Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack.WindowsUpdates and embedded junk in pages


  • This topic is locked This topic is locked
6 replies to this topic

#1 jmcmilla

jmcmilla

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 07 June 2013 - 10:45 AM

Hello,

I have a computer that had several issues on it.  Most have been cleared up by repeatedly running malwarebytes.  However, there are two issues that remain that malwarebytes reports.  Both have the vendor of "Hijak.WindowsUpdates" and a Category of "Registry Data".  I think there are other issues as various web pages have junk embedded in them.  I ran DDS.exe as instructed by the preparation guide.

 

Any help in this matter will be appreciated.  Many thanks in advance.

 

************************************  attach.txt ******************************************************************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2005 3:01:50 PM
System Uptime: 6/6/2013 2:34:14 PM (21 hours ago)
.
Motherboard: Dell Computer Corporation |  | 0D2125
Processor:         Intel® Pentium® M processor 2.00GHz | Microprocessor | 1998/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 13.539 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1350 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Manufacturer: Broadcom
Name: Dell Wireless 1350 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00031028&REV_03\4&39A85202&0&18F0
Service: BCM43XX
.
==== System Restore Points ===================
.
RP370: 3/11/2013 2:30:44 PM - System Checkpoint
RP371: 3/15/2013 1:32:47 PM - System Checkpoint
RP372: 3/17/2013 6:24:05 PM - System Checkpoint
RP373: 4/11/2013 10:53:58 AM - System Checkpoint
RP374: 4/25/2013 11:51:30 AM - Installed Java 7 Update 21
RP375: 4/26/2013 9:36:02 PM - System Checkpoint
RP376: 6/4/2013 8:36:08 PM - System Checkpoint
RP377: 6/5/2013 9:23:39 PM - System Checkpoint
RP378: 6/6/2013 9:51:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
1400
1400_Help
1400Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
ALPS Touch Pad Driver
Anatomy and Physiology Review
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASF
ATI Control Panel
ATI Display Driver
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
BufferChm
Conexant D480 MDC V.92 Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell Wireless WLAN Card
Destinations
DeviceManagementQFolder
Digital Line Detect
DocProc
DVDSentry
Easy CD Creator 5 Basic
eSupportQFolder
ExFriendAlert
Fax
Fax_CDA
Foxit Reader
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InterVideo WinDVD
IrfanView (remove only)
iTunes
Java 7 Update 21
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Modem Helper
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
NewCopy
NewCopy_CDA
ProductContext
QuickSet
QuickTime
Readme
Sansa Media Converter
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/6/2013 2:45:29 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.1613.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80070002  Error description: The system cannot find the file specified.
6/5/2013 8:55:36 AM, error: Service Control Manager [7034]  - The Broadcom ASF IP monitoring service v6.0.3 service terminated unexpectedly.  It has done this 1 time(s).
6/5/2013 8:55:23 AM, error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
6/5/2013 8:54:14 AM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
6/5/2013 8:54:14 AM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll. Reference error message: The operation completed successfully. .
6/5/2013 8:54:14 AM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Spybot - Search & Destroy 2\libssl32.dll. Reference error message: The operation completed successfully. .
6/5/2013 8:54:14 AM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll. Reference error message: The operation completed successfully. .
6/5/2013 8:54:14 AM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
6/5/2013 5:21:24 PM, error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/5/2013 5:21:24 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/5/2013 5:21:23 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/4/2013 8:57:41 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  APPDRV Fips intelppm MpFilter
6/4/2013 8:48:06 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 8:48:06 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 8:48:06 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 8:48:06 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 8:48:04 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80070002  Error description: The system cannot find the file specified.
6/4/2013 8:19:15 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
6/4/2013 7:31:36 PM, error: Service Control Manager [7000]  - The Automatic Updates service failed to start due to the following error:  The system cannot find the file specified.
6/4/2013 7:31:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80070002  Error description: The system cannot find the file specified.
6/4/2013 7:31:36 PM, error: DCOM [10005]  - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/4/2013 7:06:56 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072efd  Error description: A connection with the server could not be established
6/4/2013 7:06:56 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072efd  Error description: A connection with the server could not be established
6/4/2013 7:06:56 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072efd  Error description: A connection with the server could not be established
6/4/2013 7:06:56 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072efd  Error description: A connection with the server could not be established
6/4/2013 7:05:10 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80070002  Error description: The system cannot find the file specified.
6/4/2013 7:04:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde
6/4/2013 7:04:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
6/4/2013 7:04:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
6/4/2013 7:04:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
6/4/2013 7:04:04 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/4/2013 7:04:04 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/4/2013 7:04:04 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/4/2013 7:04:04 PM, error: Service Control Manager [7000]  - The Background Intelligent Transfer Service service failed to start due to the following error:  The system cannot find the file specified.
6/4/2013 7:02:57 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
6/4/2013 7:00:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/4/2013 1:33:54 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/4/2013 1:23:43 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 1:23:43 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiVirus  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 1:23:43 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 1:23:43 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Malware Protection Center  Update Stage: Search  Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9506.0&avdelta=1.151.952.0&asdelta=1.151.952.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094  Signature Type: AntiSpyware  Update Type: Full  User: D31Q5T61\Brianna  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x80072ee7  Error description: The server name or address could not be resolved
6/4/2013 1:23:42 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.151.952.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9506.0  Error code: 0x8007043c  Error description: This service cannot be started in Safe Mode
6/4/2013 1:23:42 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Brianna at 11:26:57 on 2013-06-07
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.61 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uProxyServer = localhost:21320
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ExFriendAlert: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\exfriendalert\ie\common.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [bascstray] BascsTray.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 128.175.13.16 128.175.13.17
TCP: Interfaces\{799F244C-7AA7-4371-A4F4-D8867A22E071} : NameServer = 128.175.21.180
TCP: Interfaces\{799F244C-7AA7-4371-A4F4-D8867A22E071} : DHCPNameServer = 128.175.13.16 128.175.13.17
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brianna\application data\mozilla\firefox\profiles\4hnyp4na.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-6-4 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-4 1033688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-6 40776]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2005-2-11 92550]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-4 171928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
.
=============== File Associations ===============
.
ShellExec: MediaConverter.exe: open="c:\program files\sandisk\sansa media converter\uMediaConverter.exe" "%1"
.
=============== Created Last 30 ================
.
2013-06-06 18:46:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-04 23:32:50 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abd5f83b-deda-45d5-baeb-e7af0ec80f4c}\mpengine.dll
2013-06-04 17:36:22 -------- d-----w- c:\documents and settings\brianna\application data\SUPERAntiSpyware.com
2013-06-04 17:36:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-04 17:36:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-06-04 17:35:16 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-04 17:35:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-06-04 12:48:21 -------- d-----w- c:\documents and settings\brianna\local settings\application data\PCHealth
2013-05-19 02:08:45 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-05-16 19:26:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 19:26:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:28:29.89 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 AM

Posted 10 June 2013 - 08:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 jmcmilla

jmcmilla
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 June 2013 - 12:21 PM

Hi nasdaq,

I appreciate your assistance in this matter.

 

Many thanks

 

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 11:13:23
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Lerner IT - D31Q5T61
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Lerner IT\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Brianna\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Brianna\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Brianna\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Brianna\Local Settings\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Viewpoint
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [3724 octets] - [10/06/2013 11:13:23]

########## EOF - C:\AdwCleaner[S1].txt - [3784 octets] ##########

 

 

ComboFix 13-06-08.02 - Lerner IT 06/10/2013  12:04:18.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.4 [GMT -4:00]
Running from: c:\documents and settings\Lerner IT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\drivers\fad.sys
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-10 to 2013-06-10  )))))))))))))))))))))))))))))))
.
.
2013-06-10 14:19 . 2013-06-10 14:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Seagate
2013-06-10 14:13 . 2013-06-10 14:18 -------- d-----w- c:\program files\Seagate
2013-06-10 14:05 . 2013-06-10 14:59 -------- d-----w- c:\documents and settings\Lerner IT
2013-06-10 13:37 . 2013-06-10 13:37 -------- d-----w- c:\program files\Roadkil.Net
2013-06-09 06:01 . 2013-06-10 15:18 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD5F83B-DEDA-45D5-BAEB-E7AF0EC80F4C}\offreg.dll
2013-06-09 06:01 . 2013-06-09 06:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD5F83B-DEDA-45D5-BAEB-E7AF0EC80F4C}\MpKsl9a74af10.sys
2013-06-04 23:32 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD5F83B-DEDA-45D5-BAEB-E7AF0EC80F4C}\mpengine.dll
2013-06-04 17:36 . 2013-06-04 17:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-04 17:36 . 2013-06-04 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-04 17:35 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-04 17:35 . 2013-06-04 17:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-19 02:08 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:26 . 2012-05-15 23:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 19:26 . 2012-05-15 23:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 06:06 . 2010-02-16 19:20 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 18:50 . 2009-02-16 22:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:35 . 2013-04-25 15:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-10-08 610304]
"DVDSentry"="c:\windows\system32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-11 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-01-19 17:49 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
R1 MpKsl9a74af10;MpKsl9a74af10;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ABD5F83B-DEDA-45D5-BAEB-E7AF0EC80F4C}\MpKsl9a74af10.sys [6/9/2013 2:01 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 4:11 PM 119056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [6/4/2013 1:35 PM 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [6/4/2013 1:35 PM 1033688]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2/11/2005 2:40 PM 92550]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [6/4/2013 1:35 PM 171928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 11:48 AM 235216]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:27]
.
2013-06-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2013-06-10 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-06-04 14:58]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-25 15:47]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-25 15:47]
.
2013-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2013-06-10 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2013-06-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-06-04 14:57]
.
2013-06-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-06-04 14:58]
.
2013-06-10 c:\windows\Tasks\User_Feed_Synchronization-{6E5F2850-F7CB-4D76-AA50-DA2C842168AF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
TCP: DhcpNameServer = 128.175.13.16 128.175.13.17
TCP: Interfaces\{799F244C-7AA7-4371-A4F4-D8867A22E071}: NameServer = 128.175.21.180
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-bascstray - BascsTray.exe
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 12:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-06-10  12:26:34
ComboFix-quarantined-files.txt  2013-06-10 16:26
.
Pre-Run: 13,794,684,928 bytes free
Post-Run: 13,928,779,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B52DD6341563C2C461C69C145C96FEFC
8F558EB6672622401DA993E1E865C861
 

 

 

 Results of screen317's Security Check version 0.99.64 
 Windows XP Service Pack 3 x86  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 21 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Spybot Teatimer.exe is disabled!
 Microsoft Security Client Antimalware MsMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

 

 

Thanks again



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 AM

Posted 11 June 2013 - 07:05 AM

Looking better. Is the problem persisting?

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#5 jmcmilla

jmcmilla
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 11 June 2013 - 08:34 AM

Hi nasdaq,

I am not noticing any of the symptoms.  I also noticed that the computer is performing windows updates now.  This machine got pretty bad.

Many thanks,



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 AM

Posted 11 June 2013 - 12:16 PM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:40 AM

Posted 11 June 2013 - 12:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users