Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"can't stop a redirect"


  • This topic is locked This topic is locked
60 replies to this topic

#1 Robazi

Robazi

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 14 August 2013 - 05:32 PM

Tried to stop a redirect with the help from Global Moderator on July 29th 2013.

 

After two weeks, he could not help me get rid of them, so he recommended I post again for more help.

 

Original posting here:

http://www.bleepingcomputer.com/forums/t/502696/redirect-infected-computer/

 

thanks,

Rob



BC AdBot (Login to Remove)

 


#2 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 16 August 2013 - 11:49 AM

Also, the redirects are back as was before.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 17 August 2013 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

Let me know what problem persists.

#4 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 17 August 2013 - 02:24 PM

!!!!REDIRECTS HAVE STOPPED!!!!  (so far.....I'll keep tabs)

 

 

!!!!!!!THANK YOU NASDAQ!!!!!!!!

 

 

 

====================================================

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2006 2:36:05 PM
System Uptime: 8/17/2013 8:06:40 AM (0 hours ago)
.
Motherboard: IBM |  | 2379RHU
Processor:         Intel® Pentium® M processor 1.80GHz | None | 1798/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 28.906 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/7/2013 5:26:18 PM - System Checkpoint
RP2: 8/9/2013 4:34:33 PM - System Checkpoint
RP3: 8/11/2013 10:05:43 AM - System Checkpoint
RP4: 8/13/2013 9:57:35 AM - System Checkpoint
RP5: 8/14/2013 2:32:50 PM - System Checkpoint
RP6: 8/16/2013 8:42:51 AM - Installed AVG PC TuneUp
RP7: 8/16/2013 8:43:04 AM - Removed AVG PC TuneUp Language Pack (en-US)
.
==== Installed Programs ======================
.
3600_Help
7-Zip 9.21
Access IBM
Access IBM Message Center
Access IBM Tools
Adobe Acrobat 5.0
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Agere Systems AC'97 Modem
alm
Amazon Kindle
ASPCA Reminder by We-Care.com v4.1.19.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
Atmel TPM Driver Installer 3.0.3.15
AVG 2013
AVG PC TuneUp Language Pack (en-US)
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Fax
GeigerGraph Demo
GNU Aspell 0.50-3
Hallmark Smilebox
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB943232)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HPProductAssistant
IBM Access Connections
IBM Access Support - Local Content Pack
IBM Rapid Restore PC
IBM Rapid Restore PC Setup
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 31
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 6 Ultra Edition
Opera 11.10
PC-Doctor for Windows
Power Management
PowerDVD
Revo Uninstaller 1.95
SanDiskSecureAccess_Manager.exe
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Status
TClockEx
ThinkPad FullScreen Magnifier
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkPad Software Installer
Toolbox
TPNala Wallpaper
TrayApp
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Mail
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
8/10/2013 8:14:52 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
8/10/2013 8:14:52 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
8/10/2013 8:13:23 AM, error: Service Control Manager [7024]  - The Java Quick Starter service terminated with service-specific error 1 (0x1).
8/10/2013 8:13:23 AM, error: Service Control Manager [7023]  - The Pml Driver HPZ12 service terminated with the following error:  The specified module could not be found.
8/10/2013 8:13:23 AM, error: Service Control Manager [7023]  - The Net Driver HPZ12 service terminated with the following error:  The specified module could not be found.
8/10/2013 8:13:23 AM, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  The authentication service is unknown.
8/10/2013 8:13:23 AM, error: Service Control Manager [7000]  - The Upload Manager service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
.
==== End Of File ===========================
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Customer at 8:27:58 on 2013-08-17
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1535.736 [GMT -10:00]
.
AV: Bitdefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG AntiVirus Free Edition 2013 *Enab1-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\xpoint\agent\Xpagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hopsurf.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163637515612
DPF: {74FFE28D-2378-11D5-990C-006094235084} - file:///C:/Program%20Files/Support.com/bin/IBMAccessSupport/common/install/ibmegath.cab
DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6F73A1F6-16BD-42C3-BA20-F7DFD6C9E0CB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9D96D761-E356-4ECB-83C4-07F534B4F8D3} : DHCPNameServer = 206.141.192.60 206.141.193.55
Notify: AtiExtEvent - Ati2evxx.dll
Notify: dimsntfy - <no file>
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages =  psqlpwd scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\customer\application data\mozilla\firefox\profiles\reonbw06.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-5 24408]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-11-14 15360]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [2008-9-15 29788]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;"c:\program files\realnetworks\realdownloader\rndlresolversvc.exe" --> c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [1979-12-31 14336]
.
=============== Created Last 30 ================
.
2013-08-14 21:11:11    --------    d-----w-    c:\documents and settings\customer\local settings\application data\Amazon
2013-08-14 21:10:49    --------    d-----w-    c:\program files\Amazon
2013-08-03 22:32:04    --------    d-----w-    c:\documents and settings\customer\application data\AVG
2013-08-03 22:30:23    --------    d-----w-    c:\documents and settings\all users\application data\AVG
2013-08-03 22:30:00    --------    d-sh--w-    c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-03 22:11:48    --------    d-----w-    c:\documents and settings\customer\application data\AVG2013
2013-08-03 22:09:29    --------    dc-h--w-    C:\$AVG
2013-08-03 22:09:28    --------    d-----w-    c:\documents and settings\all users\application data\AVG2013
2013-08-03 22:08:25    --------    d-----w-    c:\program files\AVG
2013-08-02 21:03:15    77824    ----a-w-    c:\windows\system32\TBDC6.tmp
2013-08-02 21:03:15    499712    ----a-w-    c:\windows\system32\TBDC7.tmp
2013-08-02 21:03:15    348160    ----a-w-    c:\windows\system32\TBDC8.tmp
2013-08-02 21:03:15    1060864    ----a-w-    c:\windows\system32\TBDC9.tmp
2013-08-02 21:02:39    --------    d-----w-    c:\documents and settings\customer\application data\Bitdefender
2013-08-02 20:44:11    73728    ----a-w-    c:\windows\system32\TBD81.tmp
2013-08-02 20:44:08    77824    ----a-w-    c:\windows\system32\TBD7D.tmp
2013-08-02 20:44:08    499712    ----a-w-    c:\windows\system32\TBD7E.tmp
2013-08-02 20:44:08    348160    ----a-w-    c:\windows\system32\TBD7F.tmp
2013-08-02 20:44:08    1060864    ----a-w-    c:\windows\system32\TBD80.tmp
2013-08-02 19:54:59    --------    d-----w-    c:\program files\Softwin
2013-08-02 19:53:08    --------    d-----w-    c:\program files\common files\Softwin
2013-08-02 19:10:45    --------    d-----w-    c:\documents and settings\customer\application data\QuickScan
2013-08-01 20:39:34    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-08-01 20:39:34    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-08-01 20:34:00    --------    d-----w-    c:\documents and settings\customer\local settings\application data\Wajam
2013-08-01 20:34:00    --------    d-----w-    c:\documents and settings\customer\local settings\application data\PackageAware
2013-08-01 20:34:00    --------    d-----w-    c:\documents and settings\customer\local settings\application data\Coupon Companion
2013-08-01 20:34:00    --------    d-----w-    c:\documents and settings\customer\application data\DriverCure
2013-08-01 20:34:00    --------    d-----w-    c:\documents and settings\all users\application data\WeCareReminder
2013-08-01 20:32:48    --------    d-----w-    c:\documents and settings\customer\local settings\application data\DownloadTerms
2013-07-31 05:43:31    --------    d-----w-    c:\windows\ERUNT
2013-07-31 05:30:31    --------    d-----w-    c:\program files\common files\Java(2)
2013-07-31 05:29:53    --------    d-----w-    c:\program files\Java(2)
2013-07-30 04:59:29    --------    d-----w-    c:\program files\ESET
2013-07-20 11:51:00    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 11:50:56    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 11:50:56    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 11:50:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
.
==================== Find3M  ====================
.
2013-08-02 20:28:07    81984    -c--a-w-    c:\windows\system32\bdod.bin
2013-07-10 11:32:40    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-06-14 15:19:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-14 15:19:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-11 01:51:16    10285040    ----a-w-    C:\mbam-setup-1.75.0.1300.exe
2013-06-10 07:37:53    6696960    ----a-w-    C:\Glary_Utilities_v2.56.0.1822.exe
2012-02-21 23:05:12    27311232    -c--a-w-    c:\program files\RunSanDiskSecureAccess-Win.exe
2012-02-15 20:31:42    27565984    -c--a-w-    c:\program files\TuneUpUtilities2012_en-US.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8AC8CAB8]
3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000088[0x8AC429E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8AD13940]
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV ES, AX; MOV DS, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REP MOVSW ; MOV AX, 0x6df; PUSH AX; RET ; ADD [BX], CL; ADD [BX+DI], AL; OR AL, [DI+0x72]; JB 0x95; JB 0x48;  }
user != kernel MBR !!!
.
============= FINISH:  8:28:48.90 ===============
 

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Customer [Admin rights]
Mode : Remove -- Date : 08/17/2013 08:54:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVE-00WZT0 +++++
--- User ---
[MBR] f70c42a78fe933dcd4a8eb17f7c0e92d
[BSP] f6998472cb3825347084f49961ff4d7c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08172013_085449.txt >>
RKreport[0]_S_08172013_085136.txt


 

====================================

 

 

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Customer [Admin rights]
Mode : Scan -- Date : 08/17/2013 08:51:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVE-00WZT0 +++++
--- User ---
[MBR] f70c42a78fe933dcd4a8eb17f7c0e92d
[BSP] f6998472cb3825347084f49961ff4d7c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08172013_085136.txt >>



 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 18 August 2013 - 08:07 AM


Good news. Let continue with these scans.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

#6 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 18 August 2013 - 02:27 PM

Bitdefender/avast! -> 'ComboFix 'Warning!! shows the two as active' - EVEN THOUGH I USED REVO UNINSTALLER TO RID both many months ago.  
>[Just now I removed both to recycle bin and deleted them from the bin]<

----------------

2ND WARNING:
[The above real time scanner(s) are still active but ComboFix shall continue to run.  Kindly note that this is at your own risk [OK]
 
I DELETED BOTH FROM HERE:
(C:\Program Files\AVAST Software\Avast
 (C:\Documents Settings\Customer\Application Data]
**************************

I can still disable AVG no problem.

(BTW last night some more Redirects appeared)



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 19 August 2013 - 08:35 AM

Can you post the ComboFix log.

Run the tool and ignore the warning.

#8 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 19 August 2013 - 01:50 PM

ComboFix 13-08-19.02 - Customer 08/19/2013   8:31.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1535.369 [GMT -10:00]
Running from: c:\documents and settings\Customer\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Bitdefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Customer\Application Data\bytewdownload
c:\documents and settings\Customer\Application Data\bytewdownload\clock_pro_installer.exe
c:\documents and settings\Customer\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\TuneUpUtilities2012_en-US.exe
c:\windows\EventSystem.log
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET1F.tmp
c:\windows\system32\TBD7D.tmp
c:\windows\system32\TBD7E.tmp
c:\windows\system32\TBD7F.tmp
c:\windows\system32\TBD80.tmp
c:\windows\system32\TBD81.tmp
c:\windows\system32\TBDC6.tmp
c:\windows\system32\TBDC7.tmp
c:\windows\system32\TBDC8.tmp
c:\windows\system32\TBDC9.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-19 to 2013-08-19  )))))))))))))))))))))))))))))))
.
.
2013-08-14 21:11 . 2013-08-14 21:11    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Amazon
2013-08-14 21:10 . 2013-08-14 21:11    --------    d-----w-    c:\program files\Amazon
2013-08-06 22:43 . 2013-08-06 22:43    --------    d-----w-    c:\documents and settings\LocalService\Application Data\AVG
2013-08-03 22:32 . 2013-08-03 22:32    --------    d-----w-    c:\documents and settings\Customer\Application Data\AVG
2013-08-03 22:30 . 2013-08-03 22:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG
2013-08-03 22:30 . 2013-08-03 22:30    --------    d-sh--w-    c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-03 22:09 . 2013-08-03 22:09    --------    dc----w-    C:\$AVG
2013-08-03 22:08 . 2013-08-07 07:36    --------    d-----w-    c:\program files\AVG
2013-08-02 19:54 . 2013-08-02 19:54    --------    d-----w-    c:\program files\Softwin
2013-08-02 19:53 . 2013-08-02 21:03    --------    d-----w-    c:\program files\Common Files\Softwin
2013-08-02 19:10 . 2013-08-02 19:10    --------    d-----w-    c:\documents and settings\Customer\Application Data\QuickScan
2013-08-01 20:39 . 2013-08-01 20:39    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-08-01 20:34 . 2013-08-17 06:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\WeCareReminder
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Wajam
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\PackageAware
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Coupon Companion
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Application Data\DriverCure
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\program files\Java
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\program files\Common Files\Java
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\DownloadTerms
2013-07-31 05:43 . 2013-07-31 05:43    --------    d-----w-    c:\windows\ERUNT
2013-07-30 04:59 . 2013-07-30 04:59    --------    d-----w-    c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 11:51 . 2013-07-20 11:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 11:50 . 2013-07-20 11:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 11:50 . 2013-07-20 11:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 11:50 . 2013-07-20 11:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-10 11:32 . 2013-07-10 11:32    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 11:45 . 2013-07-01 11:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-06-14 15:19 . 2012-04-08 18:57    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-14 15:19 . 2011-05-19 20:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 01:51 . 2013-06-10 20:36    10285040    ----a-w-    C:\mbam-setup-1.75.0.1300.exe
2013-06-10 20:25 . 2013-06-10 20:24    13169742    ----a-w-    C:\mbar-1.06.0.1003.zip
2013-06-10 07:37 . 2013-06-10 07:34    6696960    ----a-w-    C:\Glary_Utilities_v2.56.0.1822.exe
2013-05-22 00:16 . 2013-05-22 00:16    435658    ----a-w-    C:\LC162b.zip
2012-02-21 23:05 . 2012-02-21 23:04    27311232    -c--a-w-    c:\program files\RunSanDiskSecureAccess-Win.exe
2013-03-07 14:31 . 2013-05-05 02:13    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 380416]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-08-07 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-31 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-31 512000]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20    40448    ------w-    c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       psqlpwd scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 22:55    937920    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2002-10-18 19:07    87751    -c----w-    c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-04-30 05:00    315392    -c----w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 01:30    2508104    -c----w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43    767312    -c----w-    c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2002-12-24 10:01    204800    -c----w-    c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 07:52    49152    -c----w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2003-01-07 22:52    495616    -c----w-    c:\program files\IBM\Messages By IBM\ibmmessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-11 00:00    1937408    -c----w-    c:\progra~1\Ahead\NEROBA~1\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50    155648    -c----w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
2008-03-07 21:39    733184    -c----w-    c:\program files\BoxKing\Power Management\Power Saved Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24    32768    -c----w-    c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
2001-10-12 06:32    69632    -c----w-    c:\windows\system32\S3Tray2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SacReminderHDDV2]
2010-12-03 14:49    444240    -c----r-    c:\documents and settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2010-11-11 04:16    31095432    -c--a-w-    c:\documents and settings\Customer\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2009-08-01 00:17    266888    -c----w-    c:\documents and settings\Customer\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 17:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-07-31 23:24    512000    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-07-31 23:25    110592    ----a-w-    c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2003-08-08 23:39    897024    -c----w-    c:\program files\ThinkPad\Utilities\TpKmapAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 1:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 1:51 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/10/2013 1:32 AM 39224]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/5/2012 10:05 AM 24408]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 1:50 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 1:50 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [11/14/2006 5:29 PM 15360]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 5:00 PM 3456]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [9/15/2008 11:55 AM 29788]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;"c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe" --> c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/31/1979 10:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:19]
.
2006-11-15 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-11-15 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hopsurf.com
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\reonbw06.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
Notify-dimsntfy - (no file)
MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-19 08:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1298717234-787202485-4048220586-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2013-08-19  08:41:04
ComboFix-quarantined-files.txt  2013-08-19 18:40
.
Pre-Run: 30,861,307,904 bytes free
Post-Run: 30,888,378,368 bytes free
.
- - End Of File - - 7FB02DC55479A92D8F86FDE2560DA5EE
AB67D479E4EE1CCAD757294B60DDB98F
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 20 August 2013 - 07:35 AM


This fix will remove these remnant items from the registry.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Bitdefender Antivirus *Enabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}


Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{7591DB91-41F0-48A3-B128-1A293FD8233D}
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem persists.

#10 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 20 August 2013 - 01:37 PM

How do I:

  'Save this as CFScript.txt on your desktop'.

 

Note: I tried click to save, but it gives me gif picture only

and I do not have ComboFix.exe on my desktop either.

 

IOW's:

I need to know how to drag this ->> 'Referring to the picture above, drag CFScript into ComboFix.exe'
Then post the resultant log.

 

thanks_



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 21 August 2013 - 08:23 AM

My instructions were for you to install ComboFix on your desktop.

You choose to leave it in theDownloads folder and run it from there.
c:\documents and settings\Customer\My Documents\Downloads\ComboFix.exe

Move ComboFix.exe from the Download folder and place it on your desktop.
===
 

How do I:
'Save this as CFScript.txt on your desktop'.

Note: I tried click to save, but it gives me gif picture only
and I do not have ComboFix.exe on my desktop either.


Open Notepad.exe and copy all the text in the box to Notepad.

Save the file as CFScript.txt to your desktop.
Make sure the extention of the file is .txt.

===

Right click on the CFScript.txt and drag it to the ComboFix icon.

Let me know if you need additional help.

Edited by nasdaq, 21 August 2013 - 08:23 AM.


#12 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 21 August 2013 - 02:35 PM

ComboFix 13-08-21.01 - Customer 08/21/2013   9:14.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1535.1049 [GMT -10:00]
Running from: c:\documents and settings\Customer\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Customer\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-21 to 2013-08-21  )))))))))))))))))))))))))))))))
.
.
2013-08-14 21:11 . 2013-08-14 21:11    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Amazon
2013-08-14 21:10 . 2013-08-14 21:11    --------    d-----w-    c:\program files\Amazon
2013-08-06 22:43 . 2013-08-06 22:43    --------    d-----w-    c:\documents and settings\LocalService\Application Data\AVG
2013-08-03 22:32 . 2013-08-03 22:32    --------    d-----w-    c:\documents and settings\Customer\Application Data\AVG
2013-08-03 22:30 . 2013-08-03 22:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG
2013-08-03 22:30 . 2013-08-03 22:30    --------    d-sh--w-    c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-03 22:09 . 2013-08-03 22:09    --------    dc----w-    C:\$AVG
2013-08-03 22:08 . 2013-08-07 07:36    --------    d-----w-    c:\program files\AVG
2013-08-02 19:54 . 2013-08-02 19:54    --------    d-----w-    c:\program files\Softwin
2013-08-02 19:53 . 2013-08-02 21:03    --------    d-----w-    c:\program files\Common Files\Softwin
2013-08-02 19:10 . 2013-08-02 19:10    --------    d-----w-    c:\documents and settings\Customer\Application Data\QuickScan
2013-08-01 20:39 . 2013-08-01 20:39    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-08-01 20:34 . 2013-08-17 06:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\WeCareReminder
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Wajam
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\PackageAware
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\Coupon Companion
2013-08-01 20:34 . 2013-08-01 20:34    --------    d-----w-    c:\documents and settings\Customer\Application Data\DriverCure
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\program files\Java
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\program files\Common Files\Java
2013-08-01 20:32 . 2013-08-01 20:32    --------    d-----w-    c:\documents and settings\Customer\Local Settings\Application Data\DownloadTerms
2013-07-31 05:43 . 2013-07-31 05:43    --------    d-----w-    c:\windows\ERUNT
2013-07-30 04:59 . 2013-07-30 04:59    --------    d-----w-    c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-20 11:51 . 2013-07-20 11:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 11:50 . 2013-07-20 11:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 11:50 . 2013-07-20 11:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 11:50 . 2013-07-20 11:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-10 11:32 . 2013-07-10 11:32    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 11:45 . 2013-07-01 11:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2013-06-14 15:19 . 2012-04-08 18:57    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-14 15:19 . 2011-05-19 20:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 01:51 . 2013-06-10 20:36    10285040    ----a-w-    C:\mbam-setup-1.75.0.1300.exe
2013-06-10 20:25 . 2013-06-10 20:24    13169742    ----a-w-    C:\mbar-1.06.0.1003.zip
2013-06-10 07:37 . 2013-06-10 07:34    6696960    ----a-w-    C:\Glary_Utilities_v2.56.0.1822.exe
2012-02-21 23:05 . 2012-02-21 23:04    27311232    -c--a-w-    c:\program files\RunSanDiskSecureAccess-Win.exe
2013-03-07 14:31 . 2013-05-05 02:13    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 380416]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-08-07 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-31 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-31 512000]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20    40448    ------w-    c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk * \0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       psqlpwd scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 22:55    937920    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2002-10-18 19:07    87751    -c----w-    c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-04-30 05:00    315392    -c----w-    c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 01:30    2508104    -c----w-    c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43    767312    -c----w-    c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2002-12-24 10:01    204800    -c----w-    c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 07:52    49152    -c----w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2003-01-07 22:52    495616    -c----w-    c:\program files\IBM\Messages By IBM\ibmmessages.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-11 00:00    1937408    -c----w-    c:\progra~1\Ahead\NEROBA~1\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50    155648    -c----w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
2008-03-07 21:39    733184    -c----w-    c:\program files\BoxKing\Power Management\Power Saved Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24    32768    -c----w-    c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
2001-10-12 06:32    69632    -c----w-    c:\windows\system32\S3Tray2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SacReminderHDDV2]
2010-12-03 14:49    444240    -c----r-    c:\documents and settings\All Users\Application Data\Clickfree\HDDV2USB3\reminder\SacReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanDiskSecureAccess_Manager.exe]
2010-11-11 04:16    31095432    -c--a-w-    c:\documents and settings\Customer\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2009-08-01 00:17    266888    -c----w-    c:\documents and settings\Customer\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 17:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-07-31 23:24    512000    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-07-31 23:25    110592    ----a-w-    c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2003-08-08 23:39    897024    -c----w-    c:\program files\ThinkPad\Utilities\TpKmapAp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 1:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 1:51 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/10/2013 1:32 AM 39224]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/5/2012 10:05 AM 24408]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 1:50 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 1:50 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [11/14/2006 5:29 PM 15360]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 5:00 PM 3456]
R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [9/15/2008 11:55 AM 29788]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;"c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe" --> c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/31/1979 10:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
p2psvc    REG_MULTI_SZ       p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:19]
.
2006-11-15 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-11-15 09:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hopsurf.com
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\reonbw06.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-21 09:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1298717234-787202485-4048220586-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'lsass.exe'(1136)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-21  09:25:35
ComboFix-quarantined-files.txt  2013-08-21 19:25
ComboFix2.txt  2013-08-21 19:09
ComboFix3.txt  2013-08-21 18:47
ComboFix4.txt  2013-08-19 18:41
.
Pre-Run: 31,414,034,432 bytes free
Post-Run: 31,404,883,968 bytes free
.
- - End Of File - - D9866F6FF43C797249B7B076832F1440
AB67D479E4EE1CCAD757294B60DDB98F
 

==================================

 

 

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 AVG PC TuneUp Language Pack (en-US)
 CCleaner     
 Java™ 6 Update 31  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.7.700.224  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

===============================================

===============================================

Nasdaq:

 

I will keep checking to see if problem was solved.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 22 August 2013 - 07:36 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 31
Java 7 Update 21


Remove also this old version of Adobe Flash Player 10

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Important security issue
Support for Windows XP Service Pack 2 ended 13/07/2010
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

For continued support get the Service Pack 3.

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

Note that Service Pack 2 must be installed before you proceed with the SP3 installation.
Information on the page.

====

For your additional information.
Windows XP SP3 and Office 2003
Microsoft support Ends April 8, 2014
http://www.microsoft.com/en-us/windows/endofsupport.aspx

#14 Robazi

Robazi
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 22 August 2013 - 02:49 PM

Successfully removed:

Java™ 6 Update 31
Java 7 Update 21

Adobe Flash Player 10

-----------------------

However, when downloading the latest version of Adobe Reader XI (11.0.03)

it gave this error msg:

>Adobe Reader Installer:
Failed to initialize:
[it stopped at the 50% mark]

Note:  I still have Adobe Reader X (10.1.0)

----------------------------------------------

Successfully Installed Java 7 Update 25

...and SP3

----------------------

Tried downloading from 'Automatic Updates' but  below

failed:

Security Update for Microsoft .NET Framework, Version 2.0 (KB928365)

------------------------------

I still have these:

MSXML 4.0 SP2(KB954430)

MSXML 4.0 SP2(KB973688)

MXLML 6 Service Pack 2(KB973686)

---------------------------

============================================================

Good News; I haven't had any ReDirects lately - will keep an eye on it.

============================================================


Edited by Robazi, 22 August 2013 - 08:45 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:12 PM

Posted 23 August 2013 - 07:44 AM

Tried downloading from 'Automatic Updates' but below
failed:
Security Update for Microsoft .NET Framework, Version 2.0 (KB928365)


Run the Fix it suggested on this Microsoft page by clicking the Run Now button.
http://support.microsoft.com/kb/971187
===

However, when downloading the latest version of Adobe Reader XI (11.0.03)
it gave this error msg:
>Adobe Reader Installer:
Failed to initialize: [it stopped at the 50% mark]


You may have had a bad download or a slow connection. Try again

If that fails see what you can do as suggested in this article.

http://helpx.adobe.com/acrobat/kb/troubleshoot-reader-installation-windows.html
===
p.s.
Use Internet Explorer to download these updates.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users