Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I'm infected, but virus/malware scans not finding anything


  • This topic is locked This topic is locked
7 replies to this topic

#1 cmh123

cmh123

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 July 2013 - 03:53 PM

Hi, I've been having some problems with my computer ever since I got some alerts from Norton internet security that intrusion attempts had been made.

 

For example when I go to the hotmail log in page in IE8 there is just a blank white screen, and youtube videos just show as a black box. Other web sites have similar problems. My broadband speed has also become very slow, at only 0.19 mbps when it should be at least 2 mbps (although this might not be related, could be a separate fault on the phone line). I have also noticed that software I've installed recently is not listed in the add/remove programs list in the control panel, so I can't uninstall it.

 

I have Norton internet security running with live update, I have Spywareblaster installed, and I have run scans with AdAware, Malwarebytes Anti-Malware, Super Antispyware, Windows Defender, and online virus scanners from Panda, trend micro housecall, ESET, Kaspersky and probably some others I've forgotten now!

 

None of the scans have found anything except some tracking cookies, so what can I do now? Should I do a Hijack this log or some other advanced stuff? Could someone guide me through what to do?

 

The computer is an old desktop with Intel pentium 4 3.06Ghz CPU, 512mb RAM and Windows XP with SP3. 

 

Thanks for your help  :)



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 30 July 2013 - 03:23 AM

Did you tried TDSSKiller?

 

:step1: Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 cmh123

cmh123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 30 July 2013 - 10:16 AM

Thanks very much for your reply :)

 

I've followed your instructions and run a scan with TDSSKiller, it didn't find anything. I've also downloaded GMER and Malwarebytes Anti-rootkit, and they also didn't find any problems.

 

What shall I do now?



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 PM

Posted 31 July 2013 - 02:58 AM

I have looked back and see you have  512mb RAM. My opinion is that it's too low.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:28 PM

Posted 31 July 2013 - 03:16 AM

I have looked back and see you have  512mb RAM. My opinion is that it's too low.

This is an old XP and many of them (including one of mine) operates with 512 mb RAM -

Many of these computers were produced and still run very well ...............

 

cmh123 - Please click on Follow This Topic at the top Right side and select "Instantly" so you do not lose track of it.

 

Hello cmh123 -

Please follow these directions -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
 

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Can you list your Make and Model of computer (if known)

Please post a snapshot with Speccy for more system details -

How to Publish a snapshot with Speccy <<-- Full Directions Here

 

 

Thank You -

EDITED to fix link -


Edited by noknojon, 31 July 2013 - 03:27 AM.


#6 cmh123

cmh123
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 31 July 2013 - 12:00 PM

Hi thanks for your replies.

 

Godfatherking - I know it's an old PC with low RAM, but I think it has plenty for just browsing the internet, using word, excel etc, and was working fine until these intrusion attacks I had.

 

noknojon - thanks for the instructions, here are the results:

 

Security Check's checkup.txt -

Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
Windows Defender
Windows Defender Signatures
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

 

 

MiniToolBox Result.txt -

MiniToolBox by Farbar Version: 13-07-2013
Ran by CATH (administrator) on 31-07-2013 at 17:33:39
Running from "C:\Documents and Settings\CATH\Local Settings\Application Data\Opera\Opera\temporary_downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : BOB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-AB-25-67

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 31 July 2013 13:24:09

Lease Expires . . . . . . . . . . : 01 August 2013 13:24:09

Server: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.34.78, 173.194.34.70, 173.194.34.71, 173.194.34.69
173.194.34.66, 173.194.34.73, 173.194.34.72, 173.194.34.64, 173.194.34.65
173.194.34.68, 173.194.34.67



Pinging google.com [173.194.41.110] with 32 bytes of data:



Reply from 173.194.41.110: bytes=32 time=34ms TTL=55

Reply from 173.194.41.110: bytes=32 time=34ms TTL=55



Ping statistics for 173.194.41.110:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 34ms, Average = 34ms

Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=144ms TTL=46

Reply from 98.139.183.24: bytes=32 time=147ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 144ms, Maximum = 147ms, Average = 145ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 ab 25 67 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2013 01:24:29 PM) (Source: WinDefendRtp) (User: )
Description: %BOB27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: BOB\CATH

Checkpoint ID: 1

Error Code: 0x8000ffff

Error description: Catastrophic failure

Error: (07/31/2013 01:24:29 PM) (Source: WinDefendRtp) (User: )
Description: %BOB27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: BOB\CATH

Checkpoint ID: 1

Error Code: 0x80070005

Error description: Access is denied.

Error: (07/31/2013 09:20:34 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error: The remote procedure call failed. (Exception from HRESULT: 0x800706BE).

Error: (07/31/2013 09:19:24 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application mscorsvw.exe, version 4.0.30319.1, stamp 4ba1da21, faulting module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address 0x00065c76.

Error: (07/31/2013 09:18:47 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error (7A0BCA72) (80131506)

Error: (07/31/2013 09:12:18 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error: The remote procedure call failed. (Exception from HRESULT: 0x800706BE).

Error: (07/31/2013 09:10:29 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application mscorsvw.exe, version 4.0.30319.1, stamp 4ba1da21, faulting module mscorwks.dll, version 2.0.50727.3643, stamp 50405371, debug? 0, fault address 0x00065c76.

Error: (07/31/2013 09:10:00 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error (7A0BCA72) (80131506)

Error: (07/31/2013 08:54:47 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/31/2013 08:53:17 AM) (Source: WinDefendRtp) (User: )
Description: %BOB27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: BOB\DAD

Checkpoint ID: 1

Error Code: 0x8000ffff

Error description: Catastrophic failure


System errors:
=============
Error: (07/30/2013 06:54:31 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/30/2013 06:54:31 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (07/30/2013 06:54:23 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.2 for the Network Card with network address 000CF1AB2567 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/30/2013 06:49:05 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:44:12 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:42:25 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:41:10 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:40:30 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:39:25 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (07/30/2013 06:38:47 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (07/31/2013 01:24:29 PM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.010x8000ffffCatastrophic failure BOBCATHS-1-5-21-219891298-4146164796-1619085467-1021

Error: (07/31/2013 01:24:29 PM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.010x80070005Access is denied. BOBCATHS-1-5-21-219891298-4146164796-1619085467-1021

Error: (07/31/2013 09:20:34 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error: The remote procedure call failed. (Exception from HRESULT: 0x800706BE).
WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/31/2013 09:19:24 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: mscorsvw.exe4.0.30319.14ba1da21mscorwks.dll2.0.50727.364350405371000065c76

Error: (07/31/2013 09:18:47 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error (7A0BCA72) (80131506)

Error: (07/31/2013 09:12:18 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error: The remote procedure call failed. (Exception from HRESULT: 0x800706BE).
System.Printing, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (07/31/2013 09:10:29 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: mscorsvw.exe4.0.30319.14ba1da21mscorwks.dll2.0.50727.364350405371000065c76

Error: (07/31/2013 09:10:00 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3643 - Fatal Execution Engine Error (7A0BCA72) (80131506)

Error: (07/31/2013 08:54:47 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (07/31/2013 08:53:17 AM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.010x8000ffffCatastrophic failure BOBDADS-1-5-21-219891298-4146164796-1619085467-1007


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
ABBYY FineReader 5.0 Sprint Plus (Version: 5.0.0.3501)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
AVEO USB2.0 PC Camera(U2HGCV3P31048) (Version: 2.0.0.5)
B109a-m (Version: 140.0.690.000)
BufferChm (Version: 140.0.212.000)
Cartes du Ciel V3.6
CCleaner (Version: 3.25)
Classic PhoneTools (Version: 4.20)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
DAO (Version: 3.50)
Defraggler (Version: 2.06)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Digital Line Detect (Version: 1.10)
DiMAGE Viewer
DVDSentry (Version: 1.00.0000)
EPSON Copy Utility 3 (Version: 3.0.2.0)
EPSON Scan
EPSON Smart Panel
ESET Online Scanner v3
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit Reader (Version: 6.0.5.618)
GPBaseService2 (Version: 140.0.211.000)
Help and Support Customization (Version: 1.00.0000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.212.000)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.6.0)
JavaFX 2.1.1 (Version: 2.1.1)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Lizardtech DjVu Control (autoinstall)
Logitech Vid (Version: 1.00.1062)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Modem Helper (Version: 2.24)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Nero InCD (Version: 6.6.5100)
NetWaiting (Version: 2.5.8)
Norton Internet Security (Version: 20.4.0.40)
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
Opera 12.16 (Version: 12.16.1860)
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
PERF4180P Reference Guide
PHOTOfunSTUDIO 8.1 PE (Version: 8.01.710)
Photomizer (Version: 1.0.10.1236)
PowerDVD
PS_AIO_06_B109a-m_SW_Min (Version: 140.0.690.000)
QuickTransfer (Version: 140.0.98.000)
RealPlayer Basic
Recuva (Version: 1.44)
Scan (Version: 140.0.80.000)
ScanToWeb
Shockwave
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Skype™ 5.10 (Version: 5.10.116)
SolutionCenter (Version: 140.0.213.000)
SpO2 V1.2
SpywareBlaster 5.0 (Version: 5.0.0)
Status (Version: 140.0.212.000)
SUPERAntiSpyware (Version: 5.6.1014)
Symantec Technical Support Web Controls (Version: 1.0.0)
System Requirements Lab
TAO Image Transfer 4.5 (Version: 1.00.0000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 140.0.212.017)
Windows Defender (Version: 1.1.1593.0)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0) (Version: 08/08/2006 1.4.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 509.98 MB
Available physical RAM: 98.83 MB
Total Pagefile: 1247.22 MB
Available Pagefile: 487.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.89 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:111.71 GB) (Free:71.59 GB) NTFS

========================= Users: ========================================

User accounts for \\BOB

Administrator ASPNET CATH
DAD Guest HelpAssistant
MUM SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini073013-01.dmp

**** End of log ****

 

 

Speccy snapshot -

http://speccy.piriform.com/results/GGAjZZEk6KifqDqD3yVr2vQ

 

 

The computer is a Dell Dimension 4600 desktop.

 

Before you replied yesterday I posted a DDS log to the malware removal logs section of the forum, if that is any help.

 

Thanks very much for your help :)



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:28 PM

Posted 31 July 2013 - 06:31 PM

Before you replied yesterday I posted a DDS log to the malware removal logs section of the forum, if that is any help.
Hi -

Please do not take this in any personal way but ..........
As you have already posted to the Virus, Malware Removal Logs area, I am not able to give a reply to this topic.
You will find that this particular thread will be locked since that area over-rides other areas of the forum.
We are not able to reply in both areas in case we give you conflicting responses to the problem.
Please follow that post, and this may be reopened after you finish there.

 

Very sorry, but those are the rules of operations here.
Good luck and please be patient since the area can get very busy at times -

 

Regards -



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:28 AM

Posted 31 July 2013 - 06:52 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 2 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users