Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet browser flashes on and then off- Can't connect


  • This topic is locked This topic is locked
22 replies to this topic

#1 Smegal

Smegal

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 11 December 2012 - 10:53 PM

Hello, I was downloading a utility software to create an ISO image of an windows XP disk and obtained a virus. I am unable to connect to internet explorer. IE will pop up and then close rapidly. I am unable to run a complete scan using my Norton AV. I did run spybot and malwarebytes and delelted the files that were found. The internet connectivity issue continues. Below is my HJT report. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:51 PM, on 12/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Todd\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
F:\HijackThis.exe
C:\Program Files\Google\Update\GoogleUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Online plug-in.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295308285390
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\Todd\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 10605 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 15 December 2012 - 10:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Use a good computer to download these tools.
Copy them to the desktop of the problem computer and run them.

You may also be able to download these files if you boot to Safe Mode and select Internet connectivity.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.

#3 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 15 December 2012 - 12:18 PM

Hi Nasdaq , Thanks for your assistance. Below are my logs:

MiniToolBox by Farbar Version: 25-11-2012
Ran by Todd (administrator) on 15-12-2012 at 11:07:18
Running from "C:\Documents and Settings\Todd\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

========================= IP Configuration: ================================

Intel® 82566DM-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : optiplex755 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82566DM-2 Gigabit Network Connection Physical Address. . . . . . . . . : 00-21-70-1E-B9-F9 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 68.105.28.11 68.105.29.11 68.105.28.12 Lease Obtained. . . . . . . . . . : Saturday, December 15, 2012 8:39:59 AM Lease Expires . . . . . . . . . . : Sunday, December 16, 2012 8:39:59 AMServer: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.224.166, 74.125.224.167, 74.125.224.168, 74.125.224.169
74.125.224.174, 74.125.224.160, 74.125.224.161, 74.125.224.162, 74.125.224.163
74.125.224.164, 74.125.224.165

Pinging google.com [74.125.224.167] with 32 bytes of data:Reply from 74.125.224.167: bytes=32 time=49ms TTL=52Reply from 74.125.224.167: bytes=32 time=49ms TTL=52Ping statistics for 74.125.224.167: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 49ms, Maximum = 49ms, Average = 49msServer: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=244ms TTL=54Reply from 72.30.38.140: bytes=32 time=127ms TTL=54Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 127ms, Maximum = 244ms, Average = 185msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 1e b9 f9 ...... Intel® 82566DM-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/12/2012 09:37:49 PM) (Source: Application Error) (User: )
Description: Faulting application adaware_installer.exe, version 10.4.47.4163, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [adaware_installer.exe!ws!]

Error: (12/09/2012 05:08:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieui.dll, version 8.0.6001.18702, fault address 0x0000c6a4.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/08/2012 06:40:16 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 06:23:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 05:56:47 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 05:56:15 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 05:38:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 01:45:25 PM) (Source: Application Error) (User: )
Description: Faulting application ccsvchst.exe, version 11.2.3.6, faulting module symhtml.dll, version 6.5.0.23, fault address 0x0012911d.
Processing media-specific event for [ccsvchst.exe!ws!]

Error: (12/08/2012 00:11:06 PM) (Source: Application Hang) (User: )
Description: Hanging application ccsvchst.exe, version 11.2.3.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2012 09:40:42 AM) (Source: Application Hang) (User: )
Description: Hanging application nero.exe, version 6.6.0.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (12/14/2012 00:05:28 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/14/2012 00:05:28 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/14/2012 00:05:28 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (12/11/2012 01:43:05 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 01:43:04 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 01:43:03 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 10:36:39 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 10:36:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 10:36:37 AM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (12/11/2012 10:36:36 AM) (Source: 0) (User: )
Description: \Device\CdRom1


Microsoft Office Sessions:
=========================
Error: (12/12/2012 09:37:49 PM) (Source: Application Error)(User: )
Description: adaware_installer.exe10.4.47.41630.0.0.000000000

Error: (12/09/2012 05:08:44 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ieui.dll8.0.6001.187020000c6a4

Error: (12/08/2012 06:40:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/08/2012 06:23:25 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/08/2012 05:56:47 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/08/2012 05:56:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/08/2012 05:38:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/08/2012 01:45:25 PM) (Source: Application Error)(User: )
Description: ccsvchst.exe11.2.3.6symhtml.dll6.5.0.230012911d

Error: (12/08/2012 00:11:06 PM) (Source: Application Hang)(User: )
Description: ccsvchst.exe11.2.3.6hungapp0.0.0.000000000

Error: (12/08/2012 09:40:42 AM) (Source: Application Hang)(User: )
Description: nero.exe6.6.0.13hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
ACDSee 4.0 (Version: 4.00.0000)
Ad-Aware Browsing Protection (Version: 1.0.1.80)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (PNA) (Version: 12.1.0.30)
Citrix online plug-in (SSON) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Connect (Version: 1.0.0.1)
Coupon Printer for Windows (Version: 5.0.0.1)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.10.0000)
ExplorerXP (remove only)
Freemake Video Converter version 3.0.2 (Version: 3.0.2)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
ImageMixer 3 SE Ver.5 Transfer Utility (Version: 3.04.009)
ImageMixer 3 SE Ver.5 Video Tools (Version: 3.04.014)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Intel® Active Management Technology
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.1.5.3)
Java™ 6 Update 15 (Version: 6.0.150)
Java™ 7 Update 2 (Version: 7.0.20)
JavaFX 2.0.2 (Version: 2.0.2)
kuler (Version: 2.0)
Logitech Unifying Software 2.00 (Version: 2.00.43)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Music Transfer Utility Ver.2 (Version: 1.01.006)
Nero Suite
Network (Version: 140.0.215.000)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.0.2)
Norton AntiVirus (Version: 19.9.0.9)
Octoshape add-in for Adobe Flash Player
PDF Settings CS4 (Version: 9.0)
Pdf995
Photoshop Camera Raw (Version: 5.0)
Picasa 3 (Version: 3.8)
Picture Control Utility (Version: 1.0.3)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.69.80.9)
QuickTransfer (Version: 140.0.98.000)
Scan (Version: 140.0.80.000)
SoundMAX (Version: 5.10.01.5491)
Spybot - Search & Destroy (Version: 1.6.2)
Stamps.com (Version: 9.6.1.2323)
Stamps.com Application Support for Microsoft Word 2000-2010 (Version: 8.7.0.1506)
Stamps.com support for Microsoft Word 2000-2010
Suite Shared Configuration CS4 (Version: 1.0)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 140.0.428.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
ViewNX (Version: 1.0.3)
WebFldrs XP (Version: 9.50.5318)
WebReg (Version: 140.0.212.017)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)

**** End of log ****



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/16/2011 8:40:06 PM
System Uptime: 12/15/2012 8:38:30 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0PU052
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | CPU | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 12.995 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 149 GiB total, 76.497 GiB free.
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP426: 9/17/2012 3:30:30 AM - System Checkpoint
RP427: 9/18/2012 4:23:28 AM - System Checkpoint
RP428: 9/19/2012 5:01:11 AM - System Checkpoint
RP429: 9/20/2012 5:49:20 AM - System Checkpoint
RP430: 9/21/2012 5:57:06 AM - System Checkpoint
RP431: 9/22/2012 6:35:36 AM - System Checkpoint
RP432: 9/23/2012 6:40:10 AM - System Checkpoint
RP433: 9/24/2012 7:47:00 AM - System Checkpoint
RP434: 9/25/2012 7:57:10 AM - System Checkpoint
RP435: 9/26/2012 8:45:27 AM - System Checkpoint
RP436: 9/27/2012 9:41:10 AM - System Checkpoint
RP437: 9/28/2012 10:18:53 AM - System Checkpoint
RP438: 9/29/2012 11:26:29 AM - System Checkpoint
RP439: 9/30/2012 12:43:33 PM - System Checkpoint
RP440: 10/1/2012 1:37:40 PM - System Checkpoint
RP441: 10/2/2012 2:11:04 PM - System Checkpoint
RP442: 10/3/2012 7:47:08 PM - System Checkpoint
RP443: 10/4/2012 8:18:53 PM - System Checkpoint
RP444: 10/5/2012 8:34:12 PM - System Checkpoint
RP445: 10/6/2012 8:46:06 PM - System Checkpoint
RP446: 10/7/2012 9:22:33 PM - System Checkpoint
RP447: 10/8/2012 10:27:13 PM - System Checkpoint
RP448: 10/9/2012 11:06:22 PM - System Checkpoint
RP449: 10/11/2012 12:00:21 AM - System Checkpoint
RP450: 10/12/2012 1:00:15 AM - System Checkpoint
RP451: 10/13/2012 1:46:32 AM - System Checkpoint
RP452: 10/14/2012 2:37:33 AM - System Checkpoint
RP453: 10/15/2012 3:14:05 AM - System Checkpoint
RP454: 10/16/2012 3:22:29 AM - System Checkpoint
RP455: 10/17/2012 4:15:38 AM - System Checkpoint
RP456: 10/18/2012 5:09:56 AM - System Checkpoint
RP457: 10/19/2012 6:03:53 AM - System Checkpoint
RP458: 10/20/2012 7:10:52 AM - System Checkpoint
RP459: 10/21/2012 7:53:09 AM - System Checkpoint
RP460: 10/22/2012 8:02:04 AM - System Checkpoint
RP461: 10/23/2012 8:06:22 AM - System Checkpoint
RP462: 10/24/2012 9:01:54 AM - System Checkpoint
RP463: 10/25/2012 9:53:55 AM - System Checkpoint
RP464: 10/26/2012 10:48:26 AM - System Checkpoint
RP465: 10/27/2012 11:58:23 AM - System Checkpoint
RP466: 10/28/2012 11:59:41 AM - System Checkpoint
RP467: 10/29/2012 1:26:00 PM - System Checkpoint
RP468: 10/30/2012 1:39:54 PM - System Checkpoint
RP469: 10/31/2012 2:57:27 PM - System Checkpoint
RP470: 11/1/2012 3:45:23 PM - System Checkpoint
RP471: 11/2/2012 3:50:10 PM - System Checkpoint
RP472: 11/3/2012 5:22:15 PM - System Checkpoint
RP473: 11/4/2012 4:57:23 PM - System Checkpoint
RP474: 11/5/2012 5:09:41 PM - System Checkpoint
RP475: 11/6/2012 5:42:02 PM - System Checkpoint
RP476: 11/7/2012 7:02:46 PM - System Checkpoint
RP477: 11/8/2012 7:18:31 PM - System Checkpoint
RP478: 11/9/2012 7:46:15 PM - System Checkpoint
RP479: 11/10/2012 8:40:50 PM - System Checkpoint
RP480: 11/11/2012 9:53:13 PM - System Checkpoint
RP481: 11/12/2012 10:20:57 PM - System Checkpoint
RP482: 11/13/2012 11:03:44 PM - System Checkpoint
RP483: 11/16/2012 9:13:20 AM - System Checkpoint
RP484: 11/17/2012 2:34:55 PM - System Checkpoint
RP485: 11/18/2012 2:41:23 PM - System Checkpoint
RP486: 11/19/2012 3:21:38 PM - System Checkpoint
RP487: 11/20/2012 3:57:36 PM - System Checkpoint
RP488: 11/21/2012 4:26:27 PM - System Checkpoint
RP489: 11/22/2012 4:48:54 PM - System Checkpoint
RP490: 11/23/2012 5:46:49 PM - System Checkpoint
RP491: 11/24/2012 5:58:13 PM - System Checkpoint
RP492: 11/25/2012 6:53:27 PM - System Checkpoint
RP493: 11/26/2012 10:56:05 PM - System Checkpoint
RP494: 11/27/2012 11:41:41 PM - System Checkpoint
RP495: 11/29/2012 12:02:37 AM - System Checkpoint
RP496: 11/30/2012 12:56:59 AM - System Checkpoint
RP497: 12/1/2012 1:28:13 AM - System Checkpoint
RP498: 12/2/2012 1:47:48 AM - System Checkpoint
RP499: 12/3/2012 2:40:40 AM - System Checkpoint
RP500: 12/4/2012 3:35:18 AM - System Checkpoint
RP501: 12/5/2012 4:33:09 AM - System Checkpoint
RP502: 12/6/2012 5:33:00 AM - System Checkpoint
RP503: 12/7/2012 6:33:00 AM - System Checkpoint
RP504: 12/8/2012 12:29:12 PM - Restore Operation
RP505: 12/8/2012 12:37:49 PM - Restore Operation
RP506: 12/9/2012 12:39:56 PM - System Checkpoint
RP507: 12/10/2012 1:13:15 PM - System Checkpoint
RP508: 12/11/2012 1:21:22 PM - System Checkpoint
RP509: 12/12/2012 2:05:16 PM - System Checkpoint
RP510: 12/13/2012 5:05:00 PM - System Checkpoint
RP511: 12/14/2012 5:31:41 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ACDSee 4.0
Ad-Aware Browsing Protection
Adobe Acrobat 4.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C4700
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Citrix online plug-in
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Connect
Coupon Printer for Windows
Dell Driver Download Manager
Dell Resource CD
ExplorerXP (remove only)
Freemake Video Converter version 3.0.2
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
ImageMixer 3 SE Ver.5 Transfer Utility
ImageMixer 3 SE Ver.5 Video Tools
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® PRO Network Connections Drivers
Intel® Active Management Technology
iTunes
Java Auto Updater
Java™ 6 Update 15
Java™ 7 Update 2
JavaFX 2.0.2
kuler
Logitech Unifying Software 2.00
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Music Transfer Utility Ver.2
Nero Suite
Network
Nikon Message Center
Nikon Transfer
Norton AntiVirus
Octoshape add-in for Adobe Flash Player
PDF Settings CS4
Pdf995
Photoshop Camera Raw
Picasa 3
Picture Control Utility
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SoundMAX
Spybot - Search & Destroy
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Suite Shared Configuration CS4
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX
WebFldrs XP
WebReg
Windows 7 Upgrade Advisor
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/8/2012 9:54:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/8/2012 9:54:45 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2012 6:35:40 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/8/2012 2:33:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2012 2:30:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/8/2012 2:29:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/8/2012 1:57:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV ctxusbm eeCtrl Fips intelppm SRTSP SRTSPX SymIRON SYMTDI
12/10/2012 7:31:47 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1.
.
==== End Of File ===========================

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 15 December 2012 - 02:43 PM

I would like to see the DDS.txt report. Please post it.

Let me know if your internet connection has returned.

#5 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 15 December 2012 - 02:55 PM

No Internet Connection

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by Todd at 11:12:12 on 2012-12-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3045.2449 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Todd\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\19.9.0.9\ips\ipsbho.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\todd\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295308285390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B410B679-0DA6-4CCD-965C-950257D09B06} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-12 13560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1309000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1309000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-12-3 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1309000.009\ccsetx86.sys [2012-10-1 132768]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1309000.009\ironx86.sys [2012-10-1 149624]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\todd\application data\defaulttab\defaulttab\DTUpdate.exe [2012-12-8 107520]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2011-1-17 2519040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-4 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20121214.001\IDSXpx86.sys [2012-12-15 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20121214.020\NAVENG.SYS [2012-12-15 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20121214.020\NAVEX15.SYS [2012-12-15 1601184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11113.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11113.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Acrobat.exe: print="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
ShellExec: Acrobat.exe: printto="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
.
=============== Created Last 30 ================
.
2012-12-15 04:43:01 -------- d-----w- c:\documents and settings\todd\local settings\application data\adawarebp
2012-12-13 03:17:34 -------- d-----w- c:\documents and settings\todd\application data\LavasoftStatistics
2012-12-13 03:17:10 -------- d-----w- c:\documents and settings\todd\local settings\application data\Downloaded Installations
2012-12-13 03:16:58 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-12-13 03:16:58 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-13 03:16:07 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-12-13 03:16:05 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-12-13 03:16:00 -------- d-----w- c:\program files\adawaretb
2012-12-13 03:16:00 -------- d-----w- c:\documents and settings\todd\application data\adawaretb
2012-12-13 03:15:59 -------- d-----w- c:\program files\Toolbar Cleaner
2012-12-13 03:15:20 -------- d-----w- c:\documents and settings\todd\application data\Ad-Aware Antivirus
2012-12-13 02:10:10 299520 ----a-w- c:\windows\uninst.exe
2012-12-11 01:26:57 -------- d-----w- c:\documents and settings\todd\application data\Malwarebytes
2012-12-11 01:26:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-11 01:26:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 01:26:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-08 15:22:30 -------- d-----w- c:\documents and settings\todd\application data\DefaultTab
2012-12-08 15:22:13 -------- d-----w- c:\program files\Yahoo!
2012-12-05 02:07:17 -------- d-----w- c:\documents and settings\todd\application data\RoboForm
2012-12-05 02:01:40 -------- d-----w- c:\program files\Siber Systems
2012-11-22 15:15:04 -------- d-----w- c:\documents and settings\todd\jagexcache
2012-11-19 16:19:49 -------- d-----w- c:\documents and settings\all users\application data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
2012-11-19 16:18:16 -------- d-----w- c:\program files\Stamps.com Internet Postage
2012-11-19 16:10:38 -------- d-----w- c:\program files\common files\SWF Studio
.
==================== Find3M ====================
.
2012-10-23 03:21:11 59 ----a-w- c:\windows\wpd99.drv
.
============= FINISH: 11:13:49.59 ===============

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 16 December 2012 - 09:41 AM

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key

===

If that fails,

Download this file and run this tool from the desktop of the problem computer.
Good tutorial here on WinsockXPFix.
http://www.iup.edu/house/resnet/winfix.shtm

Keep me posted.

Edited by nasdaq, 16 December 2012 - 09:42 AM.


#7 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 16 December 2012 - 11:27 AM

I attempted to run the winsockxp app you sent me but it would not run. I found another copy here:
http://www.techsupportteam.org/forum/tutorials/1520-winsock-xp-fix.html and ran it. See attached image.

The IE browser continues to open and then close rapidly.

Todd

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 16 December 2012 - 01:34 PM

The IE browser continues to open and then close rapidly.

This does not necessary mean that there is not internet connection.

IE could be damaged.
===

Can you install Firefox?

You can download the installation program from here.

http://www.mozilla.org/en-US/firefox/all.html

Make sure you download the correct version.

Can you connect with Firefox?

#9 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 16 December 2012 - 05:24 PM

I downloaded firefox and I am able to connect to the internet now :)

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 17 December 2012 - 11:49 AM

As suspected your Internet Explorer is damaged.

Navigate to this Microsoft page

How to reinstall or repair Internet Explorer in Windows 7, Windows Vista, and Windows XP
http://support.microsoft.com/kb/318378

You can first try the Run Me option if that fails see what else is suggested.

Having said all this for now since you have an internet connection please do the following.
After I have reviewed your logs and if the problem persists with IE you can then proceed with the above.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#11 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 December 2012 - 07:54 PM

Below is my combofix.txt file. I could not launch Microsoft Internet Explorer. Other files to come next.


ComboFix 12-12-17.02 - Todd 12/17/2012 17:58:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3045.2210 [GMT -6:00]
Running from: c:\documents and settings\Todd\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brody\WINDOWS
c:\documents and settings\Mary\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Todd\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Todd\Application Data\Google Talk
c:\documents and settings\Todd\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-16 22:25 . 2012-12-16 22:25 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Mozilla
2012-12-16 16:02 . 2012-12-16 16:02 -------- d-----w- c:\program files\Yontoo
2012-12-16 16:02 . 2012-12-16 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-12-15 04:43 . 2012-12-15 04:43 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\adawarebp
2012-12-14 18:05 . 2012-12-14 18:15 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\adawarebp
2012-12-13 03:17 . 2012-12-13 03:17 -------- d-----w- c:\documents and settings\Todd\Application Data\LavasoftStatistics
2012-12-13 03:17 . 2012-12-13 03:17 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Downloaded Installations
2012-12-13 03:16 . 2012-12-13 03:39 44424 ----a-w- c:\windows\system32\sbbd.exe
2012-12-13 03:16 . 2012-12-13 03:39 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-13 03:16 . 2012-12-13 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-12-13 03:16 . 2012-12-13 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-12-13 03:16 . 2012-12-13 03:16 -------- d-----w- c:\program files\adawaretb
2012-12-13 03:16 . 2012-12-13 03:16 -------- d-----w- c:\documents and settings\Todd\Application Data\adawaretb
2012-12-13 03:15 . 2012-12-13 03:15 -------- d-----w- c:\program files\Toolbar Cleaner
2012-12-13 03:15 . 2012-12-13 03:15 -------- d-----w- c:\documents and settings\Todd\Application Data\Ad-Aware Antivirus
2012-12-13 02:10 . 1997-04-08 21:08 299520 ----a-w- c:\windows\uninst.exe
2012-12-11 01:26 . 2012-12-11 01:26 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2012-12-11 01:26 . 2012-12-11 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-11 01:26 . 2012-12-11 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-11 01:26 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 16:22 . 2012-12-08 20:25 -------- d-----w- c:\documents and settings\Administrator
2012-12-08 15:24 . 2012-12-08 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-12-08 15:22 . 2012-12-08 15:41 -------- d-----w- c:\documents and settings\Todd\Application Data\Yahoo!
2012-12-08 15:22 . 2012-12-18 00:13 -------- d-----w- c:\documents and settings\Todd\Application Data\DefaultTab
2012-12-08 15:22 . 2012-12-08 15:24 -------- d-----w- c:\program files\Yahoo!
2012-12-05 02:07 . 2012-12-05 02:07 -------- d-----w- c:\documents and settings\Todd\Application Data\RoboForm
2012-12-05 02:04 . 2012-12-05 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2012-12-05 02:01 . 2012-12-05 02:01 -------- d-----w- c:\program files\Siber Systems
2012-11-23 02:06 . 2012-11-23 02:06 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Ahead
2012-11-23 02:00 . 2012-11-23 02:00 -------- d-----w- c:\documents and settings\Mary\Application Data\.minecraft
2012-11-22 23:02 . 2012-11-22 23:02 -------- d-----w- c:\documents and settings\Mary\jagexcache
2012-11-22 15:15 . 2012-11-22 15:15 -------- d-----w- c:\documents and settings\Todd\jagexcache
2012-11-19 16:27 . 2012-11-19 16:37 -------- d-----w- c:\documents and settings\Mary\Application Data\Stamps.com Internet Postage
2012-11-19 16:19 . 2012-11-19 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
2012-11-19 16:19 . 2012-11-19 16:19 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\{D34A03D8-6F0C-4539-BAF0-DDA6FD6377D6}
2012-11-19 16:18 . 2012-11-19 16:27 -------- d-----w- c:\program files\Stamps.com Internet Postage
2012-11-19 16:16 . 2012-11-19 16:16 -------- d-----w- c:\documents and settings\Mary\Local Settings\Application Data\Seven Zip
2012-11-19 16:10 . 2012-11-19 16:10 -------- d-----w- c:\program files\Common Files\SWF Studio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-29 08:27 . 2012-12-16 22:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 137752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
Nikon Monitor.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - [N/A]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - [N/A]
Microsoft Office.lnk - [N/A]
Online plug-in.lnk - [N/A]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
2009-12-01 18:43 401408 ----a-w- c:\program files\Intel\AMT\atchk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"atchksrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Todd\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/12/2012 9:16 PM 13560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1309000.009\symds.sys [10/1/2012 3:19 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1309000.009\symefa.sys [10/1/2012 3:19 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [12/3/2012 12:07 PM 995488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1309000.009\ccsetx86.sys [10/1/2012 3:19 PM 132768]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [7/14/2010 11:51 AM 65584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1309000.009\ironx86.sys [10/1/2012 3:19 PM 149624]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 3:19 PM 138272]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 6:21 AM 92592]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [1/17/2011 8:26 PM 2519040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2012 2:18 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20121214.001\IDSXpx86.sys [12/15/2012 9:02 AM 373728]
S3 EraserUtilDrv11113;EraserUtilDrv11113;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 00:53]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 00:53]
.
2012-12-17 c:\windows\Tasks\User_Feed_Synchronization-{97A44D64-462F-4E6E-951A-4880B3C3A626}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/LTOCX14N.cab
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sbhtc2xv.default\
FF - ExtSQL: 2012-12-15 09:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Todd\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-17 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(872)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-12-17 18:51:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-18 00:51
.
Pre-Run: 16,688,009,216 bytes free
Post-Run: 19,308,220,416 bytes free
.
- - End Of File - - 46D87315F0EAB9038D0EA2DBE31025F1

#12 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 December 2012 - 08:01 PM

Checkup.txt file below:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
N
o
r
t
o
n
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.0.2
Java™ 6 Update 15
Java™ 7 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Norton AntiVirus Engine 19.9.0.9 ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

#13 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 December 2012 - 08:04 PM

AdwCleaner.txt file below:

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 19:06:37
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Todd - OPTIPLEX755
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Todd\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\DOCUME~1\Brody\LOCALS~1\Temp\AskSearch
Folder Found : C:\DOCUME~1\Brody\LOCALS~1\Temp\BabylonToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found : C:\Documents and Settings\Brody\Application Data\Babylon
Folder Found : C:\Documents and Settings\Brody\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Brody\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Documents and Settings\Mary\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Todd\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\Todd\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109935&babsrc=NT_ss&mntrId=181cb7440000000000000021701eb9f9

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sbhtc2xv.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4709 octets] - [17/12/2012 19:06:37]

########## EOF - C:\AdwCleaner[R1].txt - [4769 octets] ##########

#14 Smegal

Smegal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 December 2012 - 08:32 PM

Internet Explorer will not launch at this point.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 PM

Posted 18 December 2012 - 10:07 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 15
Java™ 7 Update 2


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..
===

As suspected your Internet Explorer is damaged.

Navigate to this Microsoft page

How to reinstall or repair Internet Explorer in Windows 7, Windows Vista, and Windows XP
http://support.microsoft.com/kb/318378

You can first try the Run Me option if that fails see what else is suggested.


For now run the fix on the Microsoft page. Click on the Run Now button. Let it finish and restart the computer.

Post the logs and let me know if the problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users