Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/agent.66048.153 and adware/agent.180224.a


  • Please log in to reply
8 replies to this topic

#1 van23

van23

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 05 February 2013 - 12:10 PM

Hi,

I currently am running windows xp and performed a virus scan using avira antivirus. The scan came back with two different viruses showing up. One was TR/agent.66048.153 and the other was adware/agent.180224.a. These both showed as being unppc.exe and ppal3ppc.exe. I have people pc files still on my computer but i thought i had deleted the program and the files ages ago. Am i infected with viruses?

Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 05 February 2013 - 12:45 PM

Hello, unppc.exe is a process from PeoplePC. It can be found in the location of C:\. It is a potential security risk which can be modified maliciously by virus. unppc.exe virus should be disabled and removed.

Lets scan further.


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 van23

van23
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 05 February 2013 - 01:34 PM

Thanks for the quick reply. Here is the first text file that you had requested.

MiniToolBox by Farbar Version:10-01-2013
Ran by HP_Administrator (administrator) on 05-02-2013 at 13:29:57
Running from "C:\Documents and Settings\HP_Administrator\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) = Local Area Connection 4 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=static addr=192.168.1.55 mask=255.255.255.0
set address name="Local Area Connection 4" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection 4" source=static addr=167.206.245.130 register=PRIMARY
add dns name="Local Area Connection 4" addr=167.206.245.129 index=2
set wins name="Local Area Connection 4" source=static addr=none

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BobVanRiper

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)

Physical Address. . . . . . . . . : 00-04-75-71-41-F9

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.55

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 167.206.245.130

167.206.245.129



Ethernet adapter Local Area Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-A1-AE-B8

Server: vdns2.srv.prnynj.cv.net
Address: 167.206.245.130

Name: google.com
Addresses: 173.194.43.38, 173.194.43.46, 173.194.43.35, 173.194.43.39
173.194.43.36, 173.194.43.34, 173.194.43.41, 173.194.43.33, 173.194.43.32
173.194.43.37, 173.194.43.40



Pinging google.com [173.194.43.34] with 32 bytes of data:



Reply from 173.194.43.34: bytes=32 time=10ms TTL=55

Reply from 173.194.43.34: bytes=32 time=9ms TTL=55



Ping statistics for 173.194.43.34:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 10ms, Average = 9ms

Server: vdns2.srv.prnynj.cv.net
Address: 167.206.245.130

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=101ms TTL=49

Reply from 98.138.253.109: bytes=32 time=168ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 168ms, Average = 134ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 04 75 71 41 f9 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) - Packet Scheduler Miniport
0x3 ...00 17 31 a1 ae b8 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.55 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.55 192.168.1.55 20
192.168.1.0 255.255.255.0 192.168.1.55 192.168.1.55 20
192.168.1.55 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.55 192.168.1.55 20
224.0.0.0 240.0.0.0 192.168.1.55 192.168.1.55 20
255.255.255.255 255.255.255.255 192.168.1.55 3 1
255.255.255.255 255.255.255.255 192.168.1.55 192.168.1.55 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2013 01:23:31 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 11:36:49 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 10:44:16 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51889437

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51889437

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 205312

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 205312

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2013 00:58:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 197922


System errors:
=============
Error: (02/05/2013 08:36:49 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.

Error: (02/04/2013 00:58:55 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.

Error: (02/04/2013 03:00:35 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2510531).

Error: (02/04/2013 03:00:33 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Internet Explorer 8 for Windows XP (KB2544521).

Error: (02/01/2013 02:45:00 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (02/01/2013 02:45:00 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (02/01/2013 02:45:00 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (02/01/2013 11:20:10 AM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf850312, parameter3 ba3f4afc, parameter4 00000000.

Error: (02/01/2013 08:41:57 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.


Microsoft Office Sessions:
=========================
Error: (02/05/2013 01:23:31 PM) (Source: MSDTC Client)(User: )
Description: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 11:36:49 AM) (Source: MSDTC Client)(User: )
Description: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 10:44:16 AM) (Source: MSDTC Client)(User: )
Description: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 3424
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 51889437

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 51889437

Error: (02/05/2013 08:36:38 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 205312

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 205312

Error: (02/04/2013 00:58:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/04/2013 00:58:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 197922


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan (Version: 50.0.206.000)
AiO_Scan_CDA (Version: 51.0.230.000)
AiOSoftware (Version: 50.0.206.000)
AiOSoftwareNPI (Version: 51.0.230.000)
Ancient Sudoku (Version: WT006072)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Autodesk 123D 32 Bit (Version: 1.0.5)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.719)
Bejeweled 2 Deluxe (Version: WT005634)
Blasterball 2 Remix (Version: WT005517)
Blasterball 2 Revolution (Version: WT005521)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe (Version: WT005636)
Bounce Symphony (Version: WT005524)
BufferChm (Version: 70.0.170.000)
CameraDrivers (Version: 5.0.0.328)
CameraDrivers (Version: 6.0.0.212)
CameraUserGuides (Version: 6.0.0.212)
Carbonite (Version: 5.1.0 build 925 (Dec-05-2011))
cBizOne (Version: 3.6.8)
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diner Dash (Version: WT005638)
DISCover (Version: 3.31)
DocProc (Version: 6.0.0.0)
DocumentViewer (Version: 61.0.163.000)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
Enhanced Multimedia Keyboard Solution
Fairies (Version: WT005631)
Family Feud (Version: WT005639)
FATE (Version: WT006069)
Fax (Version: 50.0.206.000)
Fax_CDA (Version: 51.0.230.000)
Flip Words (Version: WT005640)
GemMaster Mystic
Google Chrome (Version: 24.0.1312.57)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP Deskjet Printer Preload (Version: 10.1.0)
HP DigitalMedia Archive (Version: 2.0)
HP Document Viewer 6.1 (Version: 6.1)
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1)
HP Photosmart Cameras 6.0 (Version: 6.0)
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Product Assistant (Version: 100.000.001.000)
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Solution Center and Imaging Support Tools 6.1 (Version: 6.1)
HP Update (Version: 5.003.001.001)
HP Web Helper
hpiCamDrvQFolder (Version: 6.0.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 61.0.163.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
iTunes (Version: 11.0.1.12)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 39 (Version: 6.0.390)
Jewel Quest (Version: WT005642)
LAN-Fax Utilities
LightScribe 1.4.84.1 (Version: 1.4.84.1)
Mah Jong Quest (Version: WT005643)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (Version: 1.0.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.04.0623)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 5.0 (Version: 5.00.050)
muvee autoProducer unPlugged 2.0 (Version: 2.0.0)
Mystery Case Files (Version: WT005644)
Netscape Browser (remove only)
NewCopy (Version: 50.0.206.000)
NewCopy_CDA (Version: 51.0.230.000)
NVIDIA Drivers
OptionalContentQFolder (Version: 1.00.0000)
Otto
PanoStandAlone (Version: 61.0.163.000)
PC-Doctor 5 for Windows (Version: 5.00.3462.03)
PhotoGallery (Version: 70.0.170.000)
Poker Superstars (Version: WT005645)
Polar Bowler (Version: WT005515)
Polar Golfer (Version: WT005518)
PSPrinters08 (Version: 8.01.0000)
PSTAPlugin (Version: 8.01.0000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.4.5)
QuickTime (Version: 7.73.80.64)
RandMap (Version: 70.0.170.000)
Readme (Version: 51.0.230.000)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Ricochet Lost Worlds (Version: WT005519)
Scan (Version: 6.0.0.0)
ScannerCopy (Version: 6.0.0.0)
SCRABBLE (Version: WT005646)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Slingo Deluxe (Version: WT005647)
Snowy The Bears Adventure (Version: WT005632)
SolutionCenter (Version: 61.0.163.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Status (Version: 61.0.163.000)
Super Granny (Version: WT005513)
SUPERAntiSpyware Free Edition (Version: 4.33.0.1000)
TeamViewer 6 (Version: 6.0.13992)
TeamViewer 7 (Version: 7.0.14563)
Tennis Titans (Version: WT005648)
Toolbox (Version: 61.0.163.000)
Tornado Jockey (Version: WT004613)
Tradewinds (Version: WT005523)
TrayApp (Version: 61.0.163.000)
Unload (Version: 7.0.0)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 61.0.163.000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
zCBSetup

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 958.48 MB
Available physical RAM: 236.23 MB
Total Pagefile: 2312.17 MB
Available Pagefile: 753.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.45 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.08 GB) (Free:172.41 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.79 GB) (Free:0.4 GB) FAT32
7 Drive w: (Win2003) (Network) (Total:249.25 GB) (Free:156.37 GB) NTFS
8 Drive x: (Win2003) (Network) (Total:249.25 GB) (Free:156.37 GB) NTFS

========================= Users: ========================================

User accounts for \\BOBVANRIPER

Administrator Guest HelpAssistant
HP_Administrator SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

#4 van23

van23
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 05 February 2013 - 01:48 PM

ADW Log

# AdwCleaner v2.111 - Logfile created 02/05/2013 at 13:40:25
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator -
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\My

Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143E

D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\Software\Description
Key Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857

434EDED11A893800002C0A966
Key Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEF

F45EEA0A48A4B33C1973B6094

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application

Data\Mozilla\Firefox\Profiles\g0mw9rzk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application

Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1588 octets] - [05/02/2013 13:40:25]

########## EOF - C:\AdwCleaner[S1].txt - [1648 octets] ##########

#5 van23

van23
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 February 2013 - 08:29 AM

Here is the EsetScan

C:\Documents and Settings\HP_Administrator\Desktop\cBizOneSP 3.0.18.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\cbizonesp 3.6.7.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\HP_Administrator\Desktop\cbizonesp 3.6.9f.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\cBizOneSP 3.7.0.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\openfreely_1296.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 06 February 2013 - 11:16 AM

Was my birthday yesterday so I was not online.

It looks good now.. You need to Uninstall this thru Control Panel and reboot. Java™ 6 Update 39 (Version: 6.0.390)
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop. This one.. Windows x86 Offline 30.05 MB jre-7u13-windows-i586.exe
  • Close any programs you may have running - especially your web browse
  • Then from your desktop double-click on jre-7u13-windows-i586.exe (or jre-7u13-windows-x64.exe for 64-bit) to install the newest version.

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 van23

van23
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 February 2013 - 11:31 AM

happy birthday! I'll uninstall java and then download the latest version of the software. The computer itself seems to be running much better now. The only thing that i spotted this morning was a message saying my firewall was not on even though it is. I haven't seen the message pop up again so hopefully that is not an issue.

Thanks again.

#8 van23

van23
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 06 February 2013 - 12:57 PM

I uninstalled the old version and updated the computer with the new version of java. Thanks again for your quick replies.

I think i should be good to go now.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 06 February 2013 - 02:02 PM

OK, I think so too.I just noticed that Adobe Reader is now at XI so like with Java dump the X and install Adobe Reader XI



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users