Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What do I scan it with?


  • Please log in to reply
7 replies to this topic

#1 guyatcomputer

guyatcomputer

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 25 September 2012 - 08:18 PM

I had to use this 'hirens bootcd' and the mini-xp on it to run malwarebytes. About a year ago my moms computer (this one) got infected with something. She didn't know how to fix it and waited until I got to it. I'm from 'elsewhere' and only got to it now.

It found some stuff that seemed to shut it down at start-up, I deleted it and now it starts fine and I don't need the disc anymore. I did save the results of the scan, I'll post it when asked.

So, give me some stuff to scan it with, I'll scan it and post the results. When I scanned it with MB it was out of date by 3 weeks or something.

edit: this thing is also out of date on updates and stuff, please tell me what to upgrade to if possible.

some 'computer whiz' she knows also installed 'microsoft security essentials,' is this thing really that essential?

Edited by guyatcomputer, 25 September 2012 - 08:20 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 September 2012 - 08:37 PM

Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


Post the log here.



Then run a scan with eset remove all that it finds reboot your machine and if the issue persist see below.
http://www.eset.com/us/online-scanner/

When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Hit the quick scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.


Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 25 September 2012 - 10:38 PM

It would be good to also have some system info here.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 25 September 2012 - 10:39 PM

It would be good to also have some system info here.


:thumbup2:

#5 guyatcomputer

guyatcomputer
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 26 September 2012 - 12:14 PM

Wow, that was a ton of updating and stuff I had to do last night. It actually made me very p-o'ed, I had to enable and disable so many little add-ons and stuff, this java stuff is so annoying.

Anyway, superantispyware found only cookies, not worth posting. For some reason it took over 2 hours to scan last night, I got too tired, stopped it and went to bed. I just scanned it now and yeah, it only found cookies which were easily deleted.

Here's eset:

C:\Documents and Settings\kat\My Documents\Downloads\Facemoods.exe a variant of Win32/InstallCore.G application cleaned by deleting - quarantined
C:\Documents and Settings\ray\Local Settings\Temp\jar_cache5190013577960475375.tmp a variant of Java/Exploit.Agent.NDH trojan deleted - quarantined



This is the farbar thing:

MiniToolBox by Farbar Version: 23-07-2012
Ran by kat (administrator) on 25-09-2012 at 23:40:04
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : D32WZ6G1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : kn.shawcable.netEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : kn.shawcable.net Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection Physical Address. . . . . . . . . : 00-1D-09-91-82-9F Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 70.76.133.90 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 70.76.132.1 DHCP Server . . . . . . . . . . . : 64.59.176.40 DNS Servers . . . . . . . . . . . : 64.59.176.15 64.59.177.227 Lease Obtained. . . . . . . . . . : September 25, 2012 10:04:47 PM Lease Expires . . . . . . . . . . : September 27, 2012 6:50:34 PMServer: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: google.com
Addresses: 74.125.225.1, 74.125.225.2, 74.125.225.3, 74.125.225.5
74.125.225.8, 74.125.225.6, 74.125.225.0, 74.125.225.7, 74.125.225.14
74.125.225.9, 74.125.225.4

Pinging google.com [74.125.225.136] with 32 bytes of data:Reply from 74.125.225.136: bytes=32 time=26ms TTL=58Reply from 74.125.225.136: bytes=32 time=26ms TTL=58Ping statistics for 74.125.225.136: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 26ms, Maximum = 26ms, Average = 26msServer: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: yahoo.com
Addresses: 98.138.253.109, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=89ms TTL=53Reply from 98.139.183.24: bytes=32 time=154ms TTL=53Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 89ms, Maximum = 154ms, Average = 121msServer: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 91 82 9f ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 70.76.132.1 70.76.133.90 20
70.76.132.0 255.255.252.0 70.76.133.90 70.76.133.90 20
70.76.133.90 255.255.255.255 127.0.0.1 127.0.0.1 20
70.255.255.255 255.255.255.255 70.76.133.90 70.76.133.90 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 70.76.133.90 70.76.133.90 20
224.0.0.0 240.0.0.0 70.76.133.90 70.76.133.90 20
255.255.255.255 255.255.255.255 70.76.133.90 70.76.133.90 1
Default Gateway: 70.76.132.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2012 09:29:59 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/25/2012 09:29:59 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/25/2012 08:27:32 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/25/2012 08:27:32 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/12/2012 04:58:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

Error: (02/12/2012 04:58:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1953

Error: (02/12/2012 04:58:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2012 09:41:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2184672

Error: (02/10/2012 09:41:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2184672

Error: (02/10/2012 09:41:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/25/2012 11:02:29 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/25/2012 11:01:24 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/25/2012 10:56:13 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/25/2012 10:45:01 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/25/2012 10:04:46 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
Network Card with network address 001D0991829F.

Error: (09/25/2012 10:04:23 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
Network Card with network address 001D0991829F.

Error: (09/25/2012 10:02:07 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.11 on the
Network Card with network address 001D0991829F.

Error: (09/25/2012 09:58:24 PM) (Source: Dhcp) (User: )
Description: The IP address lease 70.76.133.90 for the Network Card with network address 001D0991829F has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (09/25/2012 09:47:53 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/25/2012 09:46:43 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader 9.5.2 (Version: 9.5.2)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
Bonjour (Version: 2.0.4.0)
CCleaner (remove only)
CCScore (Version: 6.02.1001.0001)
Choice Guard (Version: 1.2.87.0)
Dell DataSafe Online (Version: 1.0.21)
Dell System Restore (Version: 2.00.0000)
ESET Online Scanner v3
ESSBrwr (Version: 6.03.0001.0001)
ESSCDBK (Version: 6.03.0001.0001)
ESScore (Version: 6.03.0001.0001)
ESSgui (Version: 6.03.0001.0001)
ESSini (Version: 6.03.0001.0001)
ESSPCD (Version: 6.03.0001.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.2.0001.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.03.0001.0001)
fflink (Version: 6.02.1001.0001)
FramePhotoEditor 3.2.0
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.1.1.4)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 6 (Version: 1.6.0.60)
Junk Mail filter update (Version: 14.0.8064.206)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KSU (Version: 632.62.0004.0003)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
netbrdg (Version: 6.03.0001.0002)
Notifier (Version: 6.02.0001.0001)
NVIDIA Drivers
OfotoXMI (Version: 6.03.0001.0001)
PowerDVD (Version: 7.0)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 6.02.0001.0001)
SHASTA (Version: 6.03.0000.0001)
Sid Meier's Civilization 4 (Version: 1.00.0000)
Sid Meier's Civilization 4 (Version: 1.74)
Sierra 3D Deck
Sierra Electrical Wiring
Sierra Garden Encyclopedia
Sierra Home Architect
Sierra Home Improvement Encyclopedia
Sierra Photo Garden Designer
Sierra Photo Home Interiors
SimTheme Park
skin0001 (Version: 6.03.0001.0001)
SKINXSDK (Version: 6.02.1001.0001)
staticcr (Version: 6.03.0001.0001)
SUPERAntiSpyware (Version: 5.5.1022)
tooltips (Version: 6.03.0001.0001)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VPRINTOL (Version: 6.02.0001.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Family Safety (Version: 14.0.8064.206)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 6.03.0001.0001)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3070.1 MB
Available physical RAM: 2335.01 MB
Total Pagefile: 4955.52 MB
Available Pagefile: 4204.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.73 GB) (Free:242.98 GB) NTFS

========================= Users: ========================================

User accounts for \\D32WZ6G1

Administrator Guest HelpAssistant
kat ray SUPPORT_388945a0


**** End of log ****



Here's the adwcleaner whatcha:

# AdwCleaner v2.003 - Logfile created 09/25/2012 at 21:40:29
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : kat - D32WZ6G1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\kat\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\kat\Application Data\Mozilla\Firefox\Profiles\2585aptv.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [736 octets] - [25/09/2012 21:40:29]

########## EOF - C:\AdwCleaner[R1].txt - [795 octets] ##########


I'm scanning it right now with this norman thing. I'll post the log when it's done.

Other than that the "compooter" seems to be fixed. In looking at the history and stuff it seems someone opened a mysterious attachment on a blank email and that was what did all the damage.

#6 guyatcomputer

guyatcomputer
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 26 September 2012 - 12:44 PM

Here's the norman thing:

Norman Malware Cleaner v2.05.06
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/09/25 13:30:41, Variants: 18474733
nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 04:20:35, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree

Scan started: 2012/09/26 12:07:41

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1180
Number of objects scanned: 1180
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 43s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running normal scan...
C:\Program Files\SimTheme Park\Ip.exe: File infected with W32/Suspicious_Gen2.RPVNW
Delete file: C:\Program Files\SimTheme Park\Ip.exe
Cleaning successful

Number of files found: 28695
Number of archives unpacked: 523
Number of objects found: 145904
Number of objects scanned: 145904
Number of objects not scanned: 0
Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 1
Number of malicious files cleaned: 1
Scanning time: 26m 0s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 28695
Total number of archives unpacked: 523
Total number of objects found: 147084
Total number of objects scanned: 147084
Total number of objects not scanned: 0
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 1
Total number of malicious files cleaned: 1
Total number of objects quarantined: 1
Total scanning time: 26m 43s


I guess I'll take out this simthemepark thing too.

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 26 September 2012 - 06:21 PM

Uninstall the items below.

Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 6 (Version: 1.6.0.60)
SimTheme Park



Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
http://download.sysinternals.com/files/Autoruns.zip




Download the program below hit the scan button allow it to finish then hit the delete button allow it to finish reboot your machine
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe


Change your dns server to google dns
https://developers.google.com/speed/public-dns/docs/using



Hit the start button and type services.msc scroll down to the dns client service right click it and select properties then change the startup type to disabled.Then stop the service.







1. Right click on My Computer > Properties > Hardware Tab > Device Manager
2. Left click the IDE ATA/ATAPI Controllers group
3. Right click on Primary IDE and hit Uninstall there most likely will be more than one uninstall all of them prior to rebooting each may request a reboot after uninstalling just make sure that you have uninstalled them all prior to the reboot.
4. Reboot the computer, the Primary IDE drivers will re-install themselves after you reboot.
5. Go back to the Device Manager and Left click the IDE ATA/ATAPI Controllers group again.
6. Right click on Primary IDE Channel and go to Properties > Advanced Settings tab.
7. Make sure that both Device's Modes are on "DMA if available".
8. Link Explaining http://msdn.microsoft.com/en-us/library/windows/hardware/gg463526.aspx


Download the program below unzip it to your desktop and set it to run on the next boot.
http://technet.microsoft.com/en-us/sysinternals/bb897426.aspx


Then clear all of your restore points and create a new one you can do this by turning off system restore and rebooting and turning it back on and rebooting again.
http://support.microsoft.com/kb/310405

Then download Erunt and create a backup of your registry and then download ntregopt and run it and then reboot.
http://www.larshederer.homepage.t-online.de/erunt/

Now defrag your machine with auslogics select defrag and optimize just uncheck the boxes that suggest installing other software when installing auslogics disk defrag.
http://www.auslogics.com/en/downloads/disk-defrag/disk-defrag-setup.exe





Download the program below run it and reboot it is a latency fix that gamers use to help with lag.
http://www.wowinterface.com/downloads/dl.php?id=13581

Download the program below run it then under choose settings put a tick next to optimal then hit the apply changes button follow the prompt to reboot.
http://www.speedguide.net/files/TCPOptimizer.exe

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:04 PM

Posted 26 September 2012 - 07:57 PM

Hello I would ad 2 items here '''
this is the very last step,after everything as its best to at least have an infected/fouled point than none untill all is complete.

Then clear all of your restore points and create a new one you can do this by turning off system restore and rebooting and turning it back on and rebooting again.
http://support.microsoft.com/kb/310405



Also remove this
Adobe Reader 9.5.2 (Version: 9.5.2)

Then Update to Adobe Reader X (10.1.4)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 26 September 2012 - 07:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users