Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have picked up a redirect virus on searches.


  • This topic is locked This topic is locked
17 replies to this topic

#1 Happyjoe

Happyjoe

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 14 December 2012 - 11:04 AM

I have picked up some type of redirect virus or malware. All searches get redirected. Have tried Firefox, Opera, IE, and Google Chrome. When I start a search I can get to the 1st page where it gives the different sites to choose from. When I click on one it's redirected.

I've ran Spybot-SD, Malwarebytes, rebooted several times. Nothing helps. This started a few weeks ago and I'm ready to get rid of it. I joined this board for help a few days back. Got ahead of myself and ran Combo fix not knowing I should not have without guidance. I know better now. Just got the log and did not go further. Doing searches on my laptop which is ok.

Running XP-pro with sp3.

What should I do next?

Edited by hamluis, 14 December 2012 - 11:09 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 14 December 2012 - 02:58 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

#3 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 14 December 2012 - 05:33 PM

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
BitDefender Antivirus
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
ThreatFire
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 34
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader XI
Mozilla Firefox (17.0.1)
Google Chrome 22.0.1229.96
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

#4 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 14 December 2012 - 06:53 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by Jim (administrator) on 14-12-2012 at 17:38:10
Running from "C:\Documents and Settings\Jim\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link AirPremier DWL-AG530 Wireless PCI Adapter = Wireless Network Connection (Disconnected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jim-184125746cf

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

Physical Address. . . . . . . . . : E0-CB-4E-CA-03-AE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.71.219.3

64.71.208.7

Lease Obtained. . . . . . . . . . : Friday, December 14, 2012 5:21:36 PM

Lease Expires . . . . . . . . . . : Saturday, December 15, 2012 5:21:36 PM

Server: ns2.havilandtelco.com
Address: 64.71.219.3

Name: google.com
Addresses: 74.125.227.104, 74.125.227.105, 74.125.227.110, 74.125.227.96
74.125.227.97, 74.125.227.98, 74.125.227.99, 74.125.227.100, 74.125.227.101
74.125.227.102, 74.125.227.103



Pinging google.com [74.125.227.103] with 32 bytes of data:



Reply from 74.125.227.103: bytes=32 time=33ms TTL=53

Reply from 74.125.227.103: bytes=32 time=33ms TTL=53



Ping statistics for 74.125.227.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server: ns2.havilandtelco.com
Address: 64.71.219.3

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=645ms TTL=50

Reply from 98.139.183.24: bytes=32 time=710ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 645ms, Maximum = 710ms, Average = 677ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...e0 cb 4e ca 03 ae ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/14/2012 03:00:42 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/14/2012 03:00:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error: (12/14/2012 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (12/13/2012 03:00:49 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/13/2012 03:00:48 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error: (12/13/2012 03:00:47 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (12/12/2012 07:34:45 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/12/2012 07:34:44 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{8F736E10-8E5C-4399-A532-D0C00A406227}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log.

Error: (12/12/2012 07:34:43 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (12/12/2012 03:02:43 AM) (Source: JavaQuickStarterService) (User: )
Description: Access violation at 0x7c810cdf, access to 0x00000000


System errors:
=============
Error: (12/14/2012 05:23:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (12/14/2012 05:23:15 PM) (Source: Service Control Manager) (User: )
Description: The RadioRageService service failed to start due to the following error:
%%3

Error: (12/14/2012 05:23:15 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 5 service failed to start due to the following error:
%%1053

Error: (12/14/2012 05:23:15 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service 5 service to connect.

Error: (12/14/2012 03:01:00 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error: (12/13/2012 03:01:04 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error: (12/12/2012 07:35:11 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

Error: (12/12/2012 07:32:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (12/12/2012 07:32:58 AM) (Source: Service Control Manager) (User: )
Description: The RadioRageService service failed to start due to the following error:
%%3

Error: (12/12/2012 07:32:58 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/14/2012 03:00:42 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/14/2012 03:00:41 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{8F736E10-8E5C-4399-A532-D0C00A406227}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log

Error: (12/14/2012 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (12/13/2012 03:00:49 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/13/2012 03:00:48 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{8F736E10-8E5C-4399-A532-D0C00A406227}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log

Error: (12/13/2012 03:00:47 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (12/12/2012 07:34:45 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1713.5056kb26980231033643finstallx865.1.2600.2.3.0.2560

Error: (12/12/2012 07:34:44 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{8F736E10-8E5C-4399-A532-D0C00A406227}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2698023-X86\NDP1.1sp1-KB2698023-X86-msi.0.log

Error: (12/12/2012 07:34:43 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (12/12/2012 03:02:43 AM) (Source: JavaQuickStarterService)(User: )
Description: Access violation at 0x7c810cdf, access to 0x00000000


=========================== Installed Programs ============================

3DVIA player 5.0 (Version: 5.0.0.15)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader XI (Version: 11.0.00)
Advanced SystemCare 5 (Version: 5.1.0)
AirPremier AG DWL-AG530 Utility
ANIO Service
ANIWZCS2 Service
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.17.0.0)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.40)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Gadwin PrintScreen (Version: 4.4)
Google Chrome (Version: 23.0.1271.97)
Google Chrome Frame (Version: 23.0.1271.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
ieSpell (Version: 2.6.4 (build 573))
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 34 (Version: 6.0.340)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSN (Version: 10.50.0652.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Opera 12.11 (Version: 12.11.1661)
Picasa 3 (Version: 3.8)
RadioRage
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 5.10.0.6093)
RealUpgrade 1.1 (Version: 1.1.0)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories USBXpress Device (Driver Removal)
Spybot - Search & Destroy (Version: 1.6.0)
Support.com Toolbar Updater (Version: 1.4.0.25589)
ThreatFire
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VPLive (remove only)
WD Diagnostics (Version: 1.09.0002)
WeatherLink 5.9.3 (Version: 5.9.3)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WiseFixer 3.5 (Version: 3.5)
Yahoo! Install Manager

========================= Devices: ================================

Name: D-Link AirPremier DWL-AG530 Wireless PCI Adapter
Description: D-Link AirPremier DWL-AG530 Wireless PCI Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: D-Link
Service: A3AB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 2013.04 MB
Available physical RAM: 1059.39 MB
Total Pagefile: 3906.05 MB
Available Pagefile: 3095.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:200.47 GB) NTFS

========================= Users: ========================================

User accounts for \\JIM-184125746CF

Administrator ASPNET Guest
HelpAssistant Jim SUPPORT_388945a0


**** End of log ****

#5 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 14 December 2012 - 07:06 PM

I think this is everything you requested.

#6 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 15 December 2012 - 04:14 AM

I still need the FSS and MBAM logs

#7 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 15 December 2012 - 08:17 AM

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jim :: JIM-184125746CF [administrator]

Protection: Enabled

12/15/2012 7:04:23 AM
mbam-log-2012-12-15 (07-04-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214087
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.15.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jim :: JIM-184125746CF [administrator]

Protection: Enabled

12/15/2012 7:04:23 AM
mbam-log-2012-12-15 (07-04-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214087
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 15 December 2012 - 08:24 AM

FSS
Farbar Service Scanner Version: 10-12-2012
Ran by Jim (administrator) on 15-12-2012 at 07:28:53
Running from "C:\Documents and Settings\Jim\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) jswimd(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000003000000040000000900000001000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#9 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 15 December 2012 - 08:33 AM

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.


Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.



=============================================================================

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset doesn't find any threats it'll NOT produce any log.

#10 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 15 December 2012 - 10:33 AM

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\12\a2f698c-3eeb2cd0 Java/Exploit.CVE-2012-0507.F trojan
C:\Documents and Settings\Jim\Application Data\Sun\Java\Deployment\cache\6.0\3\1271f03-621de08c Java/Exploit.Blacole.AN trojan
C:\System Volume Information\_restore{AB3CF7F2-A49F-45FD-9DFC-0598A6004BDF}\RP12\A0004222.dll a variant of Win32/Adware.Yontoo.A application
C:\System Volume Information\_restore{AB3CF7F2-A49F-45FD-9DFC-0598A6004BDF}\RP16\A0007907.dll a variant of Win32/Adware.Yontoo.A application
Operating memory probably a variant of Win32/Ponmocup.AA trojan

#11 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 15 December 2012 - 10:41 AM

What log is that? I need the eset and adwcleaner logs

#12 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 15 December 2012 - 11:09 AM

Should have identified. It's ESET

TFC and AdwCleaner both do a total lockup requiring reboot, Tried or 5 times with both.

Tried to download Microsoft security essentials. Does nothing when clicked.Had to email Microsoft link to get to download because searches where redirected on this computer..

Edited by Happyjoe, 15 December 2012 - 11:17 AM.


#13 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 15 December 2012 - 12:45 PM

Ok I could not identidy it before because I was on my iPod.
What do you mean they 'Do a total lockup requiring reboot'
Doesn't make much sense.

#14 Happyjoe

Happyjoe
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Cen Kansas
  • Local time:12:18 PM

Posted 15 December 2012 - 12:53 PM

It happened on both programs more than once. Downloads OK. It's when I've got the program downloaded and ready to run it.
Computer just locks up, everything, nothing works. Have to do a manual shutdown.

#15 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:18 PM

Posted 15 December 2012 - 01:12 PM

That is really strange.
The tools that I am allowed to post instructions are not enough to help you. You will need elevated help from experts.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Edited by robocop321, 15 December 2012 - 01:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users