Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection causing slow down, video problems, and redirects.


  • This topic is locked This topic is locked
4 replies to this topic

#1 KingYoshi

KingYoshi

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 June 2013 - 03:24 PM

I'm getting redirects on most links. I'm also experiencing unusually slow video loading as well as random slow down with general browsing. I ran MBAM, and it found a few infections. They were cleaned/deleted, but the problem still remains. Here is the MBAM log, followed by the DDS log (which I ran after both MBAM was fully completed and I restarted my computer).

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 913061107

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/11/2013 8:19:47 PM
mbam-log-2013-06-11 (20-19-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 384489
Time elapsed: 1 hour(s), 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Yoshi 3\local settings\application data\Sun\Java\deployment\cache\6.0\36\6b225264-13e4b675 (Trojan.Agent.CDGen) -> No action taken.
c:\Qoobox\quarantine\C\documents and settings\Yoshi 3\local settings\application data\dealcabby\ie\dealcabby.dll.vir (Adware.DealCabby) -> No action taken.
c:\system volume information\_restore{29980911-92bd-43b1-8d22-ff0a02ec9d55}\RP874\A0687167.dll (Adware.DealCabby) -> No action taken.
 

 

Now here is the DDS.txt followed by the Attach.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180  BrowserJavaVersion: 10.17.2
Run by Yoshi 3 at 16:12:00 on 2013-06-14
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1022.455 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\REGSVR32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=6a1885c1&toolbarid=blekkotb_002&u=4C768065082E7560AB9064501E1CD107&tbp=homepage
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.6.0.29\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Mal Updater 2] c:\program files\mal updater 2\MalUpdater.exe
uRun: [OpenOffice.org] REGSVR32.EXE "c:\documents and settings\yoshi 3\local settings\application data\openoffice.org\yfcjoqxw.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMgA4ADQAMAA1ADIAOAA4ADcALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.894
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{94E0739F-AE10-4E6D-BF3F-59A5B0023FEB} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: dimsntfy - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-24 03:58; {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}; c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
FF - ExtSQL: 2013-05-30 15:20; {4EF4CD41-B71C-6FA4-8F0D-C1E8FBC687D7}; c:\documents and settings\yoshi 3\application data\mozilla\firefox\profiles\zqevl0lz.default\extensions\{4EF4CD41-B71C-6FA4-8F0D-C1E8FBC687D7}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8c10d8f000000000000001302e03ca9&q=
FF - user.js: extensions.BabylonToolbar.id - e8c10d8f000000000000001302e03ca9
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15584
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1218:23:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110795&tt=3512_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-2 744568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
S0 trxeya;trxeya;c:\windows\system32\drivers\rjcnb.sys --> c:\windows\system32\drivers\rjcnb.sys [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110920.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110920.001\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-2 136312]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110927.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110927.030\IDSxpx86.sys [?]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110927.033\NAVEX15.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-26 27064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-05-30 20:20:45    --------    d-----w-    c:\documents and settings\yoshi 3\application data\wabEventSupport16
.
==================== Find3M  ====================
.
2013-05-17 04:25:24    0    ----a-w-    c:\windows\system32\TempWmicBatchFile.bat
2013-05-15 20:08:52    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-15 20:08:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 17:10:34    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-19 17:10:29    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-19 17:10:29    143872    ----a-w-    c:\windows\system32\javacpl.cpl
.
============= FINISH: 16:12:56.65 ===============
 

 

Here is the Attach.txt

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2010 7:54:59 PM
System Uptime: 6/13/2013 9:23:28 PM (19 hours ago)
.
Motherboard: Dell Inc. |  |       
Processor: Genuine Intel® CPU           T2400  @ 1.83GHz | Microprocessor | 987/166mhz
Processor: Genuine Intel® CPU           T2400  @ 1.83GHz | Microprocessor | 987/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 28.293 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2493CD41354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2493CD41354FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP844: 5/2/2013 6:00:49 PM - System Checkpoint
RP845: 5/3/2013 6:57:00 PM - System Checkpoint
RP846: 5/4/2013 10:35:23 PM - System Checkpoint
RP847: 5/6/2013 11:48:35 AM - System Checkpoint
RP848: 5/7/2013 12:10:19 PM - System Checkpoint
RP849: 5/9/2013 12:35:47 AM - System Checkpoint
RP850: 5/10/2013 2:17:54 AM - System Checkpoint
RP851: 5/12/2013 6:08:22 PM - System Checkpoint
RP852: 5/13/2013 8:40:51 PM - System Checkpoint
RP853: 5/15/2013 1:49:23 AM - System Checkpoint
RP854: 5/16/2013 8:37:23 AM - System Checkpoint
RP855: 5/17/2013 10:50:27 AM - Removed Vegas Pro 10.0
RP856: 5/17/2013 1:56:49 PM - Revo Uninstaller Pro's restore point - Corel
RP857: 5/18/2013 1:59:16 PM - System Checkpoint
RP858: 5/19/2013 2:37:58 PM - System Checkpoint
RP859: 5/20/2013 3:13:00 PM - System Checkpoint
RP860: 5/21/2013 4:24:55 PM - System Checkpoint
RP861: 5/22/2013 5:09:49 PM - System Checkpoint
RP862: 5/23/2013 6:09:57 PM - System Checkpoint
RP863: 5/25/2013 1:42:58 AM - System Checkpoint
RP864: 5/26/2013 3:23:36 AM - System Checkpoint
RP865: 5/27/2013 4:21:03 AM - System Checkpoint
RP866: 5/28/2013 4:47:58 AM - System Checkpoint
RP867: 5/29/2013 5:08:36 AM - System Checkpoint
RP868: 5/30/2013 7:54:30 AM - System Checkpoint
RP869: 6/2/2013 4:05:36 AM - System Checkpoint
RP870: 6/3/2013 11:35:55 AM - System Checkpoint
RP871: 6/4/2013 12:00:37 PM - System Checkpoint
RP872: 6/5/2013 7:58:06 PM - System Checkpoint
RP873: 6/7/2013 5:00:19 PM - System Checkpoint
RP874: 6/8/2013 6:44:26 PM - System Checkpoint
RP875: 6/9/2013 8:03:45 PM - System Checkpoint
RP876: 6/10/2013 8:56:56 PM - System Checkpoint
RP877: 6/11/2013 9:50:17 PM - System Checkpoint
RP878: 6/13/2013 4:35:14 AM - System Checkpoint
RP879: 6/14/2013 4:44:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Akamai NetSession Interface
Alarm Clock v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
ConverterLite 1.5.0
DivX Setup
Free PDF Tablet 0.1
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Intel® PROSet/Wireless Software
iTunes
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 20
JavaFX 2.1.1
Lagarith lossless video codec (Remove Only)
Mal Updater 2.85
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
MediaBar
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIWA
mLogView
mMHouse
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVCRT Redists
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Norton AntiVirus
OpenOffice.org 3.2
Otto
PDF Settings CS5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.7
Security Update for Windows XP (KB912812)
SigmaTel Audio
Skype Toolbars
Skype™ 5.5
Sonic Encoders
SopCast 3.3.2
SUPERAntiSpyware
Update for Windows XP (KB932823-v3)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows XP Hotfix - KB839210
.
==== Event Viewer Messages From Past Week ========
.
6/9/2013 9:14:34 PM, error: MRxSmb [8003]  - The master browser has received a server announcement from the computer KELLISON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94E0739F-AE10-4E6D-. The master browser is stopping or an election is being forced.
6/9/2013 12:25:00 AM, error: Schedule [7901]  - The At25.job command failed to start due to the following error:  %%2147942402
6/9/2013 12:25:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
6/9/2013 11:25:02 AM, error: Service Control Manager [7000]  - The Upload Manager service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
6/8/2013 9:00:00 PM, error: Schedule [7901]  - The At46.job command failed to start due to the following error:  %%2147942402
6/8/2013 9:00:00 PM, error: Schedule [7901]  - The At22.job command failed to start due to the following error:  %%2147942402
6/8/2013 9:00:00 AM, error: Schedule [7901]  - The At34.job command failed to start due to the following error:  %%2147942402
6/8/2013 9:00:00 AM, error: Schedule [7901]  - The At10.job command failed to start due to the following error:  %%2147942402
6/8/2013 8:00:00 PM, error: Schedule [7901]  - The At45.job command failed to start due to the following error:  %%2147942402
6/8/2013 8:00:00 PM, error: Schedule [7901]  - The At21.job command failed to start due to the following error:  %%2147942402
6/8/2013 8:00:00 AM, error: Schedule [7901]  - The At9.job command failed to start due to the following error:  %%2147942402
6/8/2013 8:00:00 AM, error: Schedule [7901]  - The At33.job command failed to start due to the following error:  %%2147942402
6/8/2013 7:00:00 PM, error: Schedule [7901]  - The At44.job command failed to start due to the following error:  %%2147942402
6/8/2013 7:00:00 PM, error: Schedule [7901]  - The At20.job command failed to start due to the following error:  %%2147942402
6/8/2013 7:00:00 AM, error: Schedule [7901]  - The At8.job command failed to start due to the following error:  %%2147942402
6/8/2013 7:00:00 AM, error: Schedule [7901]  - The At32.job command failed to start due to the following error:  %%2147942402
6/8/2013 6:00:00 PM, error: Schedule [7901]  - The At43.job command failed to start due to the following error:  %%2147942402
6/8/2013 6:00:00 PM, error: Schedule [7901]  - The At19.job command failed to start due to the following error:  %%2147942402
6/8/2013 6:00:00 AM, error: Schedule [7901]  - The At7.job command failed to start due to the following error:  %%2147942402
6/8/2013 6:00:00 AM, error: Schedule [7901]  - The At31.job command failed to start due to the following error:  %%2147942402
6/8/2013 5:00:00 PM, error: Schedule [7901]  - The At42.job command failed to start due to the following error:  %%2147942402
6/8/2013 5:00:00 PM, error: Schedule [7901]  - The At18.job command failed to start due to the following error:  %%2147942402
6/8/2013 5:00:00 AM, error: Schedule [7901]  - The At6.job command failed to start due to the following error:  %%2147942402
6/8/2013 5:00:00 AM, error: Schedule [7901]  - The At30.job command failed to start due to the following error:  %%2147942402
6/8/2013 4:00:00 PM, error: Schedule [7901]  - The At41.job command failed to start due to the following error:  %%2147942402
6/8/2013 4:00:00 PM, error: Schedule [7901]  - The At17.job command failed to start due to the following error:  %%2147942402
6/8/2013 4:00:00 AM, error: Schedule [7901]  - The At5.job command failed to start due to the following error:  %%2147942402
6/8/2013 4:00:00 AM, error: Schedule [7901]  - The At29.job command failed to start due to the following error:  %%2147942402
6/8/2013 3:00:00 PM, error: Schedule [7901]  - The At40.job command failed to start due to the following error:  %%2147942402
6/8/2013 3:00:00 PM, error: Schedule [7901]  - The At16.job command failed to start due to the following error:  %%2147942402
6/8/2013 3:00:00 AM, error: Schedule [7901]  - The At4.job command failed to start due to the following error:  %%2147942402
6/8/2013 3:00:00 AM, error: Schedule [7901]  - The At28.job command failed to start due to the following error:  %%2147942402
6/8/2013 2:00:00 PM, error: Schedule [7901]  - The At39.job command failed to start due to the following error:  %%2147942402
6/8/2013 2:00:00 PM, error: Schedule [7901]  - The At15.job command failed to start due to the following error:  %%2147942402
6/8/2013 2:00:00 AM, error: Schedule [7901]  - The At3.job command failed to start due to the following error:  %%2147942402
6/8/2013 2:00:00 AM, error: Schedule [7901]  - The At27.job command failed to start due to the following error:  %%2147942402
6/8/2013 12:00:00 PM, error: Schedule [7901]  - The At37.job command failed to start due to the following error:  %%2147942402
6/8/2013 12:00:00 PM, error: Schedule [7901]  - The At13.job command failed to start due to the following error:  %%2147942402
6/8/2013 11:42:47 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/8/2013 11:01:48 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
6/8/2013 11:01:35 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/8/2013 11:00:00 PM, error: Schedule [7901]  - The At48.job command failed to start due to the following error:  %%2147942402
6/8/2013 11:00:00 PM, error: Schedule [7901]  - The At24.job command failed to start due to the following error:  %%2147942402
6/8/2013 11:00:00 AM, error: Schedule [7901]  - The At36.job command failed to start due to the following error:  %%2147942402
6/8/2013 11:00:00 AM, error: Schedule [7901]  - The At12.job command failed to start due to the following error:  %%2147942402
6/8/2013 10:00:00 PM, error: Schedule [7901]  - The At47.job command failed to start due to the following error:  %%2147942402
6/8/2013 10:00:00 PM, error: Schedule [7901]  - The At23.job command failed to start due to the following error:  %%2147942402
6/8/2013 10:00:00 AM, error: Schedule [7901]  - The At35.job command failed to start due to the following error:  %%2147942402
6/8/2013 10:00:00 AM, error: Schedule [7901]  - The At11.job command failed to start due to the following error:  %%2147942402
6/8/2013 1:54:38 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx86 SymIRON
6/8/2013 1:54:38 PM, error: Service Control Manager [7023]  - The Akamai NetSession Interface service terminated with the following error:  The specified module could not be found.
6/8/2013 1:00:00 PM, error: Schedule [7901]  - The At38.job command failed to start due to the following error:  %%2147942402
6/8/2013 1:00:00 PM, error: Schedule [7901]  - The At14.job command failed to start due to the following error:  %%2147942402
6/8/2013 1:00:00 AM, error: Schedule [7901]  - The At26.job command failed to start due to the following error:  %%2147942402
6/8/2013 1:00:00 AM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  %%2147942402
6/13/2013 9:24:35 PM, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302E03CA9.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/13/2013 9:24:26 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 001302E03CA9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/13/2013 2:00:40 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.3 for the Network Card with network address 001302E03CA9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/12/2013 3:34:03 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.5 for the Network Card with network address 001302E03CA9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 17 June 2013 - 10:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from one of these locations:
    Link 1
    Link 2
    IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#3 KingYoshi

KingYoshi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 22 June 2013 - 07:41 PM

Everything is fixed and running perfect now after running the programs prior to combo fix. Thanks for your help and since I'm getting a new laptop soon, I just need it to last another week ot two, so further assistance isn't necessary. I won't waste anymore of your time. Thanks again!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 23 June 2013 - 08:33 AM

Glad we could help.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 23 June 2013 - 08:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users