Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook Strippers, and odd things


  • Please log in to reply
6 replies to this topic

#1 therealtabby

therealtabby

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Canada
  • Local time:11:39 AM

Posted 19 November 2012 - 09:39 AM

I have two computers:

One operates Windows XP SP3 and will not install a Security Update (specifically KB960859). I recently stripped the whole computer back to a recovery using Norton Ghost (?). Back to the factory settings.

That seemed to solve the majority of the issues, but the one security update will NOT install. Any thoughts?

The second computer runs Windows Vista - it's a little older and makes funny noises from time to time. I have run all of the usual malware stuff (MBAM, SAS) but when I go onto my facebook, there will be suggested subscriptions for strippers and XXX stars. To my mind, this would tell me there is a virus in there somewhere.

Any direction or advice you could provide would be GREATLY appreciated.
Tabby

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 PM

Posted 19 November 2012 - 10:30 AM

Hello therealtabby

The XP machine may have an MBR infection.
Lets check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.



aswMBR
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


For Vista we will run these.

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>

Please Download

TDSSkiller

Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



ESET ONLINE

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 therealtabby

therealtabby
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Canada
  • Local time:11:39 AM

Posted 21 November 2012 - 09:19 AM

Boopme - VERY pleased to make your acquaintance. Since I'm doing this on two different computers, I'll break the replies into XP and VISTA - more for my own sanity.

VISTA: Here is the log for the MiniToolbox run. I will run the other items and post them separately. :)
MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Summerberry Organics (administrator) on 21-11-2012 at 08:04:06
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15069 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Fred
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-1A-92-41-C1-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : November-19-12 9:28:37 PM
Lease Expires . . . . . . . . . . : November-21-12 9:28:38 PM
Default Gateway . . . . . . . . . : 172.16.1.254
DHCP Server . . . . . . . . . . . : 172.16.1.254
DNS Servers . . . . . . . . . . . : 172.16.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: home
Address: 172.16.1.254

Name: google.com
Addresses: 2607:f8b0:400b:801::1004
74.125.226.34
74.125.226.32
74.125.226.41
74.125.226.39
74.125.226.38
74.125.226.36
74.125.226.33
74.125.226.46
74.125.226.35
74.125.226.37
74.125.226.40



Pinging google.com [74.125.226.39] with 32 bytes of data:

Reply from 74.125.226.39: bytes=32 time=39ms TTL=57

Reply from 74.125.226.39: bytes=32 time=39ms TTL=57



Ping statistics for 74.125.226.39:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 39ms, Average = 39ms

Server: home
Address: 172.16.1.254

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=155ms TTL=54

Reply from 72.30.38.140: bytes=32 time=95ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 95ms, Maximum = 155ms, Average = 125ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
8 ...00 1a 92 41 c1 83 ...... Intel® PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.254 172.16.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.1.0 255.255.255.0 On-link 172.16.1.64 276
172.16.1.64 255.255.255.255 On-link 172.16.1.64 276
172.16.1.255 255.255.255.255 On-link 172.16.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/20/2012 03:02:29 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 16.0.2.4680, time stamp 0x50882871, faulting module xul.dll, version 16.0.2.4680, time stamp 0x508827d6, exception code 0xc0000005, fault offset 0x00130ef7,
process id 0x1278, application start time 0xfirefox.exe0.

Error: (11/18/2012 08:07:31 PM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location J:\. The error is: The backup disk has a corrupted file system. Fix it using the disk error checking tool, or choose a different backup location. (0x81000008).

Error: (11/18/2012 08:06:26 PM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location J:\. The error is: The backup disk has a corrupted file system. Fix it using the disk error checking tool, or choose a different backup location. (0x81000008).

Error: (11/03/2012 08:37:14 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/19/2012 07:50:21 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (10/18/2012 08:10:05 AM) (Source: Application Hang) (User: )
Description: The program msnmsgr.exe version 15.4.3555.308 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: eec
Start Time: 01cdad36077bc309
Termination Time: 0

Error: (10/16/2012 09:43:15 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 5.10.0.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c70
Start Time: 01cdaba0f9972fd1
Termination Time: 585

Error: (10/11/2012 02:16:09 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.5.2.295, time stamp 0x5017c048, faulting module Updater.api_unloaded, version 0.0.0.0, time stamp 0x50179e90, exception code 0xc0000005, fault offset 0x66597bb1,
process id 0x12e0, application start time 0xAcroRd32.exe0.

Error: (10/11/2012 02:15:56 PM) (Source: Application Error) (User: )
Description: Faulting application AcroRd32.exe, version 9.5.2.295, time stamp 0x5017c048, faulting module Updater.api_unloaded, version 0.0.0.0, time stamp 0x50179e90, exception code 0xc0000005, fault offset 0x665ad9f2,
process id 0x12e0, application start time 0xAcroRd32.exe0.

Error: (10/11/2012 03:12:54 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog


System errors:
=============
Error: (11/20/2012 03:03:23 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/19/2012 09:29:27 PM) (Source: Service Control Manager) (User: )
Description: Security Services Driver (x86)%%2

Error: (11/19/2012 09:29:27 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/19/2012 09:29:27 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (11/19/2012 09:29:27 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (11/19/2012 09:23:44 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (11/19/2012 09:23:44 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (11/19/2012 09:23:44 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (11/19/2012 09:23:44 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (11/19/2012 09:16:47 PM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053


Microsoft Office Sessions:
=========================
Error: (08/29/2011 07:47:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1480 seconds with 240 seconds of active time. This session ended with a crash.

Error: (06/21/2011 08:21:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2817 seconds with 120 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-11-18 19:39:55.915
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET83D4.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:55.718
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET83D4.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:55.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET83D4.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:55.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET83D4.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:52.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET717B.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:52.784
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET717B.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:52.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET717B.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:39:52.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SET717B.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:38:00.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-18 19:38:00.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.7.186)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.5.2 (Version: 9.5.2)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.14 (Unicode)
AVG 2013 (Version: 13.0.2629)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
AVG Security Toolbar
Bonjour (Version: 3.0.0.10)
Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.9)
Enhanced Multimedia Keyboard Solution
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FFmpeg v0.6.2 for Audacity
GearDrvs (Version: 1.00.0000)
Google Update Helper (Version: 1.3.21.123)
Hardware Diagnostic Tools (Version: 5.00.4262.12)
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 1.00.0000)
HP Customer Feedback (Version: 1.0.0)
HP Driver Diagnostics (Version: 1.03.0005)
HP Easy Setup - Core (Version: 1.00.0000)
HP Easy Setup - Frontend (Version: 5.00.0000)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Total Care Advisor (Version: 1.0.90)
HP Update (Version: 4.000.011.006)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® Viiv™ Software (Version: 1.6.361.6)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 6 (Version: 1.6.0.60)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity
LAME v3.99.3 (for Windows)
LG USB Modem driver
LightScribe 1.4.124.1 (Version: 1.4.124.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee autoProducer 5.0 (Version: 5.00.050)
NVIDIA PhysX v8.10.29 (Version: 8.10.29)
Paint.NET v3.5.8 (Version: 3.58.0)
Photo Viewer S2.5 (Version: 2.5)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Python 2.4.3 (Version: 2.4.3150)
QuickBooks Pro 2009 (Version: )
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.5548)
Riven
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Basic v9 (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator EasyArchive (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Segoe UI (Version: 15.4.2271.0615)
Sid Meier's Civilization 4 (Version: 1.00.0000)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
Spybot - Search & Destroy (Version: 1.6.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 1013.77 MB
Available physical RAM: 194.48 MB
Total Pagefile: 2291.78 MB
Available Pagefile: 821.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.26 MB

========================= Partitions: =====================================

1 Drive c: (RAUL) (Fixed) (Total:291.82 GB) (Free:200.33 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:6.27 GB) (Free:0.58 GB) NTFS
8 Drive j: (VERBATIM HD) (Fixed) (Total:465.64 GB) (Free:445.33 GB) FAT32

========================= Users: ========================================

User accounts for \\FRED

Administrator ASPNET BPT Contracting
Guest IUSR_NMPR Summerberry Organics
Tammy


**** End of log ****

#4 therealtabby

therealtabby
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Canada
  • Local time:11:39 AM

Posted 21 November 2012 - 09:29 AM

Boopme - this post is sent from the XP computer.

I cannot find an option to save MBR.exe to the root directory. When firefox downloads it, it goes to the downloads folder, and when I double click it, there is only a "run" or "cancel" option.

My fear of lousing something up prevents me from just "running" it. How do I save it to the correct location?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 PM

Posted 21 November 2012 - 02:48 PM

Hi Tammy,If you right click on the file in downloads and select Properties
does it show you a Path// eg C:\ downloads ....
then that is oK use


Post the Vista logs when you get them.

Edited by boopme, 21 November 2012 - 02:51 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 therealtabby

therealtabby
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Central Canada
  • Local time:11:39 AM

Posted 03 December 2012 - 09:04 AM

Boopme - it does not appear that I can change the path for mbr...I tried the properties box, and all I could find was an "unblock" option. My apologies for being so inept at this!! Shall I remove what I have (mbr) and try downloading it again?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:39 PM

Posted 03 December 2012 - 12:08 PM

OK, it can be the malware.. Lets move you to where we can get a deeper look.
Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users