Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer slow, cant update java, adobe, windows


  • This topic is locked This topic is locked
15 replies to this topic

#1 dialout

dialout

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 09 October 2012 - 03:06 PM

This is the computer my kids use, so I have no idea what they have done to it. I removed a ton of toolbars, and add on programs they have downloaded by not un-checking things as they play, and I also removed some old files like several old Java editions. Now I cant get Java to re-install, keep getting adobe update notices, and cant get it to install, I cant get windows update to work either. I have installed and ran multiple anti virus programs ( removed each before installing the next so I only had 1 at a time) such as AVG, avast, trend micro...and now just installed norton even though I think it is a hog. none of them have found anything.

A new symptom that has appeared is that firefox looks like it is from the early 90's...everything is gray, and the buttons are huge. kinda like safe mode looks now.



any help would be greatly appreciated, by my kids...and my sanity.

Dialout.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 10 October 2012 - 07:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 11 October 2012 - 06:37 AM

hi m0le .

looking forward to working with you

ready to go.

Dialout

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 11 October 2012 - 07:27 PM

Let's rule out rootkits - Gmer says nothing but we need to double check

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 11 October 2012 - 08:00 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 20:56:18
-----------------------------
20:56:18.718 OS Version: Windows 5.1.2600 Service Pack 3
20:56:18.718 Number of processors: 1 586 0x207
20:56:18.718 ComputerName: SHEILA UserName: john
20:56:20.875 Initialize success
20:56:41.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:56:41.687 Disk 0 Vendor: WDC_WD600BB-75CAA0 16.06V16 Size: 57220MB BusType: 3
20:56:41.718 Disk 0 MBR read successfully
20:56:41.718 Disk 0 MBR scan
20:56:41.718 Disk 0 Windows XP default MBR code
20:56:41.718 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
20:56:41.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57184 MB offset 64260
20:56:41.765 Disk 0 scanning sectors +117178110
20:56:41.859 Disk 0 scanning C:\WINDOWS\system32\drivers
20:57:18.906 Service scanning
20:58:07.312 Modules scanning
20:58:49.656 Disk 0 trace - called modules:
20:58:49.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:58:49.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b84ab8]
20:58:50.265 3 CLASSPNP.SYS[f74e3fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86bcb9e8]
20:58:50.281 5 ACPI.sys[f745a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86bca940]
20:58:50.281 Scan finished successfully
20:59:47.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\john\Desktop\bleeping computer\MBR.dat"
20:59:47.343 The log file has been saved successfully to "C:\Documents and Settings\john\Desktop\bleeping computer\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 12 October 2012 - 05:59 PM

There's no rootkits showing so please now run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you receive the message "Illegal operation attempted on a registry key that has been marked for deletion." then please reboot the system.
Posted Image
m0le is a proud member of UNITE

#7 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 12 October 2012 - 10:02 PM

ComboFix 12-10-12.01 - john 10/12/2012 21:18:59.4.1 - x86
Running from: c:\documents and settings\john\Desktop\bleeping computer\comfix.exe.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\john\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\john\Application Data\inst.exe
c:\documents and settings\john\Local Settings\temp\1.tmp\F_IN_BOX.dll
c:\utopia\Angel\Angel.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-11 22:26 . 2012-10-11 22:26 -------- d-----w- c:\documents and settings\sheila1\Application Data\Apple Computer
2012-10-07 20:01 . 2012-10-07 20:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-10-07 20:01 . 2012-10-07 20:01 -------- d-----w- c:\program files\Symantec
2012-10-07 20:01 . 2012-10-07 20:01 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-10-07 20:01 . 2012-10-07 20:01 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-07 19:59 . 2012-10-11 10:48 -------- d-----w- c:\windows\system32\drivers\N360
2012-10-07 19:59 . 2012-10-07 19:59 -------- d-----w- c:\program files\Norton Security Suite
2012-10-07 19:59 . 2012-10-07 19:59 -------- d-----w- c:\program files\NortonInstaller
2012-10-02 20:40 . 2012-10-02 20:40 -------- d-----w- c:\documents and settings\john\Local Settings\Application Data\Temp
2012-10-02 11:08 . 2012-10-02 11:08 -------- d-----w- c:\documents and settings\john\Local Settings\Application Data\Solid State Networks
2012-10-02 01:57 . 2007-03-14 06:04 69632 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-24 09:16 . 2012-10-07 15:25 -------- d-----w- c:\documents and settings\john\Application Data\Apple Computer
2012-09-19 23:08 . 2012-09-19 23:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2012-09-18 23:26 . 2012-09-18 23:26 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2012-09-18 23:24 . 2012-09-18 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-09-18 23:22 . 2012-09-18 23:22 -------- d-----w- c:\program files\Common Files\Apple
2012-09-18 23:21 . 2012-09-18 23:21 -------- d-----w- c:\documents and settings\john\Local Settings\Application Data\Apple
2012-09-18 23:21 . 2012-09-18 23:21 -------- d-----w- c:\program files\Apple Software Update
2012-09-18 23:21 . 2012-09-18 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-09-18 23:20 . 2012-09-18 23:20 -------- d-----w- c:\documents and settings\john\Local Settings\Application Data\Apple Computer
2012-09-17 17:45 . 2012-10-02 01:55 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-16 14:54 . 2010-04-05 14:17 47360 ----a-w- c:\documents and settings\john\Application Data\pcouffin.sys
2012-08-28 15:14 . 2004-01-08 18:23 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2001-08-18 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2001-08-18 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-02-17 19:49 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-08-18 13:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 1980-01-01 06:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 1980-01-01 06:00 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 09:12 . 2012-08-30 13:43 41224 ----a-w- c:\windows\avastSS.scr
2006-04-08 03:07 . 2006-04-08 03:08 774144 -c--a-w- c:\program files\RngInterstitial.dll
2012-09-07 13:20 . 2012-09-07 13:19 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
.
c:\documents and settings\john\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^john^Start Menu^Programs^Startup^MP3Rocket (silent).lnk]
backup=c:\windows\pss\MP3Rocket (silent).lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^john^Start Menu^Programs^Startup^RCA Detective.lnk]
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 12:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
2008-02-12 15:09 353544 ----a-w- c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 18:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2007-03-07 14:58 1773568 ----a-w- c:\program files\support.com\bin\tgcmd.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GameHouse\\Solitaire\\Solitaire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121011.001\IDSxpx86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 00:23]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-18 00:23]
.
2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{FE4A14F4-3214-4090-8367-248CD3BEC679}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
2012-10-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Trusted Zone: netflix.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\john\Application Data\Mozilla\Firefox\Profiles\952xdtvo.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=283&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Utopia Angel - c:\utopia\Angel\Angel.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\rundll32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Java\jre1.6.0_01\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-10-12 22:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-13 02:07
.
Pre-Run: 20,703,342,592 bytes free
Post-Run: 20,996,501,504 bytes free
.
- - End Of File - - 3513D08277B4512F4C125C64436667EC

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 13 October 2012 - 02:49 PM

That looks fine. Please now run ESET and when that's done run MiniToolBox

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.


And MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Posted Image
m0le is a proud member of UNITE

#9 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 15 October 2012 - 06:27 AM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be29d0f1b57b3b4b9e67ad363c8eee99
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-14 08:33:50
# local_time=2012-10-14 04:33:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 135130206 135130206 0 0
# compatibility_mode=768 16777215 100 0 82798764 82798764 0 0
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=29298
# found=5
# cleaned=5
# scan_time=6917
C:\Documents and Settings\All Users\Application Data\Nero\Auto Update\Nero PhotoShow Express 5\update_files\2008-05-15 19-14-57.015 Nero PhotoShow Express 5.0.3 Build 144\nero_photoshow_express_5_setup_0144.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\john\My Documents\Downloads\Guffins.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\john\My Documents\Downloads\mplayer_tuguu_1469.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\john\My Documents\Downloads\PlayItAll-Setup-win32_2.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\john\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#10 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 15 October 2012 - 06:40 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by john (administrator) on 15-10-2012 at 07:30:29
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:5555

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [SHEILA]. Some commands may not be available.


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : sheila

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : GVC-REALTEK Ethernet 10/100 PCI Adapter

Physical Address. . . . . . . . . : 00-C0-A8-8C-16-AB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Sunday, October 14, 2012 2:13:27 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [173.194.43.7] with 32 bytes of data:



Reply from 173.194.43.7: bytes=32 time=23ms TTL=55

Reply from 173.194.43.7: bytes=32 time=23ms TTL=55



Ping statistics for 173.194.43.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 23ms, Average = 23ms

Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=79ms TTL=50

Reply from 98.138.253.109: bytes=32 time=58ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 79ms, Average = 68ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 a8 8c 16 ab ...... GVC-REALTEK Ethernet 10/100 PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4 20
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4 20
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4 20
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/11/2012 06:58:39 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2012 06:37:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2012 06:37:13 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2012 06:37:04 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2012 06:34:49 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/10/2012 07:14:50 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/10/2012 07:14:50 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/01/2012 09:34:06 PM) (Source: MsiInstaller) (User: SHEILA)SHEILA
Description: Product: Ask Toolbar -- Error 2738.Could not access VBScript run time for custom action .

Error: (09/17/2012 01:24:28 PM) (Source: Application Error) (User: )
Description: Fault bucket -1173126518.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (09/17/2012 01:15:28 PM) (Source: Application Error) (User: )
Description: Faulting application msiexec.exe, version 3.1.4001.5512, faulting module MSI84B.tmp, version 1.0.0.0, fault address 0x00014505.
Processing media-specific event for [msiexec.exe!ws!]


System errors:
=============
Error: (10/12/2012 09:49:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/11/2012 07:07:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/11/2012 06:48:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/10/2012 07:13:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (10/09/2012 03:24:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/09/2012 03:23:45 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/09/2012 03:13:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/09/2012 03:13:08 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/09/2012 03:13:04 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/09/2012 03:12:49 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

3D Groove Playback Engine
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
BCM V.92 56K Modem
Belkin Setup and Router Monitor
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.149.000)
c3100_Help (Version: 70.0.149.000)
CCleaner (Version: 2.31)
Classic PhoneTools (Version: 4.16)
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports 10 Support Files (Version: 1.00.0000)
Dell Driver Download Manager (Version: 1.0.0.0)
Dell Modem-On-Hold (Version: 1.39)
Dell Support (Version: 2.00.0000)
Desktop Doctor
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.02.000)
DivX Setup (Version: 2.2.1.2)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Easy CD Creator 5 Basic (Version: 5.2.0.56)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 70.0.149.000)
FinePixViewer Ver.4.2
FUJIFILM USB Driver
Google Update Helper (Version: 1.3.21.123)
Help and Support Customization (Version: 1.00.0000)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
ImageMixer VCD2 for FinePix
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Extreme Graphics Driver
InterActual Player
Java Auto Updater (Version: 2.1.9.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Platform Installer 2.0 (Version: 2.1.1)
Modem Helper
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MP3 Rocket
MP3Rocket
MS Access 97 SP2
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Napster Burn Engine (Version: 2.5.0000)
Nero 8 Essentials (Version: 8.10.209)
Nero PhotoShow Express 5 (Version: 5.0)
neroxml (Version: 1.0.0)
NewCopy_CDA (Version: 70.0.149.000)
Norton Security Suite (Version: 6.4.0.9)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PanoStandAlone (Version: 70.0.170.000)
PowerDVD
ProductContextNPI (Version: 70.0.149.000)
Quicken 2002 New User Edition
QuickTime (Version: 7.72.80.56)
QuickTime 3.0
RAW FILE CONVERTER LE
Readme (Version: 70.0.149.000)
RealPlayer Basic
Realtek RTL8139 Diagnostics Program
Revo Uninstaller 1.94 (Version: 1.94)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SecurDisc Viewer (Version: 1.2.8)
SolutionCenter (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
swMSM (Version: 12.0.0.1)
System Requirements Lab
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Uninstall Dual Mode Camera
Unity Web Player (Version: )
Unload (Version: 7.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 70.0.170.000)
Windows Defender Signatures (Version: 1.20.1325.6)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 2002
WordPerfect Office 2002 (Version: 10)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1022.48 MB
Available physical RAM: 543.65 MB
Total Pagefile: 1311.64 MB
Available Pagefile: 909 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.33 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:55.84 GB) (Free:19.33 GB) NTFS

========================= Users: ========================================

User accounts for \\SHEILA

Administrator ASPNET Guest
HelpAssistant john sheila1
SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 15 October 2012 - 07:11 PM

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.
Posted Image
m0le is a proud member of UNITE

#12 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 17 October 2012 - 11:19 PM

Ok...threw that step. looks better. Google doesn't look like its in safe mode anymore.

Edited by dialout, 18 October 2012 - 12:05 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 18 October 2012 - 05:50 PM

Can you now update?
Posted Image
m0le is a proud member of UNITE

#14 dialout

dialout
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 19 October 2012 - 04:11 PM

yes i can. i just reinstalled java, and adobe...and am currently running windows updater. seems to be much better now.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:46 PM

Posted 19 October 2012 - 08:24 PM

Looks good to me. My favourite bit...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it dialout, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users