Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pum.disabled.securitycenter


  • Please log in to reply
13 replies to this topic

#1 xmyriadx

xmyriadx

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 07 May 2013 - 12:19 AM

Malwarebytes found this.  Any help, thanks!



BC AdBot (Login to Remove)

 


#2 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 07 May 2013 - 10:59 AM

Security Check

§  Download Security Check from here or here and save it to your Desktop.

§  Double-click on SecurityCheck.exe

§  Follow the on-screen instructions.

§  Notepad document should open automatically called checkup.txt.

§  Please post the content of that document.

 

Farbar Service Scanner

§  Download Farbar Service Scanner.

§  Run it on the computer.

§  Make sure the following options are checked:

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory where you run the tool.

§  Please copy and paste the log to your reply.

 

MiniToolBox

§  Download MiniToolBox

§  Run it on the computer.

§  Checkmark following boxes:

§  Report IE Proxy Settings

§  Report FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices (do NOT change any settings here)

§  List Users, Partitions and Memory size

§  Click Go and post the result.

 

Malwarebytes’ Anti-Malware

§  Download Malwarebytes' Anti-Malware https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

§  Double-click mbam-setup.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

§  If an update is found, it will download and install the latest version.

§  Once the program has loaded, select Perform quick scan, then click Scan.

§  When the scan is complete, click OK, then Show Results to view the results.

§  Be sure that everything is checked, and click Remove Selected.

§  When completed, a log will open in Notepad.

§  Post the log back here.

§  Be sure to restart the computer.

§  The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Malwarebytes’ Anti-Rootkit

§  Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

§  Unzip downloaded file.

§  Open the folder where the contents were unzipped and run mbar.exe

§  Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

§  DO NOT click on the Cleanup button. Simply exit the program.

§  When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

 AdwCleaner

·         Please download AdwCleaner by Xplode onto your desktop.

·         Close all open programs and internet browsers.

·         Double click on adwcleaner.exe to run the tool.

·         Click on Delete.

·         Confirm each time with Ok.

·         Your computer will be rebooted automatically. A text file will open after the restart.

·         Please post the contents of that logfile with your next reply.

·         You can find the logfile at C:\AdwCleaner[S1].txt as well.

Junkware Removal Tool

§  Please download Junkware Removal Tool to your desktop.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

 

Temp File Cleaner

§  Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

§  Double click on TFC.exe to run the program.

§  Click on Start button to begin cleaning process.

§  TFC will close all running programs, and it may ask you to restart computer.

§  NOTE. If it freezes in normal mode run it from safe mode. Be patient

 

Reset browsers

 

How to restore Google Chrome:
1. Close the Google Chrome browser, if it is running.
2. Go to Start menu, search for Run and open it. Or find it out from the Start menu, All programs, Accessories.
3. Type the following line according to the OS in the run box.

%LOCALAPPDATA%\Google\Chrome\User Data\ (in Windows 8/7/Vista)
%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\ (in Windows Xp). And hit Enter.

4. There is a folder named Default and this folder contains all the current settings.

5. Rename the Default folder to Default.old.

6. Now lunch the Google Chrome.

See, all the original settings are restored. A new folder "Default" will be created and it will hold all settings for now.

 

How to restore Internet Explorer in Windows 8:

1.     Swipe in from the right edge of the screen (if you're using a mouse, point to the upper-right corner of the screen and move the mouse pointer down), and then tap or click Search. Enter Internet options in the search box, and then tap or click Settings.

 

2.     In the search results, tap or click Internet Options. Tap or click the Advanced tab and then tap or click Reset… 
Note:
 Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data. 

 

3.     In the Reset Internet Explorer Settings window tap or click Reset 
Note: 
To delete all personal settings,tap or click the checkbox for Delete personal settings.

 

4.     Close and then restart Internet Explorer for the changes to take effect.

 

How to restore Internet Explorer in Windows XP, Vista or 7:

1.     Exit all programs, including Internet Explorer.

 

2.     If you use Windows XP, click Start, and then click Run. Type the following command in the Open box, and then press Enter: inetcpl.cpl

If you use Windows 7 or Windows Vista, click Start

Type the following command in the Search box, and then press Enter: inetcpl.cpl

The Internet Options dialog box appears.

 

3.     Click the Advanced tab.

 

4.     Under Reset Internet Explorer settings, click Reset. Then click Reset again.
Click to select the Delete personal settings check box if you also want to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

 

5.     When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

 

6.     Start Internet Explorer again.

 

How to restore Firefox:

1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
and select Troubleshooting Information.

2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

3. To continue, click Reset Firefox in the confirmation window that opens.

4. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

 

Please do the following :

§  Update Internet Explorer, Mozilla Firefox and Google Chrome

§  Update Java

§  Update Adobe Flash, Shockwave, Air and Reader

§  Update Windows

 

NOTE 1. Make sure all logs are pasted not attached.

NOTE 2. You must have only ONE antivirus on the computer. I recommend a paid antivirus like Norton 360, Kaspersky Pure or Malwarebytes Pro or a free antivirus like Avast, AVG or Microsoft Security Essentials



#3 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  

Posted 08 May 2013 - 08:14 PM

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 Java 7 Update 21  
 Adobe Flash Player     11.7.700.169  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 CA eTrust Antivirus InoRpc.exe  
 CA eTrust Antivirus InoRT.exe  
 CA eTrust Antivirus InoTask.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#4 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 08:16 PM

Farbar Service Scanner Version: 14-04-2013
Ran by Owner (administrator) on 08-05-2013 at 18:16:03
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2011-04-24 15:00] - [2006-05-19 05:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2011-04-24 15:00] - [2008-08-14 02:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2011-04-24 15:00] - [2004-08-04 00:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2011-04-24 15:00] - [2008-06-20 03:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2011-04-24 15:00] - [2004-08-04 00:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 01:56] - [2005-08-22 11:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-04-27 16:38] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2005-04-27 16:39] - [2004-08-04 01:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2011-04-24 15:00] - [2004-08-04 00:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-04-27 16:38] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2005-04-27 16:40] - [2004-08-04 01:56] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2011-04-24 15:01] - [2004-08-04 01:56] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 01:56] - [2008-07-07 13:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 01:56] - [2009-02-09 03:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2011-04-24 15:00] - [2009-02-06 10:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
Gpc(3) IPSec(5) MDC8021X(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****



#5 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 08:19 PM

MiniToolBox by Farbar  Version:21-04-2013
Ran by Owner (administrator) on 08-05-2013 at 18:18:17
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : JohnComputer

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection 3:



        Connection-specific DNS Suffix  . : Belkin

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-13-20-07-83-83

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.2.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.2.1

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.2.1

        Lease Obtained. . . . . . . . . . : Wednesday, May 08, 2013 5:03:13 PM

        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 8:14:07 PM

Server:  router.Belkin
Address:  192.168.2.1

Name:    google.com
Addresses:  173.194.46.3, 173.194.46.2, 173.194.46.1, 173.194.46.0
      173.194.46.14, 173.194.46.9, 173.194.46.8, 173.194.46.7, 173.194.46.6
      173.194.46.5, 173.194.46.4



Pinging google.com [173.194.46.4] with 32 bytes of data:



Reply from 173.194.46.4: bytes=32 time=54ms TTL=51

Reply from 173.194.46.4: bytes=32 time=54ms TTL=51



Ping statistics for 173.194.46.4:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 54ms, Maximum = 54ms, Average = 54ms

Server:  router.Belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=78ms TTL=46

Reply from 206.190.36.45: bytes=32 time=80ms TTL=46



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 78ms, Maximum = 80ms, Average = 79ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 07 83 83 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0      192.168.2.2     192.168.2.2      20
      192.168.2.0    255.255.255.0      192.168.2.2     192.168.2.2      20
      192.168.2.2  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.2.255  255.255.255.255      192.168.2.2     192.168.2.2      20
        224.0.0.0        240.0.0.0      192.168.2.2     192.168.2.2      20
  255.255.255.255  255.255.255.255      192.168.2.2     192.168.2.2      1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/02/2013 05:29:02 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80004002morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (05/02/2013 05:28:54 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/20/2013 02:24:44 AM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/04/2013 04:32:24 AM) (Source: MSSecurityEssentials) (User: )
Description: mssecurityessentialsmsseces.exe1.0.1963.00x8024402cupdatecmainwindow__onsignatureupdatestatus0NILNILNILNIL

Error: (04/04/2013 04:32:24 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry8024402cendsearchsearch2.1.6805.0mpsigdwn.dll2.1.6805.0microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde)NILNILNIL

Error: (04/01/2013 10:25:26 AM) (Source: GenericUpdater) (User: )
Description: BITS download from http://transfermaster.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (04/01/2013 10:24:22 AM) (Source: GenericUpdater) (User: )
Description: BITS download from http://virtuallyreality.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (03/30/2013 04:48:31 AM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2013 03:39:28 AM) (Source: GenericUpdater) (User: )
Description: BITS download from http://virtuallyreality.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (02/09/2013 04:33:34 AM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/08/2013 05:03:29 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (05/08/2013 05:03:22 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/08/2013 04:02:14 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (05/08/2013 04:02:07 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/08/2013 01:36:35 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (05/08/2013 01:36:28 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/07/2013 11:46:00 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (05/07/2013 11:45:53 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (05/07/2013 09:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (05/07/2013 09:15:37 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================
Error: (05/02/2013 05:29:02 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.2.223.00x80004002morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (05/02/2013 05:28:54 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (04/20/2013 02:24:44 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (04/04/2013 04:32:24 AM) (Source: MSSecurityEssentials)(User: )
Description: mssecurityessentialsmsseces.exe1.0.1963.00x8024402cupdatecmainwindow__onsignatureupdatestatus0NILNILNILNIL

Error: (04/04/2013 04:32:24 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch2.1.6805.0mpsigdwn.dll2.1.6805.0microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde)NILNILNIL

Error: (04/01/2013 10:25:26 AM) (Source: GenericUpdater)(User: )
Description: BITS download from http://transfermaster.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (04/01/2013 10:24:22 AM) (Source: GenericUpdater)(User: )
Description: BITS download from http://virtuallyreality.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (03/30/2013 04:48:31 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (03/30/2013 03:39:28 AM) (Source: GenericUpdater)(User: )
Description: BITS download from http://virtuallyreality.info/get/?ver=1701&data=NP6yu5%2BsLQyOzDWYSUjOWpEyT%2BASToFa7ZF7Fj438keT2T failed 5:-2145844844 The requested URL does not exist on the server.

Error: (02/09/2013 04:33:34 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000


=========================== Installed Programs ============================

2Wire Wireless Client
3D Windows XP Screen Saver
7-Zip 9.20
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
AIM for Windows
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
American Flag Screen Saver
AmpliTube LE (Version: 1.1.0)
ANWIDA Soft Spazio 1.0 DEMO
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Audacity 1.2.6
Belarc Advisor 7.0
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.4)
BitTorrent 4.0.2
Bonjour (Version: 1.0.106)
BrowseToSave 1.74
Bundled software uninstaller
CA eTrust Antivirus (Version: 7.1.0192)
Cakewalk VST Adapter 4
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.0.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.0.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Collab
ConvertHelper 2.2
DataPilot (Version: 6.00.0000)
Digital Audio System (Version: 1.0)
discWelder BRONZE Trial (E-MU)
DivX Content Uploader (Version: 1.2.1)
DivX Web Player (Version: 1.3.1)
DownloadTerms (Version: 1.0)
DreamStation DXi2
Driver Detective (Version: 8.0.1)
DVD Shrink 3.2
DVD Solution
DVDFab Decrypter 2.9.7.7
DVDFab Platinum 3.2.0.0 Ghosthunter release
ExtractNow
Facebook Plug-In
FixWindowsUpdate (Version: 1.00.0000)
FL Studio 6
FLAC Installer 1.1.2a (remove only) (Version: 1.1.2a)
Free Music Zilla
GadgetBox Expansion (Version: 1.0)
GEAR 32bit Driver Installer (Version: 1.000.6)
Google Updater (Version: 2.4.2432.1652)
HijackThis 2.0.2 (Version: 2.0.2)
HP PrecisionScan LT Software
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Internet Explorer Toolbar 4.8 by SweetPacks (Version: 4.8.0000)
IrfanView (remove only)
iTunes (Version: 9.0.1.8)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JussDrop (Version: 3.4.1)
Kjaerhus Audio MPL-1 v1.02 VST
Live 4.1.5
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
LookInMyPC
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Medi@Show
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSN Music Assistant
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Multimedia Launcher
Nero 6 Ultra Edition
Netflix Movie Viewer (Version: 1.2.211)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PCFriendly
Picasa 3 (Version: 3.1)
Plaxo Toolbar for Windows
Power2Go 3.0
PowerDirector
PowerDVD
PowerProducer
QuickTime (Version: 7.64.17.73)
RealPlayer
Realtek AC'97 Audio
Riva FLV Encoder 2.0 (Version: 2.00.0004)
SBC Yahoo! DSL Home Networking Installer
SMPlayer 0.6.9 (Version: 0.6.9)
SONAR LE
Sony DVD Architect 3.0 (Version: 3.0.106)
Sony Media Manager 2.0 (Version: 2.0.30)
Sony Media Manager 2.2 (Version: 2.2.58)
Sony Noise Reduction Plug-In 2.0h (Version: 2.0.451)
Sony Sound Forge 9.0 (Version: 9.0.441)
Sony Vegas 7.0 (Version: 7.0.115)
SoundMAX (Version: 5.12.01.5246)
Speccy (Version: 1.05)
Steinberg Cubase LE
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
SureThing CD Labeler Deluxe 3.1
Susteen Launcher (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB894391) (Version: 1)
Update for Windows XP (KB896727) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB900485) (Version: 2)
Update for Windows XP (KB910437) (Version: 1)
Update for Windows XP (KB911280) (Version: 2)
Update for Windows XP (KB914882) (Version: 1)
Update for Windows XP (KB916595) (Version: 1)
Update for Windows XP (KB920872) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Update for Windows XP (KB925720) (Version: 1)
Update for Windows XP (KB927891) (Version: 3)
Update for Windows XP (KB929338) (Version: 1)
Update for Windows XP (KB930916) (Version: 1)
Update for Windows XP (KB931836) (Version: 1)
Update for Windows XP (KB933360) (Version: 1)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB938828) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB942840) (Version: 1)
Update for Windows XP (KB946627) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
USB-IrDA Adapter
VIA Rhine-Family Fast Ethernet Adapter
Video Mover
Voxengo Elephant VST 2.7
Voxengo Polysquasher VST 1.5
Voxengo Voxformer VST 1.9
Voxengo Warmifier VST 1.6
WaveLab Lite (Version: 2.6.0.243)
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333 (Version: 20050114.005213)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890175 (Version: 20041201.233338)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB890923 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Hotfix - KB893066 (Version: 1)
Windows XP Hotfix - KB893086 (Version: 1)
WinRAR archiver
WinZip (Version:  9.0  (6028))

========================= Devices: ================================

Name: E-MU E-DSP Audio Processor (WDM)
Description: E-MU E-DSP Audio Processor (WDM)
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Creative Technology, Ltd.
Service: ctaud2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1021.98 MB
Available physical RAM: 404.08 MB
Total Pagefile: 1694.94 MB
Available Pagefile: 1213.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.3 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.05 GB) (Free:11.44 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHNCOMPUTER

Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         


**** End of log ****



#6 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 08:29 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.07.10

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: JOHNCOMPUTER [administrator]

5/8/2013 6:20:01 PM
mbam-log-2013-05-08 (18-20-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230291
Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#7 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 08 May 2013 - 08:40 PM

When you will finish the other steps, do that :

 

1 - Update Windows (SP3, etc)
 
2 - Update Adobe Reader
 
3 - Install Microsoft Security Essentials
 
4 - Remove these from the control panel :
3D Windows XP Screen Saver
American Flag Screen Saver
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
BitTorrent 4.0.2
BrowseToSave 1.74
Bundled software uninstaller
DownloadTerms (Version: 1.0)
HijackThis 2.0.2 (Version: 2.0.2)
Live 4.1.5
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Plaxo Toolbar for Windows


#8 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 09:24 PM

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: JOHNCOMPUTER [administrator]

5/8/2013 7:04:55 PM
mbar-log-2013-05-08 (19-04-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27301
Time elapsed: 26 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Documents and Settings\Owner\Local Settings\temp\pricepeep_130001_0101.exe (Adware.Shopper) -> Delete on reboot.

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 2 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 468860928

------------ Kernel report ------------
     05/08/2013 18:37:37
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
ino_flpy.sys
PxHelp20.sys
TPkd.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
uagp35.sys
sonyhcb.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\cdrbsvsd.SYS
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\BANTExt.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\Drivers\ino_fltr.sys
\SystemRoot\system32\DRIVERS\mdc8021x.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\PPSCAN.SYS
\SystemRoot\System32\drivers\aspi32.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\AFGSp50.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff873c8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff873a3d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff873c8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87391640, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff873c8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff873a3d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe2f438d0, 0xffffffff873c8ab8, 0xffffffff86968ab8
Lower DeviceData: 0xffffffffe2f330a0, 0xffffffff873a3d98, 0xffffffff86656f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 71338E51

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 312576642
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: c:\Documents and Settings\Owner\Local Settings\temp\pricepeep_130001_0101.exe --> [Adware.Shopper]
Read File: File "c:\WINDOWS\$NtUninstallKB891781$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB893066$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB873339$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB885250$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB885836$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB886185$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB886185$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB887742$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB887742$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB888113$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB888302$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB890175$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB890923$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
 



#9 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  

Posted 08 May 2013 - 09:31 PM

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 19:27:34
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - JOHNCOMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(3).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Bundled software uninstaller
Folder Deleted : C:\Program Files\SweetIM

***** [Registry] *****

Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17055

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7tzv7ke8.default\prefs.js

Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xwahna7n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4580 octets] - [25/03/2013 20:44:18]
AdwCleaner[S2].txt - [2023 octets] - [24/04/2013 23:54:22]
AdwCleaner[S3].txt - [1302 octets] - [02/05/2013 04:32:29]
AdwCleaner[S4].txt - [6961 octets] - [08/05/2013 19:27:34]

########## EOF - C:\AdwCleaner[S4].txt - [7021 octets] ##########

 



#10 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 09:42 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 05/08/2013 at 19:32:01.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1202660629-1972579041-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\7tzv7ke8.default\prefs.js

user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\7tzv7ke8.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/08/2013 at 19:36:01.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#11 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 08 May 2013 - 10:40 PM

Could not uninstall:  AOL Uninstaller, or find Bundled software uninstaller.

 

Did I have any potential virus that made my computer a backdoor for web browsing info & security, or online banking?  Thanks



#12 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 08 May 2013 - 10:49 PM

Its clean now



#13 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 09 May 2013 - 12:16 AM

So whatever I had was not severe to worry about?  Hopefully all is well.  Thanks for your help!



#14 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 09 May 2013 - 02:46 AM

Exactly :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users