Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect to "Startsear.info" on Internet Explorer


  • Please log in to reply
12 replies to this topic

#1 Hurley77

Hurley77

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 30 October 2012 - 07:41 PM

Hello,

Internet Explorer (IE) is being redirected to a "StartSear.info" site and I cannot seem to stop it. I have went to the "Manage addons" area on IE toolbar and was able to delete a google search that was being redirected to startsear. I have run a McAfee full scan and it did not pick up anything. I ran a MalwareBytes Anti-Malware full scan and it did quarentine two items called "hijack.startpage" and says that it is in the "Registry data" category. Here is the report from the last scan that I ran,

2012/10/26 19:47:24 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting protection
2012/10/26 19:47:24 -0300 DDLZQDG1 Karen & Mike MESSAGE Protection started successfully
2012/10/26 19:47:24 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting IP protection
2012/10/26 19:47:27 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection started successfully
2012/10/26 19:47:38 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting database refresh
2012/10/26 19:47:38 -0300 DDLZQDG1 Karen & Mike MESSAGE Stopping IP protection
2012/10/26 19:47:38 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection stopped successfully
2012/10/26 19:47:42 -0300 DDLZQDG1 Karen & Mike MESSAGE Database refreshed successfully
2012/10/26 19:47:42 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting IP protection
2012/10/26 19:47:44 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection started successfully
2012/10/26 19:59:39 -0300 DDLZQDG1 Karen & Mike MESSAGE Executing scheduled update: Daily
2012/10/26 19:59:43 -0300 DDLZQDG1 Karen & Mike MESSAGE Database already up-to-date
2012/10/26 21:54:40 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 21:54:43 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 21:54:49 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 21:57:45 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 21:57:48 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 21:57:54 -0300 DDLZQDG1 Karen & Mike IP-BLOCK 195.3.147.99 (Type: outgoing)
2012/10/26 22:07:09 -0300 DDLZQDG1 Karen & Mike MESSAGE Stopping IP protection
2012/10/26 22:07:09 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection stopped successfully
2012/10/26 22:07:33 -0300 DDLZQDG1 Karen & Mike MESSAGE Protection stopped

I thought that it had been fixed since it quarentiend the two files however I am still being redirected to StartSear when I restart the computer and open Interet Explorer. I have read that this can be a hijacker and want to remove all viruss, etc. however do not know what to do next.

I would really appreciate some help!

Thanks
Mike

Edited by Andrew, 30 October 2012 - 08:36 PM.
Mod Edit: Moved to 'Am I Infected?' forum for removal help - AA


BC AdBot (Login to Remove)

 


#2 ex0syphen

ex0syphen

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:11:50 AM

Posted 30 October 2012 - 07:46 PM

It sounds like your hosts file has been messed with. Download and run this: Host Auto-Fix

If that dosen't work, do this: How to reset hosts file

Hope I could help!

What if there were no hypothetical situations?

 

 


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 30 October 2012 - 08:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 Hurley77

Hurley77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 31 October 2012 - 08:13 PM

Thanks for the replies.

Exosyphen - I did reset the host and when the computer restarted, IE did not get re-directed to Startsear however when I started my computer prior to that this evening, Malwarebytes found two more "trojan.hijack" files in my directory and quarentined them and then I deleted them.

Narenxp - I ran the TDSKiller however it did not find any infections

I did download aswMBR and updated the virus deinfitons and then ran a scan, the report is below.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 21:39:20
-----------------------------
21:39:20.140 OS Version: Windows 5.1.2600 Service Pack 3
21:39:20.140 Number of processors: 2 586 0x1706
21:39:20.140 ComputerName: DDLZQDG1 UserName:
21:39:20.859 Initialize success
21:41:25.468 AVAST engine defs: 12103101
21:44:32.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:44:32.515 Disk 0 Vendor: SAMSUNG_HD321KJ CP100-13 Size: 305245MB BusType: 3
21:44:32.578 Disk 0 MBR read successfully
21:44:32.578 Disk 0 MBR scan
21:44:32.625 Disk 0 unknown MBR code
21:44:32.625 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:44:32.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 301807 MB offset 96390
21:44:32.687 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 618213330
21:44:32.687 Disk 0 scanning sectors +625137345
21:44:32.750 Disk 0 scanning C:\WINDOWS\system32\drivers
21:44:41.562 Service scanning
21:44:55.906 Modules scanning
21:44:59.578 Disk 0 trace - called modules:
21:44:59.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:44:59.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b046ab8]
21:44:59.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x8afedf18]
21:44:59.609 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b048d98]
21:45:00.140 AVAST engine scan C:\WINDOWS
21:45:26.312 AVAST engine scan C:\WINDOWS\system32
21:47:59.609 AVAST engine scan C:\WINDOWS\system32\drivers
21:48:09.906 AVAST engine scan C:\Documents and Settings\Karen & Mike
22:07:05.046 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
22:07:05.093 The log file has been saved successfully to "E:\aswMBR.txt"


I ran out of time and will run the ESET online scanner when I am back on-line tommorrow or the next day...have to work all day tomorrow

Thanks for your help
Mike

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 31 October 2012 - 10:24 PM

:thumbup2:

#6 Hurley77

Hurley77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 02 November 2012 - 04:40 PM

Hello,

My computer is freezing everytime I log in so I am unable to do anything. Even ctrl-alt-delete will not work now. Any suggestions?

Mike

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 02 November 2012 - 04:50 PM

Boot into safemode with networking.

Can you run the scans now?

#8 Hurley77

Hurley77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 03 November 2012 - 07:35 AM

Hello,

I was able to finally able to log in and run the ESET online scanner. It took a long time however did complete the scan eventually. There were no threats thus there is on log to post.

I am not sure to do next. IE is not being redirected to Startsear any longer however I want to make sure there are no troajn hijacker files in my directory. Are there any other progrmas/scans that I should be using.

Thanks again
Mike

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 03 November 2012 - 08:15 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#10 Hurley77

Hurley77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 03 November 2012 - 11:25 AM

Hello again,

result of scans,

Malwarebytes

2012/11/03 08:17:14 -0300 DDLZQDG1 MESSAGE Starting protection
2012/11/03 08:17:14 -0300 DDLZQDG1 MESSAGE Protection started successfully
2012/11/03 08:17:14 -0300 DDLZQDG1 MESSAGE Starting IP protection
2012/11/03 08:17:30 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection started successfully
2012/11/03 08:18:09 -0300 DDLZQDG1 Karen & Mike MESSAGE Stopping protection
2012/11/03 08:18:09 -0300 DDLZQDG1 Karen & Mike MESSAGE Protection stopped successfully
2012/11/03 08:18:09 -0300 DDLZQDG1 Karen & Mike MESSAGE Stopping IP protection
2012/11/03 08:18:09 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection stopped successfully
2012/11/03 08:18:10 -0300 DDLZQDG1 Karen & Mike MESSAGE Protection stopped
2012/11/03 11:06:48 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting protection
2012/11/03 11:06:49 -0300 DDLZQDG1 Karen & Mike MESSAGE Protection started successfully
2012/11/03 11:06:49 -0300 DDLZQDG1 Karen & Mike MESSAGE Starting IP protection
2012/11/03 11:07:01 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection started successfully
2012/11/03 13:03:23 -0300 DDLZQDG1 MESSAGE Starting protection
2012/11/03 13:03:23 -0300 DDLZQDG1 MESSAGE Protection started successfully
2012/11/03 13:03:23 -0300 DDLZQDG1 MESSAGE Starting IP protection
2012/11/03 13:06:03 -0300 DDLZQDG1 Karen & Mike MESSAGE IP Protection started successfully

Minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Karen & Mike (administrator) on 03-11-2012 at 13:10:42
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DDLZQDG1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

Physical Address. . . . . . . . . : 00-1D-09-98-83-7A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 24.222.0.94

24.222.0.95

Lease Obtained. . . . . . . . . . : Saturday, November 03, 2012 1:03:06 PM

Lease Expires . . . . . . . . . . : Saturday, November 03, 2012 2:03:06 PM

Server: cns01.eastlink.ca
Address: 24.222.0.94

Name: google.com
Addresses: 74.125.226.5, 74.125.226.0, 74.125.226.3, 74.125.226.2
74.125.226.9, 74.125.226.1, 74.125.226.14, 74.125.226.6, 74.125.226.4
74.125.226.8, 74.125.226.7



Pinging google.com [74.125.226.3] with 32 bytes of data:



Reply from 74.125.226.3: bytes=32 time=39ms TTL=56

Reply from 74.125.226.3: bytes=32 time=36ms TTL=56



Ping statistics for 74.125.226.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 39ms, Average = 37ms

Server: cns01.eastlink.ca
Address: 24.222.0.94

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=82ms TTL=48

Reply from 98.138.253.109: bytes=32 time=121ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 121ms, Average = 101ms

Server: cns01.eastlink.ca
Address: 24.222.0.94

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1d 09 98 83 7a ...... Intel® 82562V-2 10/100 Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.7 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.7 192.168.0.7 20
192.168.0.7 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.7 192.168.0.7 20
224.0.0.0 240.0.0.0 192.168.0.7 192.168.0.7 20
255.255.255.255 255.255.255.255 192.168.0.7 192.168.0.7 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/03/2012 01:05:34 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2724 (0xaa4)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.15.1.0.461 / 5500.1093
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\wiavusd.dll
by C:\WINDOWS\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (11/03/2012 08:17:13 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3216 (0xc90)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.15.1.0.461 / 5500.1093
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (11/02/2012 09:27:06 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (11/03/2012 01:05:47 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/03/2012 01:05:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (11/03/2012 01:03:22 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (11/03/2012 11:06:37 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (11/03/2012 08:17:25 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/03/2012 08:15:28 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (11/02/2012 09:39:42 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (11/02/2012 09:38:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/02/2012 09:30:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (11/02/2012 09:30:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}


Microsoft Office Sessions:
=========================
Error: (11/03/2012 01:05:34 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002724 (0xaa4)0x7C90E514
Build VSCORE.15.1.0.461 / 5500.1093
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\wiavusd.dll
by C:\WINDOWS\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (11/03/2012 08:17:13 AM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003216 (0xc90)0x7C90E514
Build VSCORE.15.1.0.461 / 5500.1093
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (11/02/2012 09:27:06 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/02/2012 09:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player (Version: 11)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
BitTorrent (Version: 7.5.0)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.5.0.15)
Canon PhotoRecord (Version: 02.02.00013)
Canon PIXMA iP1500
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.0.0.8)
Canon Utilities CameraWindow DC (Version: 7.0.1.16)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.1.15)
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.0.5)
Canon Utilities PhotoStitch (Version: 3.1.20.44)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.0.0.246)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.0.0.19)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Dell DataSafe Online (Version: 1.0.21)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Version: 3.2.6032.55)
Dell System Restore (Version: 2.00.0000)
Dell Webcam Center
Dell Webcam Manager
DivX Converter (Version: 6.6.1)
Easy-WebPrint
Garmin Communicator Plugin (Version: 2.9.2)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin VoiceStudio v2.10 (Version: 2.10.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
InterVideo DeviceService (Version: 1.0.0)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Live! Cam Avatar Creator (Version: 4.5.3104.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee AntiVirus Plus (Version: 11.6.435)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Nike+ Connect (Version: 2.0)
PowerDVD (Version: 7.0)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.50.0)
Shared C Run-time for x86 (Version: 10.0.0)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
Ulead VideoStudio 11 (Version: 11.0.0.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB961813) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoStudio (Version: 11.0.0.0000)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 Release Candidate 1 (Version: 20090115.021447)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3061.1 MB
Available physical RAM: 2035.52 MB
Total Pagefile: 4946.02 MB
Available Pagefile: 3973.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.73 GB) (Free:214.85 GB) NTFS

========================= Users: ========================================

User accounts for \\DDLZQDG1

Admin Administrator Guest
HelpAssistant Karen & Mike SUPPORT_388945a0

========================= Restore Points ==================================

30-08-2012 12:13:43 System Checkpoint
15-09-2012 22:15:17 System Checkpoint
20-09-2012 00:31:16 System Checkpoint
22-09-2012 13:09:53 System Checkpoint
24-09-2012 21:24:37 System Checkpoint
26-09-2012 00:17:46 System Checkpoint
27-09-2012 01:01:09 System Checkpoint
30-09-2012 22:36:03 System Checkpoint
03-10-2012 23:21:57 System Checkpoint
05-10-2012 00:36:12 System Checkpoint
12-10-2012 21:09:45 System Checkpoint
13-10-2012 03:27:03 Installed Java™ 6 Update 35
15-10-2012 22:39:21 System Checkpoint
18-10-2012 20:45:54 Software Distribution Service 3.0
18-10-2012 22:19:05 Software Distribution Service 3.0
25-10-2012 22:31:28 System Checkpoint
27-10-2012 01:04:37 Removed Bonjour
27-10-2012 01:05:03 Removed Browser Address Error Redirector.
27-10-2012 01:05:58 Removed EZface ActiveX 210
27-10-2012 01:08:17 Removed MobileMe Control Panel
28-10-2012 02:10:28 System Checkpoint
30-10-2012 22:25:00 Installed Java™ 6 Update 37
01-11-2012 00:07:17 Installed Microsoft Fix it 50267
02-11-2012 23:40:27 System Checkpoint

**** End of log

Farbar results

Farbar Service Scanner Version: 03-11-2012
Ran by Karen & Mike (administrator) on 03-11-2012 at 13:12:57
Running from "C:\Documents and Settings\Karen & Mike\Local Settings\Temporary Internet Files\Content.IE5\GAU1A9RH"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdi2k(13) NetBT(5) PSched(7) Tcpip(3)
0x0D000000040000000100000002000000030000000D00000008000000050000000600000007000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

Adwcleaner

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 13:01:24
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Karen & Mike - DDLZQDG1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Karen & Mike\Local Settings\Temporary Internet Files\Content.IE5\7NRL7QY9\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Karen & Mike\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18372

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Karen & Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://startsear.info/" ]
Deleted [l.45] : search_url = "hxxp://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F",
Deleted [l.166] : urls_to_restore_on_startup = [ "hxxp://startsear.info/" ]

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Karen & Mike\Application Data\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://startsear.info

*************************

AdwCleaner[S1].txt - [3527 octets] - [03/11/2012 13:01:24]

########## EOF - C:\AdwCleaner[S1].txt - [3587 octets] #########

Junkware remover

Junkware Removal Tool (JRT) by Thisisu
Version: 2.5.6 (11.03.2012)
OS: Microsoft Windows XP x86
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Sat 11/03/2012 at 13:21:58.98
End of Report

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 03 November 2012 - 12:36 PM

Uninstall mcafee,restart the PC and install microsoft security essentials

http://www.microsoft.com/en-in/download/details.aspx?id=5201


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

What other issues do you have?

#12 Hurley77

Hurley77
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 03 November 2012 - 07:26 PM

Hello,

I uninstalled McAfee and installed Microsoft Essentials - should I reinstall McAfee now or Microsoft Essentials good enought?

rkill log below:

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/03/2012 09:19:31 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/03/2012 09:19:56 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)


I wan not able to run the autoruns because ti said that I needed to purchase winrar.

It appears that my comuter is now clean - do you agree?

Thanks for all your help!

Mike

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 03 November 2012 - 07:53 PM

Microsoft security essentials is good.

System looks clean

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users