Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Brothers XP Cpu


  • Please log in to reply
11 replies to this topic

#1 Firerock

Firerock

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 01:01 PM

My brother CPU i believe is infected with a virus. It has prevented Mse from running and update, prevented access to the firewall. Downloaded avast 8 picked up some Trojans and where deleted i think? Malwarebytes found items also and where quarantine or deleted.Still has prevented above mention from running, can access INTERNET, didn't redirect any web sites. What is the best way to proceed?

 

Regards



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 19 March 2013 - 01:16 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
     
  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
     
  • Click Start Scan and allow the scan process to run
     
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
     
  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------
 

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal



  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
 

  • TDSSKiller log
  • aswMBR log
  • ESET results


#3 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 04:29 PM

  • TDSSKiller log
  • 12:18:15.0468 2320  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    12:18:17.0484 2320  ============================================================
    12:18:17.0484 2320  Current date / time: 2013/03/19 12:18:17.0484
    12:18:17.0484 2320  SystemInfo:
    12:18:17.0484 2320 
    12:18:17.0484 2320  OS Version: 5.1.2600 ServicePack: 3.0
    12:18:17.0484 2320  Product type: Workstation
    12:18:17.0484 2320  ComputerName: HAROLD-7OIX4OHI
    12:18:17.0484 2320  UserName: Owner
    12:18:17.0484 2320  Windows directory: C:\WINDOWS
    12:18:17.0484 2320  System windows directory: C:\WINDOWS
    12:18:17.0484 2320  Processor architecture: Intel x86
    12:18:17.0484 2320  Number of processors: 1
    12:18:17.0484 2320  Page size: 0x1000
    12:18:17.0484 2320  Boot type: Normal boot
    12:18:17.0484 2320  ============================================================
    12:18:19.0343 2320  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    12:18:19.0359 2320  ============================================================
    12:18:19.0359 2320  \Device\Harddisk0\DR0:
    12:18:19.0359 2320  MBR partitions:
    12:18:19.0359 2320  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
    12:18:19.0359 2320  ============================================================
    12:18:19.0390 2320  C: <-> \Device\Harddisk0\DR0\Partition1
    12:18:19.0390 2320  ============================================================
    12:18:19.0390 2320  Initialize success
    12:18:19.0390 2320  ============================================================
    12:19:32.0578 2128  Deinitialize success
     

 

  • aswMBR log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-19 12:02:43
-----------------------------
12:02:43.156    OS Version: Windows 5.1.2600 Service Pack 3
12:02:43.156    Number of processors: 1 586 0x209
12:02:43.156    ComputerName: HAROLD-7OIX4OHI  UserName: Owner
12:02:43.671    Initialize success
12:02:44.265    AVAST engine defs: 13031900
12:05:42.890    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:05:42.890    Disk 0 Vendor: WDC_WD1200SB-01KBA0 08.02D08 Size: 114473MB BusType: 3
12:05:42.984    Disk 0 MBR read successfully
12:05:42.984    Disk 0 MBR scan
12:05:42.984    Disk 0 Windows XP default MBR code
12:05:42.984    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       114463 MB offset 63
12:05:43.000    Disk 0 scanning sectors +234420480
12:05:43.031    Disk 0 scanning C:\WINDOWS\system32\drivers
12:05:52.296    Service scanning
12:06:02.937    Modules scanning
12:06:08.796    Disk 0 trace - called modules:
12:06:08.828    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:06:08.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87343ab8]
12:06:09.343    3 CLASSPNP.SYS[f7897fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x873cdd98]
12:06:09.578    AVAST engine scan C:\WINDOWS
12:06:11.921    AVAST engine scan C:\WINDOWS\system32
12:07:59.046    AVAST engine scan C:\WINDOWS\system32\drivers
12:08:13.343    AVAST engine scan C:\Documents and Settings\Owner
12:09:36.671    AVAST engine scan C:\Documents and Settings\All Users
12:12:30.890    Scan finished successfully
12:13:37.390    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
12:13:37.406    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


 

 

  • ESET results
  • There where 3 items 2 varients and a Trojan virus found but i lost them off the clip board


 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 19 March 2013 - 04:35 PM

Please post last few lines of TDSSkiller log

 

ESET log can be found here

 

C:\Program Files\ESET\EsetOnlineScanner\log.txt

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 05:19 PM

TDSSkiller log

12:24:53.0484 2060  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
12:24:53.0484 2060  C:\WINDOWS\system32\netui0.dll - ok
12:24:53.0484 2060  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
12:24:53.0484 2060  C:\WINDOWS\system32\netui1.dll - ok
12:24:53.0500 2060  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
12:24:53.0500 2060  C:\WINDOWS\system32\davclnt.dll - ok
12:24:53.0500 2060  ============================================================
12:24:53.0500 2060  Scan finished
12:24:53.0500 2060  ============================================================

 

 

ESETS Log

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=13ace57947c4f3488083892522b6adad
# engine=13431
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-19 08:57:48
# local_time=2013-03-19 01:57:48 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 91 0 139518540 0 0
# compatibility_mode=5892 16777213 88 94 2075864 4917524 0 0
# scanned=68075
# found=3
# cleaned=3
# scan_time=3169
sh=535FF579C917EA4C475E1A8D9E44E13CB465ECCF ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7WEUMCG7\kidstash_info[1].txt"
sh=D36FD57DFBDCFCA08F68CAF879EC35F769398044 ft=1 fh=c245a52bc5eb1295 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Owner\My Documents\PDFXVwer\PDFXVwer.exe"
sh=B05B2D025D4C59B08C094A391DE5E063DCA287C6 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Qhost.NMOQPCE trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\WINDOWS\system32\drivers\etc\hosts.old"
ESETSmartInstaller@High as downloader log:
all ok
 


12:24:53.0531 2620  Detected object count: 0
12:24:53.0531 2620  Actual detected object count: 0
12:25:25.0312 3136  Deinitialize success
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 19 March 2013 - 05:23 PM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log


 



#7 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 07:20 PM

  • Malwarebytes log
  • Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.19.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: HAROLD-7OIX4OHI [administrator]

    3/19/2013 4:11:39 PM
    mbam-log-2013-03-19 (16-11-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213265
    Time elapsed: 21 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  •  

  • MiniToolBox log
  • MiniToolBox by Farbar  Version:05-03-2013
    Ran by Owner (administrator) on 19-03-2013 at 16:37:19
    Running from "C:\Documents and Settings\Owner\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration

     

    Successfully flushed the DNS Resolver Cache.


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0

    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================

    ::1             localhost

    127.0.0.1       localhost

    ========================= IP Configuration: ================================

    Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)


    # ----------------------------------
    # Interface IP Configuration        
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp


    popd
    # End of interface IP configuration

     


    Windows IP Configuration

     

            Host Name . . . . . . . . . . . . : harold-7oix4ohi

            Primary Dns Suffix  . . . . . . . :

            Node Type . . . . . . . . . . . . : Unknown

            IP Routing Enabled. . . . . . . . : No

            WINS Proxy Enabled. . . . . . . . : No

     

    Ethernet adapter Local Area Connection:

     

            Connection-specific DNS Suffix  . :

            Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection

            Physical Address. . . . . . . . . : 00-13-72-90-B7-5D

            Dhcp Enabled. . . . . . . . . . . : Yes

            Autoconfiguration Enabled . . . . : Yes

            IP Address. . . . . . . . . . . . : 192.168.1.100

            Subnet Mask . . . . . . . . . . . : 255.255.255.0

            Default Gateway . . . . . . . . . : 192.168.1.1

            DHCP Server . . . . . . . . . . . : 192.168.1.1

            DNS Servers . . . . . . . . . . . : 68.116.46.115

                                                24.205.192.61

            Lease Obtained. . . . . . . . . . : Tuesday, March 19, 2013 12:20:44 PM

            Lease Expires . . . . . . . . . . : Wednesday, March 20, 2013 12:20:44 PM

    Server:  vip01mdfdor.mdfd.or.charter.com
    Address:  68.116.46.115

    Name:    google.com
    Addresses:  74.125.224.68, 74.125.224.73, 74.125.224.72, 74.125.224.70
       74.125.224.65, 74.125.224.64, 74.125.224.69, 74.125.224.66, 74.125.224.71
       74.125.224.78, 74.125.224.67

     

    Pinging google.com [74.125.224.103] with 32 bytes of data:

     

    Reply from 74.125.224.103: bytes=32 time=90ms TTL=53

    Reply from 74.125.224.103: bytes=32 time=111ms TTL=53

     

    Ping statistics for 74.125.224.103:

        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 90ms, Maximum = 111ms, Average = 100ms

    Server:  vip01mdfdor.mdfd.or.charter.com
    Address:  68.116.46.115

    Name:    yahoo.com
    Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109

     

    Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

     

    Reply from 98.139.183.24: bytes=32 time=664ms TTL=45

    Request timed out.

     

    Ping statistics for 98.139.183.24:

        Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 664ms, Maximum = 664ms, Average = 664ms

     

    Pinging 127.0.0.1 with 32 bytes of data:

     

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

     

    Ping statistics for 127.0.0.1:

        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 13 72 90 b7 5d ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100   20
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
          192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100   20
        192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1   20
        192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100   20
            224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100   20
      255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100   1
    Default Gateway:       192.168.1.1
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (03/19/2013 10:33:06 AM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:47:52 AM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:45:59 AM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:40:26 AM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 10:14:50 PM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 08:38:29 PM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 08:04:43 PM) (Source: Application Error) (User: )
    Description: Fault bucket -1084695126.
    The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

    Error: (03/18/2013 08:04:02 PM) (Source: Application Error) (User: )
    Description: Faulting application mbam.exe, version 1.62.0.140, faulting module mbamnet.dll, version 1.62.0.0, fault address 0x00056597.
    Processing media-specific event for [mbam.exe!ws!]

    Error: (03/18/2013 08:02:40 PM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 07:51:42 PM) (Source: Microsoft Security Client) (User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


    System errors:
    =============
    Error: (03/18/2013 07:51:10 PM) (Source: 0) (User: )
    Description: 0xC0000001HarddiskVolume1

    Error: (03/18/2013 00:11:43 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:11:35 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:11:27 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:11:17 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:11:04 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:10:57 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:10:49 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:10:00 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D

    Error: (03/18/2013 00:09:52 PM) (Source: 0) (User: )
    Description: \Device\Harddisk0\D


    Microsoft Office Sessions:
    =========================
    Error: (03/19/2013 10:33:06 AM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:47:52 AM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:45:59 AM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/19/2013 00:40:26 AM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 10:14:50 PM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 08:38:29 PM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 08:04:43 PM) (Source: Application Error)(User: )
    Description: -1084695126

    Error: (03/18/2013 08:04:02 PM) (Source: Application Error)(User: )
    Description: mbam.exe1.62.0.140mbamnet.dll1.62.0.000056597

    Error: (03/18/2013 08:02:40 PM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

    Error: (03/18/2013 07:51:42 PM) (Source: Microsoft Security Client)(User: )
    Description: mssecurityclientmsseces.exe4.2.223.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


    =========================== Installed Programs ============================

    7-Zip 9.22beta
    ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
    Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
    Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
    Adobe Reader 9.4.7 (Version: 9.4.7)
    Adobe Reader 9.5.4 (Version: 9.5.4)
    ArcSoft Panorama Maker 4
    avast! Free Antivirus (Version: 8.0.1483.0)
    CCleaner (Version: 3.26)
    Defraggler (Version: 2.12)
    Dell ResourceCD
    EPSON NX410 Series Printer Uninstall
    ESET Online Scanner v3
    File Uploader (Version: 1.2.5)
    Freeze.com NetAssistant (Version: 3.8.3)
    Google Talk Plugin (Version: 3.15.2.12038)
    Google Update Helper (Version: 1.3.21.135)
    ieSpell (Version: 2.6.4 (build 573))
    Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
    Intel® PRO Network Connections Drivers
    Java Auto Updater (Version: 2.0.2.4)
    Java™ 6 Update 23 (Version: 6.0.230)
    K-Lite Mega Codec Pack 6.0.4 (Version: 6.0.4)
    Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    NetAssistant (Version: 3.8.3)
    NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.133)
    Nikon Message Center (Version: 0.92.000)
    Nikon Transfer (Version: 1.5.3)
    PDF-Viewer (Version: 2.5.191.0)
    Picasa 3 (Version: 3.8)
    SoundMAX
    Speccy (Version: 1.11)
    Turbo Lister 2 (Version: 2.00.0000)
    Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
    VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
    WebFldrs XP (Version: 9.50.6513)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
    Windows Internet Explorer 8 (Version: 20090308.140743)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3 (Version: 20080414.031525)
    WinZip 15.5 (Version: 15.5.9468)
    Yahoo! Software Update

    ========================= Devices: ================================


    ========================= Memory info: ===================================

    Percentage of memory in use: 67%
    Total physical RAM: 1021.98 MB
    Available physical RAM: 332.95 MB
    Total Pagefile: 1692.82 MB
    Available Pagefile: 1218.96 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.79 MB

    ========================= Partitions: =====================================

    2 Drive c: () (Fixed) (Total:111.78 GB) (Free:87.18 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\HAROLD-7OIX4OHI

    Administrator            Guest                    HelpAssistant           
    Owner                    SUPPORT_388945a0        


    **** End of log ****

  •  

  • Farbar's Service Scanner log
  • Farbar Service Scanner Version: 03-03-2013
    Ran by Owner (administrator) on 19-03-2013 at 16:41:13
    Running from "C:\Documents and Settings\Owner\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.
    Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2010-06-08 08:24] - [2008-04-13 17:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2002-09-03 09:59] - [2009-02-06 04:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


    Extra List:
    =======
    aswTdi(10) Gpc(3) IPSec(5) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
    0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
    IpSec Tag value is correct.

    **** End of log ****

  •  

  • AdwCleaner log
  • # AdwCleaner v2.115 - Logfile created 03/19/2013 at 16:42:47
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Owner - HAROLD-7OIX4OHI
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ne2p98s9.default\extensions\64ffxtbr@TelevisionFanatic.com
    Folder Found : C:\Program Files\Freeze.com

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ne2p98s9.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2507 octets] - [19/03/2013 16:42:47]

    ########## EOF - C:\AdwCleaner[R1].txt - [2567 octets] ##########

  •  

  • Junkware Removal Tool log
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.2 (03.15.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Owner on Tue 03/19/2013 at 16:45:27.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    ~~~ Services

     

    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

     

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
    Successfully deleted: [Registry Key] hkey_current_user\software\softonic
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}

     

    ~~~ Files

     

    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\freeze.com"
    Successfully deleted: [Folder] "C:\Program Files\televisionfanatic"

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 03/19/2013 at 17:03:00.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Rkill log : to Follow
  • Autoruns log: To Follow


 



#8 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 08:30 PM

Rkill Log

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/19/2013 05:23:13 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\acs.exe (PID: 132) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 03/19/2013 05:24:12 PM
Execution time: 0 hours(s), 0 minute(s), and 58 seconds(s)

 

Autoruns Log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "WinZip Quick Pick.lnk" "WinZip Quick Pick" "WinZip Computing, S.L." "c:\program files\winzip\wzqkpick32.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "InfoPage" "PDF-XChange Shell Extention" "Tracker Software Products Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "PXCInfoShlExt Class" "PDF-XChange Shell Extention" "Tracker Software Products Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "ieSpell" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM"
+ "ieSpell Options" "" "" "File not found: C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-515967899-688789844-725345543-1003Core.job" "Google Installer" "Google Inc." "c:\documents and settings\owner\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-515967899-688789844-725345543-1003UA.job" "Google Installer" "Google Inc." "c:\documents and settings\owner\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACS" "Gives access to single sign on and a mechanism to communicate with the supplicant for security negotiation." "Atheros" "c:\windows\system32\acs.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "jswpsapi" "Provides support for JumpStart using Wi-Fi Protected Setup." "Atheros Communications, Inc." "c:\program files\netgear\wna1100\jswpsapi.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WSWNA1100" "Wifi Service" "" "c:\program files\netgear\wna1100\wifisvc.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AR9271" "Driver for Atheros Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athuw.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswRvrt" "avast! Revert" "" "c:\windows\system32\drivers\aswrvrt.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "aswVmm" "avast! VM Monitor" "" "c:\windows\system32\drivers\aswvmm.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E1000" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1000325.sys"
+ "Edspport" "ESS Telephony Driver" "ESS Technology, Inc." "c:\windows\system32\drivers\es56tpi.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "JSWSCIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\jswscimd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "OMCI" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WSIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\wsimd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Video/SP Decoder (PDVD10)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\k-lite codec pack\filters\divxdech264.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MPC - CDXA Reader" "CDXA Reader Filter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\cdxareader.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - RealAudio Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "MPC - RealMedia Source" "RealMedia Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "MPC - RealMedia Splitter" "RealMedia Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "MPC - RealVideo Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WebM VP8 Decoder Filter" "WebM VP8 Decoder Filter" "Google" "c:\program files\k-lite codec pack\filters\vp8decoder.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON NX410 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbfca.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "ACS" "Atheros Wireless LAN" "Atheros" "c:\windows\system32\athgina.dll"
 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 19 March 2013 - 08:34 PM

Launch Adware cleaner and click on DELETE,post the new log

 

Restart the PC and let me know if you still have issues


Edited by narenxp, 19 March 2013 - 09:55 PM.


#10 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 09:46 PM

ADwCleaner Log

 

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 19:31:16
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HAROLD-7OIX4OHI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ne2p98s9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2636 octets] - [19/03/2013 16:42:47]
AdwCleaner[S1].txt - [2141 octets] - [19/03/2013 19:19:40]
AdwCleaner[S2].txt - [839 octets] - [19/03/2013 19:31:16]

########## EOF - C:\AdwCleaner[S2].txt - [898 octets] ##########



#11 Firerock

Firerock
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 19 March 2013 - 09:54 PM

Farbar service scanner Log

 

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 19-03-2013 at 19:52:11
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-06-08 08:24] - [2008-04-13 17:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2002-09-03 09:59] - [2009-02-06 04:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:10 AM

Posted 19 March 2013 - 09:57 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users