Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All access to the Internet is blocked on 1 computer - works fine on other


  • Please log in to reply
14 replies to this topic

#1 gatemediator

gatemediator

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 08 August 2013 - 06:33 PM

Hi,
 
On my desktop computer, all access to the internet is blocked except for one program. (Slavanap). people can log into me there, Also, it seems my windows firewall somehow got disabled.
It did not start that way though, At first, It seemed that I could just not use windows Explorer, everytime I would open it it would crash, but using google chrome, it worked fine. then slowly that stopped working as well, and I started using Mozilla firefox that i had on the computer and it worked ok till I rebooted. now nothing works except for that one program, slavanap.
 
I did a windows network diagnostics and everything passed except the DNS and HTTP, HTTPS, FTP connectivity. They all failed.
So it seems i have a DNS failure on all levels of the test. The HTTP part of th test fails on all levels as well. everything else passes
Under HTTP, HTTPS test,  I get an error 12007 "The address could not be resolved.
 
My laptop can access the internet, though without a problem via the same modem, so I am assuming that It is not the modem and it is not my service provider, but rather some kind of malware on the computer that changed settings and disabled my firewall. It is greyed out so it cannot be turned on. When I tried to turn it on another way it told me the firewall service was off and when it tried to turn it on it failed. It said it is controlled by group policy.  I checked group policy and I do not see anything that is disabled.
 
I lent my usb stick to someone and it seems to have gotten some kind of virus on it , but no scans I did picked anything up on it. I copied  a folder from my laptop on to it and it saved as a hidden folder and  now when I plug in the usb stick into the computer it shows up as a folder rather then a drive. It is when I clicked on it that all these problems started happening. It is when I first started having trouble with my internet. I tried rolling back , but it did not help. Most of the restore points dissapeared before I had a chance to reboot.
 
I wrote the last paragraph to give some background on the sequence on how it happened. I would have posted the diagnostic I performed but I am afraid to stick the usb sticks back in under current circumstances and end up infecting this computer as well. 
 
Any help and guidance on this would be greatly appreciated.

~moderator edit: Moved from XP to Am I Infected to explore the possibility of malware. Some malware will cause Windows firewall to become disabled. Queen-Evie~


Edited by Queen-Evie, 08 August 2013 - 07:26 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:47 AM

Posted 08 August 2013 - 09:14 PM

Welcome aboard p22002758.gif

 

 

NOTE 1. Use another working computer to download necessary tools and USB flash drive to transfer them to bad computer.

NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 09 August 2013 - 06:26 AM

I ran the scans. I could not update any of the malware and other programs because I do not have access to the internet on that computer. Malware Bytes reported that the database was 126 days old. The scan found nothing. I did however scan a few days ago with a diff version of malware bytes and had removed what was found then. i probably still have that log.

I used the Immunizer on the usb sticks. it succeded on one and failed on the other. The one where it succeeded, however now reports the drive as a floppy drive instead of a usb stick. The one that failed, when plugged in to windows 8, windows window shows up reporting something wrong with file system and suggests I run a scan to fix.

I am afraiid that even though the laptop is still functional and can access the internet, that the malware originated from it or one of the usb sticks which both were inserted and copied stuff before immunization.

Below are  the scans performed on the desktop;

 

Farbar Service Scanner Version: 04-08-2013
Ran by Crazy (administrator) on 09-08-2013 at 05:38:30
Running from "B:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[] - [] - 0000000 ____A (Microsoft Corporation) 
 
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.04.04.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Crazy :: CRAZY-WD3LEA4BI [administrator]
 
8/9/2013 5:48:02 AM
mbam-log-2013-08-09 (05-48-02).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271166
Time elapsed: 16 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

(malwarebytes scan performed on laptop below on BOTTOM of post)

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Crazy (administrator) on 09-08-2013 at 05:41:59
Running from "B:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
========================= Hosts content: =================================
 
 
 
 
 
 
 
 
65.75.216.6 www.winmx.com err.winmx.com
205.238.40.54 www.winmx.com err.winmx.com
65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
205.238.40.1 cache3.winmx.com test3204.winmx.com
205.238.40.2 cache4.winmx.com test3205.winmx.com
65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
82.43.229.238 test2.winmxgroup.net
205.238.40.1 test3.winmxgroup.net
205.238.40.2 test4.winmxgroup.net
65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/1000 CT Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=static addr=66.228.116.178 register=PRIMARY
add dns name="Local Area Connection" addr=66.228.116.179 index=2
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
Windows IP Configuration        Host Name . . . . . . . . . . . . : crazy-wd3lea4bi        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : domain.actdsltmpEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : domain.actdsltmp        Description . . . . . . . . . . . : Intel® PRO/1000 CT Network Connection        Physical Address. . . . . . . . . : 00-07-E9-50-B4-31        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.2        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 66.228.116.178                                            66.228.116.179        Lease Obtained. . . . . . . . . . : Thursday, August 08, 2013 8:21:50 AM        Lease Expires . . . . . . . . . . : Thursday, August 15, 2013 8:21:50 AMServer:  UnKnown
Address:  66.228.116.178
 
Ping request could not find host google.com. Please check the name and try again.Server:  UnKnown
Address:  66.228.116.178
 
Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=48Reply from 127.0.0.1: bytes=32 time<1ms TTL=48Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 07 e9 50 b4 31 ...... Intel® PRO/1000 CT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2  20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2  20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2  20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/09/2013 05:04:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 05:04:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 04:04:49 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 04:04:49 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 03:10:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 03:10:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 02:18:49 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 02:18:49 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 01:32:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/09/2013 01:32:55 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (08/09/2013 05:37:46 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:46 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:42 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:42 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:42 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:42 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
Error: (08/09/2013 05:37:38 AM) (Source: 0) (User: )
Description: \Device\CdRom1
 
 
Microsoft Office Sessions:
=========================
Error: (08/09/2013 05:04:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/09/2013 05:04:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/09/2013 04:04:49 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/09/2013 04:04:49 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/09/2013 03:10:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/09/2013 03:10:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/09/2013 02:18:49 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/09/2013 02:18:49 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/09/2013 01:32:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/09/2013 01:32:55 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
 
=========================== Installed Programs ============================
 
ABC Amber BlackBerry Converter
Acrobat.com (Version: 1.7.186)
Ad-Aware (Version: 7.1.0.7)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Premiere Pro (Version: 7.0)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
Ahnenblatt 2.62 (Version: 2.62.0.0)
Amazon Kindle For PC v1.0
Ancestral Quest 12.1 (Version: 12.01.0019)
Ancestral Quest Collaboration Support (Version: 1.10.0010)
Any Video Converter 3.5.8
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.1)
Avanquest update (Version: 1.30)
Belarc Advisor 8.1
BitTorrent 3.2.1
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36)
CA Yahoo! Anti-Spy (remove only)
CCleaner (Version: 4.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Contour Storyteller (Version: 3.4.2)
Convert VOB to AVI
Critical Update for Windows Media Player 11 (KB959772)
Crystal Office (Version: 1.25)
DC++ 0.691 (Version: 0.691)
DealPly (remove only) (Version: 4.8.6.1)
DiscWizard for Windows
Disk Investigator 1.5 (Version: 1.5)
Diskeeper Professional Edition (Version: 9.0.532)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 1.0.1.5)
DivX Version Checker (Version: 7.1.0.9)
DNS Shield
DoroTree-Viewer
Download Updater (AOL LLC)
Driver Robot 1.1.0.3
DVD Decrypter (Remove Only)
EasyRecovery Professional (Version: 6.00.09)
Emma Core (Version: 2.9.1229)
Eusing Free Registry Cleaner
FairUse Wizard 2 (Version: (v2.9))
FairUse Wizard 3D (Version: 1.0)
ffdshow (remove only)
FLAC 1.2.1b (remove only) (Version: 1.2.1b)
Fontboard Hebrew Keyboard
Free AVI MPEG WMV MP4 FLV Video Joiner 3.7.2.1
Free YouTube Downloader 3.5.136
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 7.1.1.1888)
Google Gmail Notifier
Google Talk (remove only)
Google Talk Plugin (Version: 4.2.1.14031)
Google Update Helper (Version: 1.3.21.153)
Google Video Player
GoToMeeting 5.3.0.977 (Version: 5.3.0.977)
gretl version 1.6.2
Gujarati data
IHA_MessageCenter (Version: 1.8.70)
Intel® Active Monitor
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 4
InterVideo WinDVD Creator (Version: 1.0.87.90)
InterVideo WinDVR
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Kies Air Discovery Service
Landlord Forms
LeaseWriter
Legacy 7.0 (Version: 7.0 )
Legacy Charting 7.0
ListMaker
LiveReg (Symantec Corporation) (Version: 2.2.0.1621)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
LogMeIn (Version: 4.0.680)
Macromedia Shockwave Player (Version: 10.1.0.11)
MagicDisc 2.7.106
magicJack (Version: 2.0.5703.3988)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Maxtor MaxBlast (Version: 10.0.5018)
MemTurbo
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliType Pro 2.2 (Version: 2.20.447.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Desktop Engine (Version: 8.00.761)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
mobile PhoneTools (Version: 3.11h 08/27/2004)
Motorola Device Manager (Version: 2.3.4)
Motorola Device Software Update (Version: 12.10.3002)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MXpie Patch for WinMX Network/WPNP 3.6.3.6 (Version: 3.6.3.6)
MyHeritage Family Tree Builder (Version: 6.0.0.5634)
MyPublisher
MySQL Server 5.1 (Version: 5.1.47)
Nero - Burning Rom (Version: 5.5.9)
No-IP.com DUC (remove only) (Version: v2.2.1)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia Suite (Version: 3.5.34.0)
Norton Spyware Scan (Version: 2.0.98.0)
Norton Spyware Scan provided by Yahoo!
NTI CD-Maker 2000 Standard
Olympus Digital Wave Player
OLYMPUS DSS Player-Lite
OpenOffice.org 2.2 (Version: 2.2.9134)
Palm Desktop by ACCESS (Version: 6.4.0.0)
PartitionMagic (Version: 8.00.000)
Pazera Free MP4 to AVI Converter 1.6 (Version: 1.6)
PC Connectivity Solution (Version: 12.0.32.0)
PDF-XChange 3
Personal Financial Statement (Version: 2.0)
PlayerLiteHJ 1.0.2.2.LHJ (Version: 1.0.2.2.LHJ)
PowerDVD
PowerQuest PartitionMagic 8.0 (Version: 8.00.000)
QuickTime (Version: 7.71.80.42)
Real Estate Success Software (Version: 2.0.11)
RealPlayer
ResumeMaker
Riva FLV Encoder 2.0 (Version: 2.00.0004)
Rosetta Stone Version 3 (Version: 3.3.5.2)
Samsung Kies (Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0)
SANYO USB Modem SY06 Software
SC UniPad 1.20 (Version: 1.20)
Security Task Manager 1.8g (Version: 1.8g)
Segoe UI (Version: 14.0.4327.805)
SEMC OMSI Module (Version: 2.9.12.29)
SHOUTcast Source DSP 1.8.2 (remove only)
Simple Internet Tools (Version: 1.0.0)
Simple Port Forwarding (Version: 3.5.0)
SLD CODEC PACK 1.5.3
Social Privacy
Sonic Focus (Version: 1.00.0000)
Sony Ericsson PC Suite 6.012.00 (Version: 6.012.00)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Stellar Phoenix Photo Recovery (Version: 5.0.0.0)
Stock and Watson data and scripts for gretl
Subtitle Workshop 2.51
swMSM (Version: 12.0.0.1)
The Keppra® Interactive Seizure Diary (Version: 1.0.0)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009 (Version: 2.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB894391) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Service (Version: 2.9.11.10)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Video Viewer (Version: 0.1.7.8)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VLC media player 2.0.2 (Version: 2.0.2)
Vz In Home Agent (Version: 8.03.66)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.551 )
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinWay Resume Deluxe (Version: 12.00.019)
X-12-ARIMA version 0.2.10
XnView 1.82.4 (Version: 1.82.4)
Xvid 1.2.1 final uninstall (Version: 1.2)
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
YTD Video Downloader 3.9.4
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 15%
Total physical RAM: 3054.73 MB
Available physical RAM: 2570.78 MB
Total Pagefile: 4410.49 MB
Available Pagefile: 3999.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.71 MB
 
========================= Partitions: =====================================
 
2 Drive b: (4GB-STICK) (Removable) (Total:3.84 GB) (Free:1.75 GB) FAT32
3 Drive c: (WD250GB-System) (Fixed) (Total:232.88 GB) (Free:8.29 GB) NTFS
7 Drive q: (WD250GB HD2) (Fixed) (Total:232.88 GB) (Free:1.53 GB) NTFS
8 Drive r: (WD180GB HD1) (Fixed) (Total:167.63 GB) (Free:0.11 GB) FAT32
9 Drive s: (300Seagate-1) (Fixed) (Total:279.46 GB) (Free:0.1 GB) NTFS
10 Drive v: (WD180GB HD2) (Fixed) (Total:167.68 GB) (Free:0.08 GB) NTFS
11 Drive y: (Maxtor-SATA-500GB-1) (Fixed) (Total:465.76 GB) (Free:0.08 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CRAZY-WD3LEA4BI
 
Administrator            ASPNET                   Crazy                    
Guest                    HelpAssistant            LogMeInRemoteUser        
SUPPORT_388945a0         
 
 
**** End of log ****
 
Rkill 2.6.0 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/09/2013 07:00:19 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe (PID: 3452) [FI]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
  65.75.216.6 www.winmx.com err.winmx.com
  205.238.40.54 www.winmx.com err.winmx.com
  65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
  65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
  82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
  205.238.40.1 cache3.winmx.com test3204.winmx.com
  205.238.40.2 cache4.winmx.com test3205.winmx.com
  65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
  65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
  65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
  65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
  65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
  65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
  82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
  82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
  205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
  205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
  65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
  65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
 
  20 out of 40 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 08/09/2013 07:01:52 AM
Execution time: 0 hours(s), 1 minute(s), and 32 seconds(s)
 

 

 

Laptop malware scan;

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.09.02
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Primary :: MOBILE-PC [administrator]
 
Protection: Enabled
 
8/9/2013 6:14:58 AM
MBAM-log-2013-08-09 (06-33-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215971
Time elapsed: 8 minute(s), 28 second(s)
 
Memory Processes Detected: 2
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1304 -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (PUP.Optional.DriverScanner.A) -> 3236 -> No action taken.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 (PUP.Optional.DriverScanner.A) -> No action taken.
 
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 38
C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\br (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\br\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\de (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\de\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\dk (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\dk\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\en (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\en\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\es (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\es\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fi (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fi\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fr (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fr\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\it (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\it\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\jp (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\jp\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\nl (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\nl\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\no (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\no\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\ru (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\ru\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\se (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\se\LC_MESSAGES (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\x64 (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Users\Primary\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Primary\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> No action taken.
 
Files Detected: 77
C:\Users\Primary\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Primary\AppData\Local\Temp\CT3289075\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\intermediate_views.dat (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\cwebpage.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\DriverInstaller32.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\dsnotifier.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\ds_move_serial.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\InstallerExtensions.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\Launcher.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\library.dat (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\Microsoft.VC90.CRT.manifest (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\msvcp90.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\msvcr90.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\unins000.dat (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\unins000.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\unins000.msg (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\UninstallHelper.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\views.dat (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\br\br.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\br\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\de\de.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\de\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\dk\dk.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\dk\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\en\en.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\en\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\es\es.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\es\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fi\fi.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fi\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fr\fr.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\fr\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\it\it.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\it\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\jp\jp.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\jp\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\nl\nl.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\nl\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\no\no.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\no\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\ru\ru.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\ru\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\se\se.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\locale\se\LC_MESSAGES\messages.mo (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\x64\DriverInstaller64.exe (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\x64\Microsoft.VC90.CRT.manifest (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\x64\msvcp90.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Program Files (x86)\Uniblue\DriverScanner\x64\msvcr90.dll (PUP.Optional.DriverScanner.A) -> No action taken.
C:\Users\Primary\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> No action taken.
 
(end)


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:47 AM

Posted 09 August 2013 - 10:58 AM

p22002970.gif I still need Security Check and MBAR logs.

 

p22002970.gif Your MBAM log says "No action taken".

Re-run MBAM, fix all issues and post new log.

 

p22002970.gif Your "hosts" file has been hijacked.

Restart computer in Safe Mode.
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.
Delete hosts file.
NOTE (Windows Vista and later only). If you can't delete "hosts" file (access denied) take ownership of "ETC" folder first and then try again: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/

Restart in normal mode.
Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Re-run MiniToolbox.

Checkmark following boxes:

  • List content of Hosts

Click Go and post the result.
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 09 August 2013 - 08:13 PM

You reviewed the wrong MBAM log. As I wrote in the post, the MBAM log on the bottom (where action was not taken) was from my laptop which works currently. I did not clear it because I wanted to show you what it found.  Higher up however is the MBAM log from the desktop, It found nothing. This is of course after I had done it a few days earlier before I posted my problem here.

I will repost what I posted earlier.

I tried to do a Security Check scan, but it just sits there on "Collecting Information" and seems to go no further. I left it for over 2 hours. I sthere something I need to do to be able to run it?

www.malwarebytes.org
 
Database version: v2013.04.04.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Crazy :: CRAZY-WD3LEA4BI [administrator]
 
8/9/2013 5:48:02 AM
mbam-log-2013-08-09 (05-48-02).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271166
Time elapsed: 16 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:47 AM

Posted 09 August 2013 - 08:41 PM

Skip Security Check.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 02:21 AM

The host file has been like that for over 5 years. It cannot be what is blocking my access to the internet. It was edited to allow a redirect and access to new winmx servers. 

Is there something else now written in there other then the winmx server redirect that is blocking access?

However, even if that were the problem, I also cannot use the internet to replace host file  because I do not have internet access yet on that computer. I would have to get it from elsewhere and manually put it in.



#8 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 02:55 AM

I redid the malwarebytes scan in safe-mode and it found things it did not find before.

Here is the log...

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.04.04.07
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 7.0.5730.13
Crazy :: CRAZY-WD3LEA4BI [administrator]
 
8/10/2013 3:28:46 AM
mbam-log-2013-08-10 (03-28-46).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269845
Time elapsed: 22 minute(s), 50 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher (Trojan.Agent) -> Data: C:\Documents and Settings\Crazy\Application Data\Microsoft\services556.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe Reader Speed Launcher (Trojan.Agent) -> Data: C:\Documents and Settings\Crazy\Application Data\Microsoft\services556.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Documents and Settings\Crazy\Application Data\Microsoft\services456.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Crazy\Application Data\Microsoft\services556.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)


#9 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 03:26 AM

When I try to open Windows Firewall in safe mode, (It is grayed out in normal mode)i get a message that says Windows Firewall settings cannot be dispayed because the associated service is not running. Do you want to start Windows Firewall/Internet connection Sharing (ICS) service?

I click yes and I get a message that says Windows cannot start the windows firewall/internet connection sharing (ICS) service.

how can i fix this?



#10 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 04:04 AM

I tried to use the MicrosoftFixit50562.msi file which is supposed to be able to fix Internet connection sharing services. When I tried to run it on the infected computer I got the error message under Windows Installer that "The System Administrator has set policies to prevent this installation"



#11 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 04:42 AM

By copying microsoft ecurity essentials from one computer to the other I was able to install it but not run it. It will not allow me to run it because tit is out of date.

It did however fix the problem with the security check and now when i ran it it worked. Here is the results below.

 

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Microsoft Security Essentials   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 CA Yahoo! Anti-Spy (remove only) 
 Norton Spyware Scan provided by Yahoo! 
 Norton Spyware Scan   
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Eusing Free Registry Cleaner  
 Java™ 6 Update 35  
 Java 7 Update 25  
 Java™ SE Runtime Environment 6 
 Java™ SE Runtime Environment 6 Update 1 
 Java™ 6 Update 2  
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.168  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#12 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 05:42 PM

I ixed the Internet problem on the computer. What it turned out to be was something had gone into my internet settings and changed it from obtain IP adress Automatcally to 192.168.0.1 and 255.255.255.0 and changed my DNS from obtain automatically to 66.228.116.178 and 179. once I put it bck to obtain automatically, my internet service came back. I still am  working on getting back my windows firewall



#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:47 AM

Posted 10 August 2013 - 06:57 PM

The host file has been like that for over 5 years.

Your "hosts" file is bad and you had to follow my instructions to fix it.

Most likely it was causing DNS redirection.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 gatemediator

gatemediator
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 10 August 2013 - 10:24 PM

I happen to have had 2 backups of that hostfile from over 5 years ago, last edited/updated and backed up 3/22/2009 (renamed to .old  in same location) and I went through it line by line. it was identitical. I put back the hosts file and the system now works great. Thank you though.

 

I now fixed the firewall issue as well. using the instructions from http://windowsxp.mvps.org/resetfwpol.htm

The option of deleting the registry branch of the windows firewall and rebooting fixed that problem. Once it rebooted, The windows firewall was fully functional again

 

Thank you for your input. I know that the hosts file is altered. It was altered deliberately by me. and it was done over 5 years ago. never had issues due to it.

Resolution Method 1: For Windows XP Home and Professional Editions
  1. Click Start, Run and type Regedit.exe
  2. Navigate to the following location:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ WindowsFirewall

  1. Backup the key and then delete the WindowsFirewall branch.
  2. Close Regedit.exe and restart Windows.

The only thing I have left to fix is my usb sticks which in my humble observation was the root of the trouble, Something there isnt right. It has hidden folders and reports incorrectly.  



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:47 AM

Posted 10 August 2013 - 10:28 PM

Did you try to format them?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users