Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Hole


  • Please log in to reply
21 replies to this topic

#1 Somehelpplease

Somehelpplease

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 08:08 AM

Hi,

I was looking at two separate websites (neither was twitter), both of which have been very safe in the past. Suddenly I got an AVG pop up warning me about Black Hole. The computer either jammed at this point or was going slowly. I panicked a bit and closed all the windows before I read what was written very thoroughly.

After I closed my windows, I disconnected the internet and cleared my search history. I have now been doing multiple scans (both in an out of safe mode) with AVG and Malwarebytes Anti-malware. None of these searches are finding any viruses, malware, or kits on my computer.

Do I have the virus or not? And what can I do to make sure?

Edited by Orange Blossom, 26 September 2012 - 08:41 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:32 AM

Posted 26 September 2012 - 08:09 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 01:22 PM

Wow! You got back to me quickly.

I just ran TDSSkiller and it says I have no threats. How would I find the c drive?

I am moving on to the next scans now.

#4 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 01:35 PM

Here is the aswMBR log:




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 14:22:54
-----------------------------
14:22:54.421 OS Version: Windows 5.1.2600 Service Pack 3
14:22:54.421 Number of processors: 1 586 0x1601
14:22:54.421 ComputerName: ARCADIA UserName:
14:22:54.906 Initialize success
14:26:24.031 AVAST engine defs: 12092600
14:26:37.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:26:37.937 Disk 0 Vendor: ST980811 3.CD Size: 76319MB BusType: 3
14:26:37.953 Disk 0 MBR read successfully
14:26:37.953 Disk 0 MBR scan
14:26:38.046 Disk 0 unknown MBR code
14:26:38.046 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:26:38.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 66278 MB offset 80325
14:26:38.078 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 135829575
14:26:38.093 Disk 0 scanning sectors +156296385
14:26:38.187 Disk 0 scanning C:\WINDOWS\system32\drivers
14:26:46.500 Service scanning
14:27:06.312 Modules scanning
14:27:15.921 Disk 0 trace - called modules:
14:27:16.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
14:27:16.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865336c8]
14:27:16.343 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\0000006f[0x8653f918]
14:27:16.343 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8654c030]
14:27:16.843 AVAST engine scan C:\WINDOWS
14:27:25.937 AVAST engine scan C:\WINDOWS\system32
14:29:25.328 AVAST engine scan C:\WINDOWS\system32\drivers
14:29:37.625 AVAST engine scan C:\Documents and Settings\Rex Graine
14:31:52.765 AVAST engine scan C:\Documents and Settings\All Users
14:33:36.781 Scan finished successfully
14:35:07.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rex Graine\My Documents\MBR.dat"
14:35:07.125 The log file has been saved successfully to "C:\Documents and Settings\Rex Graine\My Documents\aswMBR2.txt"

#5 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 01:54 PM

I just finished the ESET scan. It is not showing me how to export the results and it is saying that there were no infected files found and that it did not clean any files.

What do I do now? Do I close and remove the programs? Wait to find how to post results for ESET and TDSSkiller? Do I use different programs to scan?

Am I safe?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:32 AM

Posted 26 September 2012 - 02:17 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log

#7 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 02:56 PM

Here is my Malwarebytes Scan:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Rex Graine :: ARCADIA [administrator]

9/26/2012 3:27:05 PM
mbam-log-2012-09-26 (15-27-05).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242424
Time elapsed: 28 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 03:01 PM

Here are mini toolbox results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Rex Graine (administrator) on 26-09-2012 at 15:58:51
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Arcadia

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : att.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : att.net

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-21-70-A9-11-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Wednesday, September 26, 2012 1:52:53 PM

Lease Expires . . . . . . . . . . : Thursday, September 27, 2012 1:52:53 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-22-68-D2-F1-EF

Server: dsldevice.att.net
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.134.102, 74.125.134.113, 74.125.134.138, 74.125.134.139
74.125.134.100, 74.125.134.101



Pinging google.com [74.125.137.100] with 32 bytes of data:



Reply from 74.125.137.100: bytes=32 time=42ms TTL=41

Reply from 74.125.137.100: bytes=32 time=42ms TTL=41



Ping statistics for 74.125.137.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 42ms, Average = 42ms

Server: dsldevice.att.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=82ms TTL=46

Reply from 98.138.253.109: bytes=32 time=96ms TTL=47



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 96ms, Average = 89ms

Server: dsldevice.att.net
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 a9 11 88 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 22 68 d2 f1 ef ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 20
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 20
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 20
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
255.255.255.255 255.255.255.255 192.168.1.65 3 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2012 08:56:16 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/11/2012 07:13:39 AM) (Source: Application Hang) (User: )
Description: Hanging application soffice.bin, version 3.3.9556.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/06/2012 09:05:56 PM) (Source: ESENT) (User: )
Description: Catalog Database (1436) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.

Error: (08/06/2012 09:05:56 PM) (Source: ESENT) (User: )
Description: Catalog Database (1436) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (08/06/2012 09:05:56 PM) (Source: ESENT) (User: )
Description: svchost (1436) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/05/2012 07:05:10 PM) (Source: Application Hang) (User: )
Description: Hanging application adwcleaner(1).exe, version 1.800.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/05/2012 06:24:34 PM) (Source: Application Hang) (User: )
Description: Hanging application adwcleaner.exe, version 1.800.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2012 06:13:55 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2012 06:13:54 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 08:44:54 AM) (Source: Application Hang) (User: )
Description: Hanging application avgui.exe, version 12.0.0.2164, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/25/2012 10:26:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/25/2012 09:21:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
APPDRV
Avgldx86
Avgmfx86
Avgtdix
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (09/25/2012 09:21:30 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (09/25/2012 09:21:30 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (09/25/2012 09:21:30 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/25/2012 09:21:30 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (09/25/2012 09:20:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/25/2012 09:20:04 PM) (Source: DCOM) (User: ARCADIA)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/19/2012 08:28:02 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (09/11/2012 06:25:02 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2


Microsoft Office Sessions:
=========================
Error: (09/25/2012 08:56:16 PM) (Source: Application Hang)(User: )
Description: firefox.exe15.0.1.4631hungapp0.0.0.000000000

Error: (09/11/2012 07:13:39 AM) (Source: Application Hang)(User: )
Description: soffice.bin3.3.9556.500hungapp0.0.0.000000000

Error: (08/06/2012 09:05:56 PM) (Source: ESENT)(User: )
Description: Catalog Database1436C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (08/06/2012 09:05:56 PM) (Source: ESENT)(User: )
Description: Catalog Database1436C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (08/06/2012 09:05:56 PM) (Source: ESENT)(User: )
Description: svchost1436C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/05/2012 07:05:10 PM) (Source: Application Hang)(User: )
Description: adwcleaner(1).exe1.800.0.0hungapp0.0.0.000000000

Error: (08/05/2012 06:24:34 PM) (Source: Application Hang)(User: )
Description: adwcleaner.exe1.800.0.0hungapp0.0.0.000000000

Error: (08/02/2012 06:13:55 PM) (Source: Application Hang)(User: )
Description: firefox.exe14.0.1.4577hungapp0.0.0.000000000

Error: (08/02/2012 06:13:54 PM) (Source: Application Hang)(User: )
Description: firefox.exe14.0.1.4577hungapp0.0.0.000000000

Error: (07/30/2012 08:44:54 AM) (Source: Application Hang)(User: )
Description: avgui.exe12.0.0.2164hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 8.3.1 (Version: 8.3.1)
Advanced Audio FX Engine
Advanced Video FX Engine
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Browser Address Error Redirector (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Dell Support Center (Version: 2.1.08060)
Dell System Restore (Version: 2.00.0000)
Dell Touchpad (Version: 7.1.102.7)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 5 (Version: 1.6.0.50)
Laptop Integrated Webcam Driver (1.01.01.0529)
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PowerDVD (Version: 8.0)
QuickSet (Version: 8.3.17)
Realtek High Definition Audio Driver
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
SearchAssist
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 1014.36 MB
Available physical RAM: 640.47 MB
Total Pagefile: 2440.66 MB
Available Pagefile: 1970.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.82 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:64.73 GB) (Free:53.03 GB) NTFS

========================= Users: ========================================

User accounts for \\ARCADIA

Administrator Guest HelpAssistant
Rex Graine SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini041611-01.dmp
C:\WINDOWS\Minidump\Mini050411-01.dmp
C:\WINDOWS\Minidump\Mini062712-01.dmp
C:\WINDOWS\Minidump\Mini082811-01.dmp
========================= Restore Points ==================================

06-08-2012 00:30:23 System Checkpoint
06-08-2012 00:31:02 Scanned
08-08-2012 10:27:23 Software Distribution Service 3.0
09-08-2012 09:34:58 Removed Java™ 6 Update 31
09-08-2012 09:35:09 Installed Java™ 6 Update 33
17-08-2012 20:57:35 Software Distribution Service 3.0
02-09-2012 15:11:26 Installed Java™ 6 Update 35

**** End of log ****

Here are the FSS results:


Farbar Service Scanner Version: 19-09-2012
Ran by Rex Graine (administrator) on 26-09-2012 at 16:00:55
Running from "C:\Documents and Settings\Rex Graine\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#9 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 03:09 PM

I downloaded adware cleaner and hit delete. My AVG popped up saying this was a rogue scanner and my computer jammed. I had o restart.

What just happened? Is that bad? What do I do?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:32 AM

Posted 26 September 2012 - 03:11 PM

Disable AVG and run adware cleaner.

#11 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 03:14 PM

So, do you mean to do it in safe mode with networking?

This is safe, right?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:32 AM

Posted 26 September 2012 - 03:23 PM

Yes

#13 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 03:32 PM

OK. I ran adware cleaner and then it had me reboot the computer. When I rebooted (I went into safe mode again), it did not bring up a log.

Do I continue with the next step on your list or is there a place I can find the log and post it?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:32 AM

Posted 26 September 2012 - 04:01 PM

continue

#15 Somehelpplease

Somehelpplease
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 26 September 2012 - 04:07 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.0 (09.26.2012)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 09/26/2012 at 17:05:53.20
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed




*** FireFox detected and repaired:

The below lines were deleted from [FF prefs.js]

=============================

=============================



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 09/26/2012 at 17:06:02.89
End of Report




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users