Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2003 malware


  • This topic is locked This topic is locked
17 replies to this topic

#1 bhz

bhz

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 14 December 2012 - 02:02 PM

got infected with malware not sure which one, removed with malwarebytes, however now when I uninstall and reinstall it I get errors but it does install. Ran Superantispyware til clean, ran Hitman Pro til clean. Browser not working, I uninstalled IE8, IE7 and IE6 sorta works. Updates no longer work, manual install of IE7, install but freezes when you try and run it. HElp.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 15 December 2012 - 06:07 AM

FIRST -

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices >>(Problem only)<<
•List Users, Partitions and Memory size.
•List Minidump Files

Click Go and copy / paste the result (Result.txt) in your next reply -

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

NEXT -

Download, Install, and Update both Malwarebytes Anti-Malware Free and SuperantiSpyware Free
Run Full scans and post the scan logs back here -

NEXT -

Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus Information (temp disable) HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on SEARCH option.
A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

NEXT -

Please download Junkware Removal Tool to your desktop
Junkware Removal Tool by thisisu
•Shut down your protection software now to avoid potential conflicts.
•Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt into your next message.

Thank You -

#3 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 03:16 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by Administrator (administrator) on 15-12-2012 at 12:07:08
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows Server 2003 R2 Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) = Local Area Connection (Connected)
Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : SRVR-DW

Primary Dns Suffix . . . . . . . : dw2k3.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : dw2k3.local

socal.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : socal.rr.com

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

Physical Address. . . . . . . . . : 00-19-B9-B5-FE-C5

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.128

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Saturday, December 15, 2012 11:55:45 AM

Lease Expires . . . . . . . . . . : Sunday, December 16, 2012 11:55:45 AM



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2

Physical Address. . . . . . . . . : 00-19-B9-B5-FE-C7

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.171.147

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.224.174, 74.125.224.160, 74.125.224.161, 74.125.224.162
74.125.224.163, 74.125.224.164, 74.125.224.165, 74.125.224.166, 74.125.224.167
74.125.224.168, 74.125.224.169



Pinging google.com [74.125.224.229] with 32 bytes of data:



Reply from 74.125.224.229: bytes=32 time=15ms TTL=54

Reply from 74.125.224.229: bytes=32 time=16ms TTL=54



Ping statistics for 74.125.224.229:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=603ms TTL=47

Reply from 98.139.183.24: bytes=32 time=603ms TTL=47



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 603ms, Maximum = 603ms, Average = 603ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 b9 b5 fe c5 ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
0x3 ...00 19 b9 b5 fe c7 ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.128 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.171.147 169.254.171.147 10
169.254.171.147 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.171.147 169.254.171.147 10
192.168.1.0 255.255.255.0 192.168.1.128 192.168.1.128 20
192.168.1.128 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.128 192.168.1.128 20
224.0.0.0 240.0.0.0 169.254.171.147 169.254.171.147 10
224.0.0.0 240.0.0.0 192.168.1.128 192.168.1.128 20
255.255.255.255 255.255.255.255 169.254.171.147 169.254.171.147 1
255.255.255.255 255.255.255.255 192.168.1.128 192.168.1.128 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/15/2012 00:06:16 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

Error: (12/15/2012 00:01:15 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

Error: (12/15/2012 11:56:13 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

Error: (12/15/2012 11:51:48 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/15/2012 11:51:48 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/15/2012 11:51:12 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

Error: (12/15/2012 11:47:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Writer with name WMI Writer and ID {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} attempted to subscribe in safe mode.

Error: (12/15/2012 11:40:50 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/15/2012 11:40:50 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (12/15/2012 11:40:26 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (12/15/2012 11:52:13 AM) (Source: DCOM) (User: )
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/15/2012 11:48:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
mfehidk
SASDIFSV
SASKUTIL

Error: (12/15/2012 11:48:36 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:
%%1068

Error: (12/15/2012 11:48:36 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:
%%31

Error: (12/15/2012 11:31:34 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:40:36 PM on 12/14/2012 was unexpected.

Error: (12/14/2012 02:07:37 PM) (Source: Service Control Manager) (User: )
Description: The QuickBooksDB19 service failed to start due to the following error:
%%1053

Error: (12/14/2012 02:07:37 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the QuickBooksDB19 service to connect.

Error: (12/14/2012 02:07:12 PM) (Source: Service Control Manager) (User: )
Description: The QuickBooksDB19 service failed to start due to the following error:
%%1053

Error: (12/14/2012 02:07:12 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the QuickBooksDB19 service to connect.

Error: (12/14/2012 11:43:45 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/15/2012 00:06:16 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Error: (12/15/2012 00:01:15 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Error: (12/15/2012 11:56:13 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Error: (12/15/2012 11:51:48 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/15/2012 11:51:48 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/15/2012 11:51:12 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.

Error: (12/15/2012 11:47:20 AM) (Source: VSS)(User: )
Description: WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Error: (12/15/2012 11:40:50 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (12/15/2012 11:40:50 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (12/15/2012 11:40:26 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 3.1.1)
Acronis Backup & Recovery 10 Tray Monitor (Version: 10.0.11105)
Acronis Backup & Recovery 10 Upgrade Tool (Version: 10.0.11105)
Acronis Backup & Recovery 10 Agent (Version: 10.0.11105)
Acronis Backup & Recovery 10 Bootable Components and Media Builder (Version: 10.0.11105)
Acronis Backup & Recovery 10 Standalone Management Console (Version: 10.0.11105)
Acronis Backup & Recovery 10 Universal Restore (Version: 10.0.11105)
Acronis WinPE ISO Builder (Version: 10.0.11105)
AD_Install (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader 8.1.3 (Version: 8.1.3)
Advantage Data Architect
Advantage Database Server for Windows NT/2000/2003
Advantage Database Server for Windows NT/2000/2003 v7.1 (USA) (Version: 7.1)
AltaPoint Medical
APC PowerChute Business Edition Agent (Version: 1)
APC PowerChute Business Edition Console (Version: 1)
APC PowerChute Business Edition Server (Version: 1)
ATI Display Driver (Version: 8.19.4-051206a-031438C-Dell)
Broadcom Drivers and Management Applications (Version: 8.26.07)
CCleaner (Version: 3.25)
CleanUp!
Defraggler (Version: 2.11)
Dell PowerEdge Diagnostics 2.9 (Version: 2.9)
File Type Assistant
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
Google Update Helper (Version: 1.3.21.123)
HitmanPro 3.7 (Version: 3.7.0.182)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 35 (Version: 6.0.350)
Lexmark Software Uninstall
LogMeIn (Version: 2.30.559)
LogMeIn (Version: 4.1.2504)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Agent (Version: 4.0.0.1180)
McAfee VirusScan Enterprise (Version: 8.7.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.01)
Microsoft Report Viewer Redistributable 2005
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Mozilla Firefox 17.0 (x86 en-US) (Version: 17.0)
Mozilla Maintenance Service (Version: 17.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB2721693) (Version: 6.20.2012.0)
PC Cleaners
PrimoPDF (Version: 4.1.0.9)
PrintKey2000
QFolder (Version: 1.00.0000)
QuickBooks (Version: 19.0.4011.705)
QuickBooks Pro 2009 (Version: 19.0.4011.705)
RD1000 tools (Version: 1.12)
SUPERAntiSpyware (Version: 5.5.1022)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Server 2003 (KB2141007) (Version: 1)
Update for Windows Server 2003 (KB2345886) (Version: 1)
Update for Windows Server 2003 (KB2467659) (Version: 1)
Update for Windows Server 2003 (KB2492386) (Version: 1)
Update for Windows Server 2003 (KB2607712) (Version: 1)
Update for Windows Server 2003 (KB2616676-v2) (Version: 2)
Update for Windows Server 2003 (KB2641690-v2) (Version: 2)
Update for Windows Server 2003 (KB2661254) (Version: 1)
Update for Windows Server 2003 (KB2718704) (Version: 1)
Update for Windows Server 2003 (KB2736233) (Version: 1)
Update for Windows Server 2003 (KB2748349) (Version: 1)
Update for Windows Server 2003 (KB2749655) (Version: 1)
Update for Windows Server 2003 (KB925876) (Version: 2)
Update for Windows Server 2003 (KB927891) (Version: 5)
Update for Windows Server 2003 (KB931836) (Version: 1)
Update for Windows Server 2003 (KB933360) (Version: 1)
Update for Windows Server 2003 (KB936357) (Version: 1)
Update for Windows Server 2003 (KB942763) (Version: 1)
Update for Windows Server 2003 (KB942840) (Version: 1)
Update for Windows Server 2003 (KB943729)
Update for Windows Server 2003 (KB948496) (Version: 1)
Update for Windows Server 2003 (KB951072-v2) (Version: 2)
Update for Windows Server 2003 (KB955759) (Version: 1)
Update for Windows Server 2003 (KB955839) (Version: 1)
Update for Windows Server 2003 (KB967715) (Version: 1)
Update for Windows Server 2003 (KB968389) (Version: 1)
Update for Windows Server 2003 (KB971029) (Version: 1)
Update for Windows Server 2003 (KB971737) (Version: 1)
Update for Windows Server 2003 (KB973687) (Version: 1)
Update for Windows Server 2003 (KB973815) (Version: 1)
Update for Windows Server 2003 (KB973825) (Version: 1)
Update for Windows Server 2003 (KB977165) (Version: 1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Management Framework Core
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Server 2003 Service Pack 2 (Version: 20070217.021455)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 4094.99 MB
Available physical RAM: 3597.39 MB
Total Pagefile: 12087.67 MB
Available Pagefile: 11768.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.25 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:30.28 GB) (Free:11.64 GB) NTFS
2 Drive d: () (Fixed) (Total:105.76 GB) (Free:89.54 GB) NTFS

========================= Users: ========================================

User accounts for \\SRVR-DW

Acronis11B65DCFAE9C7 Administrator audio
caloffice dani Guest
JConklan krbtgt lindah
morin newuser QBDataServiceUser
QBDataServiceUser19 supervisor SUPPORT_388945a0
Wrkst0 wrkst1 wrkst10
wrkst2 wrkst3 wrkst30
wrkst4 wrkst5 wrkst6
wrkst7 wrkst8 wrkst9

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#4 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 03:24 PM

# AdwCleaner v2.100 - Logfile created 12/15/2012 at 12:15:40
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows Server 2003 R2 Service Pack 2 (32 bits)
# User : Administrator - SRVR-DW
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ri4n5enq.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\PriceGong
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3032526
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Surf Canyon

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.3790.3959

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Documents and Settings\supervisor\Application Data\Mozilla\Firefox\Profiles\ionun43w.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Claro Search");
Found : user_pref("browser.search.order.1", "Claro Search");
Found : user_pref("browser.search.selectedEngine", "Claro Search");
Found : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=113597&tt=4012_5&babsrc=HP[...]
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Found : user_pref("extensions.claro.admin", false);
Found : user_pref("extensions.claro.aflt", "babsst");
Found : user_pref("extensions.claro.dfltLng", "en");
Found : user_pref("extensions.claro.excTlbr", false);
Found : user_pref("extensions.claro.id", "4c33848c0000000000000019b9b5fec5");
Found : user_pref("extensions.claro.instlDay", "15616");
Found : user_pref("extensions.claro.instlRef", "sst");
Found : user_pref("extensions.claro.prdct", "claro");
Found : user_pref("extensions.claro.prtnrId", "claro");
Found : user_pref("extensions.claro.tlbrId", "claro");
Found : user_pref("extensions.claro.vrsn", "1.6.4.1");
Found : user_pref("extensions.claro.vrsni", "1.6.4.1");
Found : user_pref("extensions.claro_i.smplGrp", "none");
Found : user_pref("extensions.claro_i.vrsnTs", "1.6.4.11:13:48");
Found : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=113597&tt=4012_5&babsrc=KW_clro&mntrId=[...]
Found : user_pref("extensions.crossriderapp5058.adsOldValue", -1);

Profile name : default
File : C:\Documents and Settings\morin\Application Data\Mozilla\Firefox\Profiles\aj6hwadp.default\prefs.js

Found : user_pref("extensions.crossriderapp5058.adsOldValue", -1);

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ri4n5enq.default\prefs.js

Found : user_pref("extensions.crossriderapp5058.5058.InstallationTime", 1355348956);
Found : user_pref("extensions.crossriderapp5058.5058.active", true);
Found : user_pref("extensions.crossriderapp5058.5058.addressbar", "");
Found : user_pref("extensions.crossriderapp5058.5058.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp5058.5058.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Found : user_pref("extensions.crossriderapp5058.5058.backgroundver", 7);
Found : user_pref("extensions.crossriderapp5058.5058.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp5058.5058.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp5058.5058.changeprevious", false);
Found : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie.InstallationTime.value", "1355348956");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_aoi.value", "1355348956");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.expiration", "Sat Dec 15 2012 12:[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.expiration", "Wed Dec 19 2012 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_crr.value", "1355602429");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_parent_zoneid.value", "%2274052%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_pc_20120828.value", "1355348993406");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_product_id.value", "%221269%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie._GPL_zoneid.value", "%22118507%22");
Found : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp5058.5058.cookie.dbtest.value", "1355348986481");
Found : user_pref("extensions.crossriderapp5058.5058.description", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp5058.5058.domain", "");
Found : user_pref("extensions.crossriderapp5058.5058.enablesearch", false);
Found : user_pref("extensions.crossriderapp5058.5058.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp5058.5058.group", 0);
Found : user_pref("extensions.crossriderapp5058.5058.homepage", "");
Found : user_pref("extensions.crossriderapp5058.5058.iframe", false);
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_appVer.value", "41");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.expiration", "Sat Dec 15[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.expiration", "Fri[...]
Found : user_pref("extensions.crossriderapp5058.5058.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp5058.5058.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp5058.5058.manifesturl", "");
Found : user_pref("extensions.crossriderapp5058.5058.name", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp5058.5058.newtab", "");
Found : user_pref("extensions.crossriderapp5058.5058.opensearch", "");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000014.ver", 7);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_1000015.ver", 4);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp5058.5058.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_0", "17,14,16,47,1000015");
Found : user_pref("extensions.crossriderapp5058.5058.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Found : user_pref("extensions.crossriderapp5058.5058.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp5058.5058.pluginsversion", 16);
Found : user_pref("extensions.crossriderapp5058.5058.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp5058.5058.searchstatus", 0);
Found : user_pref("extensions.crossriderapp5058.5058.setnewtab", false);
Found : user_pref("extensions.crossriderapp5058.5058.settingsurl", "");
Found : user_pref("extensions.crossriderapp5058.5058.thankyou", "");
Found : user_pref("extensions.crossriderapp5058.5058.updateinterval", 360);
Found : user_pref("extensions.crossriderapp5058.5058.ver", 41);
Found : user_pref("extensions.crossriderapp5058.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp5058.apps", "5058");
Found : user_pref("extensions.crossriderapp5058.bic", "13b9117d53944f454fb24eb6538c8264");
Found : user_pref("extensions.crossriderapp5058.cid", 5058);
Found : user_pref("extensions.crossriderapp5058.firstrun", false);
Found : user_pref("extensions.crossriderapp5058.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp5058.installationdate", 1355348956);
Found : user_pref("extensions.crossriderapp5058.lastcheck", 22593374);
Found : user_pref("extensions.crossriderapp5058.lastcheckitem", 22593374);
Found : user_pref("extensions.crossriderapp5058.modetype", "production");
Found : user_pref("extensions.crossriderapp5058.reportInstall", true);
Found : user_pref("extensions.enabledAddons", "crossriderapp5058%40crossrider.com:0.86.41,%7B5a95a9e0-59dd-4[...]
Found : user_pref("extensions.wajam.affiliate_id", "3672");
Found : user_pref("extensions.wajam.firstrun", "false");
Found : user_pref("extensions.wajam.log_send_info", "false");
Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Found : user_pref("extensions.wajam.no_trace", "true");
Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Found : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] [...]
Found : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Found : user_pref("extensions.wajam.trace_log", "1355348956238 - load - processBrowserLoad\n1355348956239 - [...]
Found : user_pref("extensions.wajam.unique_id", "6001babe841ad8d3ad11922f03b72200");
Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Found : user_pref("extensions.wajam.version", "1.26");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17058 octets] - [15/12/2012 12:15:40]

########## EOF - C:\AdwCleaner[R1].txt - [17119 octets] ##########

#5 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 03:27 PM

Junkware remover just goes to a advertising screen?

#6 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 03:42 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.15.07

Windows Server 2003 Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.3790.3959
Administrator :: SRVR-DW [administrator]

12/15/2012 12:06:50 PM
mbam-log-2012-12-15 (12-06-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455192
Time elapsed: 26 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 03:47 PM

Superantispyware will not install it says it can not create shortcut.
I am in safemode or the system is highly unstable, icons disapear or partially populate.

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 15 December 2012 - 04:10 PM

Hi -
Is SUPERAntiSpyware listed in All Programs ?? You have it listed Here >> SUPERAntiSpyware (Version: 5.5.1022) <<
It can be ran from there, and an Icon / Shortcut is not required - Version 5.6.1014 and 9747 is the current update -

I do understand it is very hard to run some of these from Safe Mode, and I am trying to keep it basic for now -
Please re-try JunkRemovalTool from This Download

Thanks for trying to do these procedures, and staying with us - - - -

Spelling Edit Only -

Edited by noknojon, 15 December 2012 - 04:42 PM.


#9 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 15 December 2012 - 08:43 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.6 (12.15.2012:2)
OS: Microsoft Windows Server 2003 R2 x86
Ran by Administrator on Sat 12/15/2012 at 17:24:48.53
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\sparktrust
Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/15/2012 at 17:31:39.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 15 December 2012 - 11:46 PM

Hi -
AdwCleaner has found these items that will report your browser moves and can also record your name and other details >>
Claro Search
Shopping Sidekick
I Want This
PriceGong
Surf Canyon
All of these are better removed as they track your keystrokes, record sites you visit, and can enable others to have access to all your personal records
METHOD -
Please Re-run AdwCleaner and this time hit DELETE -
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on DELETE.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

NEXT -
Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

To Recall -
Can you access SUPERAntiSpyware from Installed Programs area and not from any Icon ??

Java is now Version 7 Update 9 - Try to open Control Panel and see if there is a Java Icon there (like a coffee cup) Open this and the second tab is Update, hit this and see it it will update to current version -

Is this a "company" computer, or a private computer that is used for "some" personal business work ??

Can you please view This Page and tell me if this resembles your PC Cleaner Program -
If so it has been identified as Malware and we will remove it -

Thank You -

#11 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 16 December 2012 - 12:42 AM

Results of screen317's Security Check version 0.99.56
Service Pack 2 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC compiles updated MOF files.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
PC Cleaners
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (17.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
McAfee VirusScan Enterprise EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise ShStat.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

#12 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 16 December 2012 - 12:48 AM

SuperAntiSpyware Error creating shortcuts, aborting installation

#13 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 16 December 2012 - 12:50 AM

Windows updates will not run?

#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 AM

Posted 16 December 2012 - 02:05 AM

Windows updates will not run?


Please download Farbar Service Scanner and run it on the computer with the issue.
•Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
•Press "Scan".
•It will create a log (FSS.txt) in the same directory the tool is run.
•Please copy and paste the log to your reply.

EXTRA -
I do understand that an infection may be blocking Malwarebytes from Installing or running correctly in normal mode
Unless you decided to uninstall the program for some reason, it will still exist in All Programs.
You have installed the program, and there are extras with this tool to help in cases like this.
Please go > Programs > Malwarebytes > across to Tools > Chameleon and click on this -
You will find about 10 or 12 boxes numbered , #1 , #2 , #3 , etc and directions on how to click on each one -

Do you have a log from McAfee Antivirus that may show the nature of the infection ??
If so can you please post that or any part of it ??

Thank You -



#15 bhz

bhz
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Calilfornia
  • Local time:09:00 AM

Posted 16 December 2012 - 01:12 PM

Farbar Service Scanner Version: 10-12-2012
Ran by Administrator (administrator) on 16-12-2012 at 10:03:44
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows Server 2003 R2 Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open nsiproxy registry key. The service key does not exist.
Checking LEGACY_nsiproxy: ATTENTION!=====> Unable to open LEGACY_nsiproxy\0000 registry key. The key does not exist.

tdx Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: ATTENTION!=====> Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open mpsdrv registry key. The service key does not exist.
Checking LEGACY_mpsdrv: ATTENTION!=====> Unable to open LEGACY_mpsdrv\0000 registry key. The key does not exist.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========

ATTENTION!=====> C:\WINDOWS\system32\nsisvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\system32\Drivers\nsiproxy.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\afd.sys
[2005-05-02 16:45] - [2011-12-27 06:13] - 0150528 ____A (Microsoft Corporation) 317E75D96065AC6AF5EF8857CE2E399B


ATTENTION!=====> C:\WINDOWS\system32\Drivers\tdx.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-05-02 16:46] - [2009-08-15 01:57] - 0393216 ____A (Microsoft Corporation) 238DC2B879D1B37B91F8D5D44F3815D3

C:\WINDOWS\system32\dnsrslvr.dll
[2009-04-20 10:38] - [2009-04-20 10:38] - 0045568 ____A (Microsoft Corporation) E927F3B46F85D934C8F420FE08593D1B


ATTENTION!=====> C:\WINDOWS\system32\mpssvc.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\system32\bfe.dll FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\system32\Drivers\mpsdrv.sys FILE IS MISSING AND SHOULD BE RESTORED.


ATTENTION!=====> C:\WINDOWS\system32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\vssvc.exe
[2005-05-02 16:46] - [2007-02-16 22:09] - 0836096 ____A (Microsoft Corporation) 74A6820792E5BCA5EE4D0CC4595C6916


ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2007-02-17 06:03] - [2007-02-17 06:03] - 0143360 ____A (Microsoft Corporation) F8D5B9C1A26C933B9EA7740BAB35BCF5

C:\WINDOWS\system32\wuaueng.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll
[2007-02-17 06:03] - [2007-02-17 06:03] - 0380928 ____A (Microsoft Corporation) 9D7A318B2C7AE51E9D5374F8EEDE856C

C:\WINDOWS\system32\es.dll
[2008-04-29 13:33] - [2008-04-29 13:33] - 0247296 ____A (Microsoft Corporation) C17C56E91045E14DF45D62DD89AED50C

C:\WINDOWS\system32\cryptsvc.dll
[2007-02-17 06:02] - [2007-02-17 06:02] - 0056320 ____A (Microsoft Corporation) FEB85DA744DD3F41A427CF6D2BC04FE4


ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\svchost.exe
[2007-02-17 06:04] - [2007-02-17 06:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\WINDOWS\system32\rpcss.dll
[2009-04-14 19:34] - [2009-02-09 03:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE



**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users