2012 10:36:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 10:19:55 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 10:00:41 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/20/2012 04:24:39 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s).

Error: (08/20/2012 04:15:41 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 00123F767D29 has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.22beta
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader 9.3.4 (Version: 9.3.4)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
AudibleManager
Auslogics Disk Defrag (Version: 3.5)
avast! Pro Antivirus (Version: 7.0.1451.0)
CCleaner (Version: 3.10)
CDBurnerXP (Version: 4.3.8.2631)
Corel Photo Album 6 (Version: 6.00)
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell ResourceCD
Dell Support 3.2.1 (Version: 5.5.2096)
Dell System Restore (Version: 2.00.0000)
Digital Content Portal (Version: 1.00.0000)
DVD Shrink 3.2
EarthLink setup files (Version: 2005.1.47.0)
ERUNT 1.1j
Google Chrome (Version: 21.0.1180.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel Matrix Storage Manager
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections (Version: 8.00.0005)
Intel® PROSafe for Wired Connections (Version: 99.99.9999)
Internet Explorer Default Page (Version: 1.00.03)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Learn2 Player (Uninstall Only)
Macromedia Flash Player (Version: 7.0.19.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mouse Suite v1.2
Move Media Player
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MuVo Driver
Nero Media Player
Nero OEM
NeroVision Express 2
NSIS KLDownloaderLite
NTREGOPT 1.1j
PowerDVD 5.5
Qualxserve Service Agreement (Version: 1.11.0000)
QuickBooks Simple Start Special Edition (Version: )
QuickTime (Version: 7.70.80.34)
RealFlight G3 R/C Simulator
RealPlayer Basic
Sonic DLA (Version: 4.95)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Assistant
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 1022.09 MB
Available physical RAM: 599.58 MB
Total Pagefile: 2458.99 MB
Available Pagefile: 2160.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.12 GB) (Free:33.62 GB) NTFS

========================= Users: ========================================

User accounts for \\RLDELL

Administrator Guest HelpAssistant
Rudy SUPPORT_388945a0


**** End of log ****

#9 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 20 August 2012 - 10:57 PM

OK, Now that did something.
The icon of two monitors next to the clock use to have a link between them,
Now the link is gone, And so are he pop ups!

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 20 August 2012 - 11:05 PM

There is still more work to be done I am about to sleep I will have more instructions for you tomorrow around 6 pm eastern time usa. :)

#11 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 20 August 2012 - 11:15 PM

The pop ups are back after a restart

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 21 August 2012 - 05:30 AM

Scan with malwarebytes and super antispyware.Make sure and update each of these programs prior to scanning.


http://www.filehippo.com/download/file/7d599d786a1bef8c096642485a71e512a9d6487a1a9ae20e26a71f72c7e728eb/
http://cdn.superantispyware.com/SUPERAntiSpyware.exe




You can perform scans with eset online scanner and f-secure online scanner.Make sue and disable avast while running the online scanners
http://www.eset.com/us/online-scanner/
http://www.f-secure.com/en/web/home_global/protection/free-online-tools/free-online-tools



If any of the scans find anything post the results here.

Edited by InadequateInfirmity, 21 August 2012 - 05:31 AM.


#13 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 21 August 2012 - 10:07 PM

I ran the malwarebyres today and got nothing.
This scan is from last month


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Rudy :: RLDELL [administrator]

7/8/2012 10:33:00 PM
mbam-log-2012-07-08 (22-33-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312963
Time elapsed: 33 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E5B2693-D348-4CA7-8364-4F5E51BF9C6D} (Adware.Zango) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\AppID\SeekmoTB.DLL (Adware.Seekmo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F4D561A5000081A800015201D151FC84 (Trojan.Lameshield) -> Data: C:\Documents and Settings\All Users\Application Data\F4D561A5000081A800015201D151FC84\F4D561A5000081A800015201D151FC84.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Rudy\Local Settings\Application Data\{c1199855-2ea3-ea8e-31b1-315b38efd500}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{c1199855-2ea3-ea8e-31b1-315b38efd500}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Documents and Settings\All Users\Application Data\F4D561A5000081A800015201D151FC84\F4D561A5000081A800015201D151FC84.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rudy\Local Settings\Application Data\trzF6.tmp (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1894\A0221528.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rudy\Application Data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rudy\Application Data\Adobe\plugs\mmc121176140.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rudy\Application Data\Adobe\plugs\mmc246.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rudy\Application Data\Adobe\plugs\mmc90.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)





///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2012 at 06:32 PM

Application Version : 5.5.1012

Core Rules Database Version : 9097
Trace Rules Database Version: 6909

Scan type : Quick Scan
Total Scan Time : 00:08:18

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 477
Memory threats detected : 0
Registry items scanned : 29850
Registry threats detected : 23
File items scanned : 7307
File threats detected : 147

Adware.180solutions/Seekmo
HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}

Rogue.Component/Trace
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#Aff
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#AdvancedScanType
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#FirstRunUrl
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#AfterRegisterUrl
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#LabelUrl
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#TermsUrl
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#HelpURL
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#BillingURL
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#BillingUrlApproved
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#TransactionKey
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#BillingRegURL
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#BillingURL2
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#BillingUrlApproved2
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#LastRun
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#InstallDate
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#pPath
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#pName
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#SecurityVector
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#Scans
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471\Options#LastScan
HKU\S-1-5-21-818754976-2990307394-803882991-1006\Software\35062400019262526026555329952471

Adware.Tracking Cookie
C:\Documents and Settings\Rudy\Cookies\YFUU5SVE.txt [ /ar.atwola.com ]
C:\Documents and Settings\Rudy\Cookies\8YA7S3H7.txt [ /c1.atdmt.com ]
C:\Documents and Settings\Rudy\Cookies\3X0G1X88.txt [ /tribalfusion.com ]
C:\Documents and Settings\Rudy\Cookies\IYF2HMON.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\Rudy\Cookies\3U2AV8LP.txt [ /statcounter.com ]
C:\Documents and Settings\Rudy\Cookies\7190WOSG.txt [ /pointroll.com ]
C:\Documents and Settings\Rudy\Cookies\EAVAFKRN.txt [ /solvemedia.com ]
C:\Documents and Settings\Rudy\Cookies\EEBMBW7G.txt [ /insightexpressai.com ]
C:\Documents and Settings\Rudy\Cookies\CPI47RH0.txt [ /invitemedia.com ]
C:\Documents and Settings\Rudy\Cookies\1ZTTKMA6.txt [ /traffic.prod.cobaltgroup.com ]
C:\Documents and Settings\Rudy\Cookies\59KHPX6O.txt [ /yadro.ru ]
C:\Documents and Settings\Rudy\Cookies\A8Q6Y7PJ.txt [ /atwola.com ]
C:\Documents and Settings\Rudy\Cookies\ABLJ4HVQ.txt [ /at.atwola.com ]
C:\Documents and Settings\Rudy\Cookies\U9UC3QW7.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\Rudy\Cookies\0MT9JA58.txt [ /a1.interclick.com ]
C:\Documents and Settings\Rudy\Cookies\MALV0Y9F.txt [ /adfarm1.adition.com ]
C:\Documents and Settings\Rudy\Cookies\PV8HE70A.txt [ /collective-media.net ]
C:\Documents and Settings\Rudy\Cookies\EVKZBF6I.txt [ /burstnet.com ]
C:\Documents and Settings\Rudy\Cookies\M25I46BW.txt [ /ru4.com ]
C:\Documents and Settings\Rudy\Cookies\CQ6UILUK.txt [ /microsoftsto.112.2o7.net ]
C:\Documents and Settings\Rudy\Cookies\JEVSEODN.txt [ /zedo.com ]
C:\Documents and Settings\Rudy\Cookies\PDN46PU7.txt [ /homestore.122.2o7.net ]
C:\Documents and Settings\Rudy\Cookies\T7L19WUC.txt [ /adbrite.com ]
C:\Documents and Settings\Rudy\Cookies\E9N7BYZR.txt [ /kaspersky.122.2o7.net ]
C:\Documents and Settings\Rudy\Cookies\14QO6GIT.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Rudy\Cookies\4HV190IE.txt [ /e-2dj6aemiwpczwco.stats.esomniture.com ]
C:\Documents and Settings\Rudy\Cookies\WKXM401S.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Rudy\Cookies\348Y8W8L.txt [ /media6degrees.com ]
C:\Documents and Settings\Rudy\Cookies\RMDC8RLV.txt [ /dmtracker.com ]
C:\Documents and Settings\Rudy\Cookies\KD5AS46K.txt [ /2o7.net ]
C:\Documents and Settings\Rudy\Cookies\LN1YA6A4.txt [ /questionmarket.com ]
C:\Documents and Settings\Rudy\Cookies\N63F1XG0.txt [ /media.charter.com ]
C:\Documents and Settings\Rudy\Cookies\J3LX1K62.txt [ /mediaplex.com ]
C:\Documents and Settings\Rudy\Cookies\W278I7HL.txt [ /mediaservices-d.openxenterprise.com ]
C:\Documents and Settings\Rudy\Cookies\FZIAH0T0.txt [ /revsci.net ]
C:\Documents and Settings\Rudy\Cookies\K92W05QX.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Rudy\Cookies\UMA01LGW.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\Rudy\Cookies\YJDZ0L41.txt [ /doubleclick.net ]
C:\Documents and Settings\Rudy\Cookies\G0RG9FD9.txt [ /serving-sys.com ]
C:\Documents and Settings\Rudy\Cookies\XC36OAIG.txt [ /ad.360yield.com ]
C:\Documents and Settings\Rudy\Cookies\MINSV5UU.txt [ /www.qsstats.com ]
C:\Documents and Settings\Rudy\Cookies\4EKYG72O.txt [ /kontera.com ]
C:\Documents and Settings\Rudy\Cookies\86CDYR8U.txt [ /fastclick.net ]
C:\Documents and Settings\Rudy\Cookies\JDGGCQ6Z.txt [ /interclick.com ]
C:\Documents and Settings\Rudy\Cookies\0K9CCG4N.txt [ /pro-market.net ]
C:\Documents and Settings\Rudy\Cookies\K75ZJNZK.txt [ /atdmt.com ]
C:\Documents and Settings\Rudy\Cookies\L7ZB9EFA.txt [ /ad2.adfarm1.adition.com ]
C:\Documents and Settings\Rudy\Cookies\FZEJ56GS.txt [ /legolas-media.com ]
C:\Documents and Settings\Rudy\Cookies\UF9TVT33.txt [ /advertising.com ]
C:\Documents and Settings\Rudy\Cookies\5SQM5OZT.txt [ /apmebf.com ]
C:\Documents and Settings\Rudy\Cookies\EXUF6532.txt [ /adultfriendfinder.com ]
C:\Documents and Settings\Rudy\Cookies\K8RPLPBH.txt [ /ero-advertising.com ]
C:\Documents and Settings\Rudy\Cookies\P57H3RJT.txt [ /imrworldwide.com ]
C:\Documents and Settings\Rudy\Cookies\SC1BQS5T.txt [ /www.qsstats.com ]
C:\Documents and Settings\Rudy\Cookies\RX6ZSPB1.txt [ /lucidmedia.com ]
C:\Documents and Settings\Rudy\Cookies\I5AN2QAV.txt [ /casalemedia.com ]
C:\Documents and Settings\Rudy\Cookies\5YLKSMC2.txt [ /cdn.at.atwola.com ]
C:\Documents and Settings\Rudy\Cookies\6HK1H0G0.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\Rudy\Cookies\K6BZIHW5.txt [ /ads.pointroll.com ]
bridge2.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.admarketplace.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c5.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.get-answers-fast.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SECEDIT.EXE


///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
eset online scanner

C:\Documents and Settings\Rudy\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadidigbdddigbdjgddadggcdegfdgdc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined






/////////////////////////////////////////////////////////////////////////////////////////////////////////////////
f-secure online scanner
Scanning Report
Tuesday, August 21, 2012 21:16:47 - 22:37:45
Computer name: RLDELL
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

3 malware found
Suspicious:W32/Malware!Gemini (spyware)
System (Disinfected)
Stealth_file (virus)
C:\AVAST! SANDBOX\SNX_RHIVE (Not cleaned & Submitted)
Suspicious:W32/Malware!Gemini (virus)
C:\WINDOWS\CONTIG.EXE (Not cleaned)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 56774
System: 3824
Not scanned: 11
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 2
Submitted: 1
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\AUTORUNS.EXE
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\PROGRAM FILES\COMMON FILES\AOL\LOADER\AOLLOAD.EXE
C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\TEMP\HSPERFDATA_RUDY\1352
C:\DOCUMENTS AND SETTINGS\RUDY\LOCAL SETTINGS\TEMP\HSPERFDATA_RUDY\3892

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
Use advanced heuristics

--------------------------------------------------------------------------------

#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 22 August 2012 - 04:14 AM

How about the eset log and how is the machine?

#15 broskeeper

broskeeper
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 22 August 2012 - 03:14 PM

Still have pop ups

eset online scanner

C:\Documents and Settings\Rudy\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadidigbdddigbdjgddadggcdegfdgdc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users