Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET gave me trojan warning


  • This topic is locked This topic is locked
12 replies to this topic

#1 333nnn

333nnn

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 21 February 2013 - 01:39 PM

I ran ESET yesterday and it gave me a trojan warning.  I chose to delete the trojan file.  Am I still infected?  Did choosing to delete the file fully delete the virus?  Thanks for any replies.  This is the log I saved:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a710f5ac40a3846ad861b5b5440e2fb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-07-19 10:58:05
# local_time=2012-07-19 03:58:05 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 73925967 73925967 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=45021
# found=0
# cleaned=0
# scan_time=3007
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a710f5ac40a3846ad861b5b5440e2fb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-29 04:54:36
# local_time=2012-09-29 09:54:36 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 80167462 80167462 0 0
# compatibility_mode=8192 67108863 100 0 5320347 5320347 0 0
# scanned=55569
# found=0
# cleaned=0
# scan_time=3702
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a710f5ac40a3846ad861b5b5440e2fb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-15 12:31:56
# local_time=2012-11-14 04:31:56 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3471540 3471540 0 0
# compatibility_mode=768 16777215 100 0 2817802 2817802 0 0
# compatibility_mode=8192 67108863 100 0 9322475 9322475 0 0
# scanned=51022
# found=8
# cleaned=8
# scan_time=3414
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Documents and Settings\John Austin Brewder\Application Data\Mozilla\Firefox\Profiles\ev44j3zj.default\extensions\plugin@yontoo.com\content\overlay.js    Win32/Adware.Yontoo application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Documents and Settings\John Austin Brewder\My Documents\Downloads\cbsidlm-tr1_7-Secunia_Personal_Software_Inspector-SEO-10717855.exe    Win32/DownloadAdmin.D application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Program Files\Yontoo\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\RECYCLER\S-1-5-21-2000478354-1035525444-1177238915-1004\Dc101.dll    a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\RECYCLER\S-1-5-21-2000478354-1035525444-1177238915-1004\Dc102.exe    Win32/Adware.Yontoo application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\RECYCLER\S-1-5-21-2000478354-1035525444-1177238915-1004\Dc97.xpi    Win32/Adware.Yontoo application (deleted - quarantined)    00000000000000000000000000000000    C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a710f5ac40a3846ad861b5b5440e2fb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-07 12:42:14
# local_time=2013-02-06 04:42:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 10730475 10730475 0 0
# compatibility_mode=768 16777215 100 0 10076737 10076737 0 0
# compatibility_mode=8192 67108863 100 0 16581410 16581410 0 0
# scanned=52403
# found=0
# cleaned=0
# scan_time=2696
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4a710f5ac40a3846ad861b5b5440e2fb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-20 01:59:32
# local_time=2013-02-19 05:59:32 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 11851882 11851882 0 0
# compatibility_mode=768 16777215 100 0 11198144 11198144 0 0
# compatibility_mode=8192 67108863 100 0 17702817 17702817 0 0
# scanned=53857
# found=1
# cleaned=1
# scan_time=9129
C:\Documents and Settings\John Austin Brewder\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38\35ecd326-780012e8    a variant of Java/Exploit.CVE-2012-1723.IM trojan (deleted - quarantined)    00000000000000000000000000000000    C
 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 21 February 2013 - 03:30 PM

Good evening. smile.png

Please go here, follow step six, and then post accordingly into this thread.


So long, and thanks for all the fish.

 

 


#3 333nnn

333nnn
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 February 2013 - 12:51 PM

I now have the mywebsearch program installed on my computer somehow, and I can't delete it.  It's now automatically my default browser.  Each time I search with it I get a WOT warning, and when I connect with the internet I immediately get a WOT warning.  I uninstalled mywebsearch in cp, went into the program files folder and found nothing, typed regedit in the run window and went into hkeylocalmachine>software>microsoft>current version>run and found nothing in any of these.  I went inot my browser's add-ons and did not see anythig there.  Also, my Avast program is turned off, and when I click "fix now"  I get the message:"The follwing components could not be started.  Mail Shield, IM Shield, P2P Shield, File System Shield, Web Shield, Script Shield , Behavior Shield, Networkd Shield.  I read that mywebsearch is related to a trojan horse virus.    



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 26 February 2013 - 03:00 PM

Good evening. smile.png

Until you post the information that I have asked for I am unable to help.


So long, and thanks for all the fish.

 

 


#5 333nnn

333nnn
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 26 February 2013 - 04:59 PM

When I ran DDS the first time today my computer shut down.  I then reconnected to the internet.  All of my tabs were still intact.  I ran DDS again and got the two reports.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.13.2
Run by John Austin Brewder at 13:40:56 on 2013-05-26
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3549.2944 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TRENDnet\802.11n Wireless Client Utility\UMCCfg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TRENDnet\802.11n Wireless Client Utility\NICServ.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^fox000^YY^&ptb=69808133-6AEB-4DDB-A0A0-AA9B5A6DB4D5
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = hxxp=127.0.0.1:8888;https=127.0.0.1:8888
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - c:\program files\aol toolbar\aoltb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\80211n~1.lnk - c:\program files\trendnet\802.11n wireless client utility\UMCCfg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342065947625
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{18E9A922-75B3-4F68-A40E-F5EE3D2A28D0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B2E4BB06-AA53-4258-8E19-C44369A22E99} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john austin brewder\application data\mozilla\firefox\profiles\ev44j3zj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=69808133-6AEB-4DDB-A0A0-AA9B5A6DB4D5&n=77fcbdf0&p2=^UX^fox000^YY^
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=69808133-6AEB-4DDB-A0A0-AA9B5A6DB4D5&n=77fcbdf0&ind=2013052400&p2=^UX^fox000^YY^&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\john austin brewder\application data\mozilla\firefox\profiles\ev44j3zj.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll
FF - plugin: c:\documents and settings\john austin brewder\application data\mozilla\firefox\profiles\ev44j3zj.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2012-08-08 15:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, e99ff49b-7937-4d16-8f36-7508d0d2927b
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-9-25 16064]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-10-8 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-10-8 52224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-3 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-3 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-3 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-10-3 44808]
R2 NICSer_TEW645UB;NICSer_TEW645UB;c:\program files\trendnet\802.11n wireless client utility\NICServ.exe [2012-6-21 530432]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-9-25 224960]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-6 16640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-4-12 1691480]
S3 rt2870;802.11n USB Wireless Network Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2012-6-21 560896]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-10-8 208384]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-05-25 08:07:26    275696    ----a-w-    c:\windows\system32\mucltui.dll
2013-05-25 08:07:26    214256    ----a-w-    c:\windows\system32\muweb.dll
2013-05-25 08:07:26    17136    ----a-w-    c:\windows\system32\mucltui.dll.mui
.
==================== Find3M  ====================
.
2008-10-11 03:49:53    262144    ------w-    c:\program files\Uninstall Ask Toolbar.dll
.
============= FINISH: 13:41:30.95 ===============
 

 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/8/2008 5:10:39 PM
System Uptime: 5/26/2013 1:39:13 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LX PLUS
Processor: Intel® Celeron® CPU        E1200  @ 1.60GHz | LGA775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 160.425 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer: ATK
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP586: 5/21/2013 5:06:55 PM - System Checkpoint
RP587: 5/22/2013 11:37:49 PM - System Checkpoint
RP588: 5/24/2013 12:25:48 AM - System Checkpoint
RP589: 5/25/2013 1:59:30 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
802.11n Wireless Client Utility
Acrobat.com
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
Bonjour
CCleaner
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
Dasher
Download Updater (AOL Inc.)
ERUNT 1.1j
ESET Online Scanner v3
Foxit Reader
Garmin Lifetime Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
iTunes
Java 7 Update 13
Java Auto Updater
Java SE Development Kit 7 Update 13
LightScribe  1.4.142.1
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
OverDrive Media Console
Platform
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sophos Virus Removal Tool
SpywareBlaster 4.6
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Video Download Capture V4.2.0
Weather Watcher Live
WebFldrs XP
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
WinPatrol
Xvid 1.1.3 final uninstall
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
5/21/2013 9:22:08 PM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -7686055 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.67:123->65.55.21.15:123) is working properly.
.
==== End Of File ===========================
 



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 27 February 2013 - 03:16 PM

Good evening. :)

We'll start with the poorly anti-virus program. If a reboot hasn't resolved the issue then open the Control Panel and select Programs & Features.

Scroll down until you locate the entry for Avast, click the Change/Remove button, scroll down to Repair, click Next and work through any prompts you receive.

If a reboot doesn't resolve the issue after that then you will need to download a fresh installer from the Avast website, linky, uninstall, reboot and then reinstall.

 

Let me know how you get on.


So long, and thanks for all the fish.

 

 


#7 333nnn

333nnn
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 27 February 2013 - 05:59 PM

I went into cp  and to Repair under Avast.  When I clicked Next under
Repair I got this message:"Avast Error. Error Processing Packages. 
Please use full update."  So I uninstalled Avast and reinstalled the current Avast version and now Avast is running fine.



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 27 February 2013 - 06:25 PM

Grand. Are you having problems with both Firefox and Internet Explorer or just one of them?


So long, and thanks for all the fish.

 

 


#9 333nnn

333nnn
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 28 February 2013 - 12:06 AM

I only use Firefox.  I have never been able to connect to the internet with IE.  Every time I have tried try to connect with IE, including just now, I get the message:"Internet Explorer cannot display the webpage".  But it doesn't matter that I can't connect with IE because I like Firefox.



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 28 February 2013 - 03:18 PM

Good evening. :)

Download RogueKiller by Tigzy from here and save it to your Desktop
 

  • Close all open programs.
  • Double click RogueKiller.exe to run it.
  • Once the tool has initialised, click Scan on the right.
  • Once complete, click Report button, also on the right.
  • The report will open in Notepad and also be saved as  RKreport[number].txt on your Desktop.
  • Please post the contents in your next Reply.
  • If for some reason the tool won't run, rename the file to winlogon.exe and try again.

 


So long, and thanks for all the fish.

 

 


#11 333nnn

333nnn
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 01 March 2013 - 08:17 PM

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John Austin Brewder [Admin rights]
Mode : Scan -- Date : 03/01/2013 17:10:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\John Austin Brewder\Desktop\Malwarebytes' Anti-Malware\mbamext.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:8888;hxxps=127.0.0.1:8888) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AVJB-63WKA0 +++++
--- User ---
[MBR] 237d915ea43cd4ffbaf771ab7a0ed1ab
[BSP] 028c9ab35cd07154e4525be9d8d4a924 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03012013_02d1710.txt >>
RKreport[1]_S_03012013_02d1710.txt


 



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 03 March 2013 - 03:41 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!


So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:26 PM

Posted 08 March 2013 - 02:43 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users