Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and Hijacked


  • This topic is locked This topic is locked
30 replies to this topic

#1 windowsxphelp

windowsxphelp

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 07:45 AM

 

Mod Edit: Moved from AII, OP decided to run ComboFix on their own ~~ boopme

First let me say I am not a technical wizard.
 
Attempted to download google chrome and ended up a cnet.  Have no excuse had used them before with no issues. Should have gone to google directly.
 
Now I have the conduit, webcakes issues.
 
Have ran hitman and viper that was sent to me by Microsoft.
Have run Adware and attempted to run Hijack this. Hijack this says installer not working and will not load.
 
the only way to access the internet is through Safari and it works.
 
I am on a laptop away from the PC that is infected. 
 
E machine did not come with a disc to reboot or repair.
 
Microsoft said the only way to fix is to install windows 7
 
Need some help here nothing seems to get rid of this crap.
 
Thanks


Edited by boopme, 19 August 2013 - 10:43 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 AM

Posted 19 August 2013 - 08:50 AM

Welcome, let's also run these...

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 08:56 AM

will do now running combo fix and as soon as it finishes I will do your instructions to the letter.

 

I appreciated your responding, this had been going on for 3 days with no end in site.



#4 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 10:35 AM

here is the combo fix report about to start your recommended process:

 

 

87        t4gComboFix 13-08-19.01 - Owner 08/19/2013  10:15:27.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1391 [GMT -4:00]

Running from: c:\docume~1\Owner\LOCALS~1\Temp\a5fx2xjz.tmp\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-19 to 2013-08-19  )))))))))))))))))))))))))))))))

.

.

2013-08-17 17:14 . 2013-08-18 17:03           -------- d-----w-           c:\documents and settings\Administrator

2013-08-17 14:38 . 2012-05-25 17:14           42864  ----a-w-            c:\windows\system32\sbbd.exe

2013-08-17 14:38 . 2012-05-25 17:14           101112            ----a-w-            c:\windows\system32\drivers\SBREDrv.sys

2013-08-17 14:38 . 2013-08-19 05:54           -------- d-----w-           C:\VIPRERESCUE

2013-08-17 14:32 . 2013-08-18 21:22           12872  ----a-w-            c:\windows\system32\bootdelete.exe

2013-08-17 14:24 . 2013-08-18 17:04           -------- d-----w-           c:\documents and settings\All Users\Application Data\HitmanPro

2013-08-17 12:03 . 2013-08-17 13:25           40776  ----a-w-            c:\windows\system32\drivers\mbamswissarmy.sys

2013-08-17 11:44 . 2013-08-18 17:06           -------- d-----w-           c:\program files\Uninstaller

2013-08-17 11:43 . 2013-08-18 17:06           -------- d-----w-           c:\program files\MyPC Backup

2013-08-17 11:42 . 2013-08-17 11:43           -------- d-----w-           c:\documents and settings\Owner\Local Settings\Application Data\CRE

2013-08-16 21:14 . 2001-08-17 17:53           6784    -c--a-w-            c:\windows\system32\dllcache\serscan.sys

2013-08-16 21:14 . 2001-08-17 17:53           6784    ----a-w-            c:\windows\system32\drivers\serscan.sys

2013-08-16 21:14 . 2001-08-18 02:36           37376  -c--a-w-            c:\windows\system32\dllcache\kousd.dll

2013-08-16 21:14 . 2001-08-18 02:36           37376  ----a-w-            c:\windows\system32\kousd.dll

2013-08-16 21:14 . 2001-08-18 02:36           71680  -c--a-w-            c:\windows\system32\dllcache\fnfilter.dll

2013-08-16 21:14 . 2001-08-18 02:36           71680  ----a-w-            c:\windows\system32\fnfilter.dll

2013-08-14 14:50 . 2013-08-14 14:54           -------- d-----w-            c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 02:57 . 2012-11-08 21:22           37664  ----a-w-            c:\windows\system32\drivers\avgtpx86.sys

2013-07-26 02:47 . 2008-04-14 12:00           920064            ----a-w-            c:\windows\system32\wininet.dll

2013-07-26 02:47 . 2008-04-14 12:00           43520  ------w-            c:\windows\system32\licmgr10.dll

2013-07-26 02:47 . 2008-04-14 12:00           1469440          ------w-            c:\windows\system32\inetcpl.cpl

2013-07-25 15:52 . 2008-04-14 12:00           385024            ------w-            c:\windows\system32\html.iec

2013-07-20 05:51 . 2012-09-21 07:46           246072            ----a-w-            c:\windows\system32\drivers\avglogx.sys

2013-07-20 05:50 . 2012-09-21 07:45           60216  ----a-w-            c:\windows\system32\drivers\avgidshx.sys

2013-07-20 05:50 . 2012-09-13 07:11           208184            ----a-w-            c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 05:50 . 2010-09-07 08:48           171320            ----a-w-            c:\windows\system32\drivers\avgldx86.sys

2013-07-10 10:37 . 2008-04-14 12:00           406016            ----a-w-            c:\windows\system32\usp10.dll

2013-07-10 05:32 . 2010-09-07 08:48           39224  ----a-w-            c:\windows\system32\drivers\avgrkx86.sys

2013-07-04 03:03 . 2008-04-14 12:00           2149888          ----a-w-            c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08 . 2008-04-14 00:01           2028544          ----a-w-            c:\windows\system32\ntkrnlpa.exe

2013-07-01 05:45 . 2010-09-07 08:48           96568  ----a-w-            c:\windows\system32\drivers\avgmfx86.sys

2013-06-23 14:50 . 2012-04-11 21:05           692104            ----a-w-            c:\windows\system32\FlashPlayerApp.exe

2013-06-23 14:50 . 2011-06-29 16:27           71048  ----a-w-            c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-23 14:47 . 2013-06-23 14:47           94632  ----a-w-            c:\windows\system32\WindowsAccessBridge.dll

2013-06-23 14:47 . 2012-06-18 11:28           867240            ----a-w-            c:\windows\system32\npdeployJava1.dll

2013-06-23 14:47 . 2010-05-03 11:47           789416            ----a-w-            c:\windows\system32\deployJava1.dll

2013-06-23 14:47 . 2007-07-02 13:06           144896            ----a-w-            c:\windows\system32\javacpl.cpl

2013-06-04 07:23 . 2008-04-14 12:00           562688            ----a-w-            c:\windows\system32\qedit.dll

2013-06-04 01:40 . 2008-04-14 12:00           1876736          ----a-w-            c:\windows\system32\win32k.sys

2013-05-28 01:59 . 2008-04-14 12:00           590848            ----a-w-            c:\windows\system32\rpcrt4.dll

2013-05-28 00:41 . 2009-04-15 19:47           6144    ----a-w-            c:\windows\system32\xpsp4res.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]

@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]

2013-02-28 22:28       1065776          ----a-w-           c:\program files\Workspace\offsyncext.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]

@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"

[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]

2013-02-28 22:28       1065776          ----a-w-           c:\program files\Workspace\offsyncext.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2013-04-17 35008]

"Workspace Status"="c:\program files\Workspace\WorkspaceStatus.exe" [2013-07-27 694760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute   REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 246072]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]

R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 171320]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 5:22 PM 37664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/17/2013 10:38 AM 101112]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [1/25/2013 2:59 PM 1187040]

R2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [4/26/2013 4:52 PM 342528]

R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]

S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"j:\hitmanpro.exe" /crusader:boot --> j:\HitmanPro.exe [?]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 EraserUtilDrv10740;EraserUtilDrv10740;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10740.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/17/2013 8:03 AM 40776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12

HPService       REG_MULTI_SZ       HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 14:03]

.

2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-16 14:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

Trusted Zone: $talisma_url$

Trusted Zone: state.ga.us\stars.dhr

TCP: DhcpNameServer = 192.168.1.254

DPF: {68A12883-7584-11D1-A259-00C04FD97350} - hxxps://stars.dhr.state.ga.us/CABS/pcache.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-08-19 10:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HitmanPro37CrusaderBoot]

"ImagePath"="\"j:\hitmanpro.exe\" /crusader:boot"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1290862750-3884150009-608248776-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2568)

c:\windows\system32\WININET.dll

c:\program files\Workspace\offsyncext.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-08-19  10:36:15

ComboFix-quarantined-files.txt  2013-08-19 14:36

ComboFix2.txt  2013-08-19 13:59

.

Pre-Run: 112,877,170,688 bytes free

Post-Run: 112,862,298,112 bytes free

.

- - End Of File - - E81EE68B024208D3490DDC1FD01AF456

8F558EB6672622401DA993E1E865C861



#5 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 10:38 AM

From Toolbox:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Owner (administrator) on 19-08-2013 at 11:37:11
Running from "C:\Documents and Settings\Owner\Local Settings\temp\xd023i38.tmp"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros L2 Fast Ethernet 10/100 Base-T Controller = Local Area Connection 2 (Disconnected)
NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : your-1sfdbkykfj
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : gateway.2wire.net
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : gateway.2wire.net
 
        Description . . . . . . . . . . . : NETGEAR WG111v3 Wireless-G USB Adapter #3
 
        Physical Address. . . . . . . . . : E0-91-F5-98-2E-42
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.72
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
        DHCP Server . . . . . . . . . . . : 192.168.1.254
 
        DNS Servers . . . . . . . . . . . : 192.168.1.254
 
        Lease Obtained. . . . . . . . . . : Monday, August 19, 2013 11:30:02 AM
 
        Lease Expires . . . . . . . . . . : Tuesday, August 20, 2013 11:30:02 AM
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com
Addresses:  74.125.227.9, 74.125.227.4, 74.125.227.0, 74.125.227.1
 74.125.227.2, 74.125.227.14, 74.125.227.5, 74.125.227.8, 74.125.227.7
 74.125.227.3, 74.125.227.6
 
 
 
Pinging google.com [74.125.227.6] with 32 bytes of data:
 
 
 
Reply from 74.125.227.6: bytes=32 time=43ms TTL=52
 
Reply from 74.125.227.6: bytes=32 time=46ms TTL=52
 
 
 
Ping statistics for 74.125.227.6:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 43ms, Maximum = 46ms, Average = 44ms
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=136ms TTL=42
 
Reply from 206.190.36.45: bytes=32 time=212ms TTL=42
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 136ms, Maximum = 212ms, Average = 174ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 2ms, Average = 1ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...e0 91 f5 98 2e 42 ...... NETGEAR WG111v3 Wireless-G USB Adapter #3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.72  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.72    192.168.1.72  25
     192.168.1.72  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.72    192.168.1.72  25
        224.0.0.0        240.0.0.0     192.168.1.72    192.168.1.72  25
  255.255.255.255  255.255.255.255     192.168.1.72    192.168.1.72  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/19/2013 09:09:31 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2013 09:18:44 PM) (Source: MsiInstaller) (User: YOUR-1SFDBKYKFJ)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (08/18/2013 09:16:55 PM) (Source: MsiInstaller) (User: YOUR-1SFDBKYKFJ)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 
Error: (08/18/2013 05:24:50 PM) (Source: Application Error) (User: )
Description: Faulting application lmi_rescue.exe, version 7.1.389.1552, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [lmi_rescue.exe!ws!]
 
Error: (08/18/2013 03:35:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2013 03:33:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2013 02:33:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2013 02:32:17 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2013 02:24:56 PM) (Source: Application Hang) (User: )
Description: Fault bucket -708915527.
 
Error: (08/18/2013 02:24:03 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8402.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (08/19/2013 11:30:32 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/19/2013 11:30:32 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%3
 
Error: (08/19/2013 10:05:40 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/19/2013 10:05:40 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%3
 
Error: (08/19/2013 09:50:15 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/19/2013 09:50:15 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%3
 
Error: (08/19/2013 09:07:15 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/19/2013 09:07:15 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%3
 
Error: (08/19/2013 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/19/2013 09:02:24 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (08/19/2013 09:09:31 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/18/2013 09:18:44 PM) (Source: MsiInstaller)(User: YOUR-1SFDBKYKFJ)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)
 
Error: (08/18/2013 09:16:55 PM) (Source: MsiInstaller)(User: YOUR-1SFDBKYKFJ)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)
 
Error: (08/18/2013 05:24:50 PM) (Source: Application Error)(User: )
Description: lmi_rescue.exe7.1.389.1552ntdll.dll5.1.2600.60550000100b
 
Error: (08/18/2013 03:35:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/18/2013 03:33:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/18/2013 02:33:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/18/2013 02:32:17 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/18/2013 02:24:56 PM) (Source: Application Hang)(User: )
Description: -708915527
 
Error: (08/18/2013 02:24:03 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8402.0hungapp0.0.0.000000000
 
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 6.1.2)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AT&T Pop-Up Catcher
AT&T Troubleshoot & Resolve Tool
Atheros Communications Inc.® L2 Fast Ethernet Driver (Version: 2.5.7.7)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
BPD_Scan (Version: 2.00.0000)
BPDfax (Version: 70.0.184.000)
CCleaner (Version: 3.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader (Version: 1.08)
DMUninstaller
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.3.42)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 08.04.0623)
MobileMe Control Panel (Version: 3.1.8.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
Network (Version: 140.0.215.000)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PowerDVD
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
RCA Detective™ 2.0.0.99
RCA Digital Voice Manager 5.1.1.2
Realtek High Definition Audio Driver (Version: 5.10.0.5506)
Safari (Version: 5.34.57.2)
Scan (Version: 140.0.167.000)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.6513)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Movie Maker 2.0 (Version: 2.0.0000)
Workspace Desktop
 
========================= Memory info: ===================================
 
Percentage of memory in use: 45%
Total physical RAM: 2039.17 MB
Available physical RAM: 1115.57 MB
Total Pagefile: 3925.06 MB
Available Pagefile: 3076.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.06 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:149.05 GB) (Free:105.14 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\YOUR-1SFDBKYKFJ
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         
 
 
**** End of log ****


#6 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 10:47 AM

On TD S Skiller no threats found.  Cannot copy and paste for some reason.



#7 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 10:51 AM

Here is AdWare Report.

 

# AdwCleaner v2.306 - Logfile created 08/19/2013 at 11:48:51
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - YOUR-1SFDBKYKFJ
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Local Settings\temp\jzzwt8a9.tmp\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
*************************
 
AdwCleaner[R10].txt - [562 octets] - [19/08/2013 11:48:51]
AdwCleaner[R1].txt - [851 octets] - [18/08/2013 12:49:28]
AdwCleaner[R2].txt - [871 octets] - [18/08/2013 14:00:17]
AdwCleaner[R3].txt - [989 octets] - [18/08/2013 14:07:14]
AdwCleaner[R4].txt - [1048 octets] - [18/08/2013 14:07:35]
AdwCleaner[R5].txt - [1109 octets] - [18/08/2013 14:07:51]
AdwCleaner[R6].txt - [1229 octets] - [18/08/2013 15:19:19]
AdwCleaner[R7].txt - [1285 octets] - [18/08/2013 16:41:03]
AdwCleaner[R8].txt - [1405 octets] - [18/08/2013 21:06:42]
AdwCleaner[R9].txt - [1526 octets] - [19/08/2013 08:18:40]
AdwCleaner[S1].txt - [917 octets] - [18/08/2013 12:49:51]
AdwCleaner[S2].txt - [935 octets] - [18/08/2013 14:00:32]
AdwCleaner[S3].txt - [1175 octets] - [18/08/2013 14:08:07]
AdwCleaner[S4].txt - [1295 octets] - [18/08/2013 15:19:52]
AdwCleaner[S5].txt - [1346 octets] - [18/08/2013 16:41:23]
AdwCleaner[S6].txt - [1466 octets] - [18/08/2013 21:06:58]
AdwCleaner[S7].txt - [1586 octets] - [19/08/2013 08:19:18]
 

########## EOF - C:\AdwCleaner[R10].txt - [1577 octets] ##########



#8 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 10:58 AM

Had no choice other than run combo it was running when I posted.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:17 AM

Posted 19 August 2013 - 11:07 AM

As you have, I have to move it here and have one of our techs review the log. Please make no further changes until they reply here.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 19 August 2013 - 11:09 AM

Thanks, sorry should have told you about this in first post.

As you can imagine if a 12 gauge shotgun could have helped it would have been applied.



#11 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 20 August 2013 - 10:40 AM

Has there been any progress as of yet on this issue?



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:17 AM

Posted 20 August 2013 - 02:18 PM

Hello windowsxphelp,

My name is bloopie and I'll be assisting you from here on. :)

First I must warn you: when you are instructed to run a tool, please do so only once, then post the resultant log unless otherwise noted. By running the tools multiple times, and/or run tools without instruction to do so, you obscure the objects the tools removed, and it becomes impossible to help you.
 
==========
 
Step  :step1:

I see you posted the log from Combofix, but you have run the tool twice and only posted the second log. Please post the first log located at C:\ComboFix2.txt so that we can see what, if anything, Combofix removed.

==========

Step :step2:

AdwCleaner has been run multiple times and that's why the log is clean. Please locate the log from your desktop that actually contains deletions, and copy and paste that one in your next reply.

==========

In addition to the above requested logs, please let me know what problems, if any, you are still experiencing with the machine and we'll go from there.
 
Thanks,

bloopie

#13 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 20 August 2013 - 05:11 PM

Bloopie, first thanks.

 

I tried the to get the combo fix and cannot find it on the machine

Not sure what this is but found it on notepad.

 

 
log=AegisP Protocol (network component):  
log=Uninstallation failed
log=AegisP Protocol (device driver):  Stopped.
log=AegisP Protocol (C:\WINDOWS\inf\AegisP.PNF):  Deleted.
log=AegisP Protocol (C:\WINDOWS\inf\AegisP.inf):  Created.
log=AegisP Protocol (C:\WINDOWS\system32\drivers\AegisP.sys):  Created.
log=AegisP Protocol (network component):  Installed.
message=Driver install was successful
reboot=0
log=AegisP Protocol (device driver):  Started - now running.
code=0

As far as issues.  Not able to access internet via explorer and says word not installed and then loads.

I am accessing with Safari to post this. Cannot access restore. I can now access msconfig and was not able to before.



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:17 AM

Posted 20 August 2013 - 09:25 PM

Hello again,

It's my pleasure to help! :)
 

Please locate the log from your desktop that actually contains deletions, and copy and paste that one in your next reply.

Please do this if you can!

==========

Step :step1:

We still need to see what Combofix removed. Please navigate to the following filepath:
 

C:\Qoobox\ComboFix-quarantined-files.txt

Then copy and paste the contents of that file in your next reply.

==========

Step :step2:

Please download Farbar Service Scanner to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your next reply.

==========

Please post both requested logs in your next reply!

bloopie



#15 windowsxphelp

windowsxphelp
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 21 August 2013 - 06:56 AM

2013-08-19 13:56:48 . 2013-08-19 13:56:48              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2013-08-19 13:56:47 . 2013-08-20 16:21:45              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2013-08-19 13:37:16 . 2013-08-19 13:37:16            3,014 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_pcCMService.reg.dat
2013-08-19 13:37:16 . 2013-08-19 13:37:16            1,074 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_PCCMSERVICE.reg.dat
2013-08-19 13:36:39 . 2013-08-20 16:14:00            9,124 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-08-19 13:26:58 . 2013-08-20 16:08:52              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-08-19 13:18:24 . 2013-08-20 16:03:13              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-08-15 02:57:34 . 2013-08-15 02:57:09           10,805 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\66d43494731249a8.fb.vir
2013-07-29 23:00:26 . 2013-07-29 22:59:59           10,805 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\bbfbf7d2e7144efd.fb.vir
2013-06-27 06:52:57 . 2013-06-27 06:52:37           10,726 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\0f8ea0d6436773f8.fb.vir
2013-05-21 16:15:04 . 2013-05-21 16:14:48           11,064 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\2fa3aee5fdaa6e61.fb.vir
2013-02-18 23:04:37 . 2013-08-15 02:57:09              577 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\95f567698be8a182.fb.vir
2013-02-18 23:04:37 . 2013-08-15 02:57:09              636 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\26c630d098e22dd5.fb.vir
2013-02-18 23:04:37 . 2013-02-18 23:04:22           10,783 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\b6290bf48e28d4c4.fb.vir
2013-02-10 16:10:17 . 2013-02-10 16:10:04           10,993 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\0f70e79cf5350d62.fb.vir
2013-01-10 13:45:40 . 2013-01-10 13:45:03           10,511 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3a2ac590e2c706e8.fb.vir
2012-11-08 21:22:43 . 2012-11-08 21:22:30           10,936 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\dca9b381928d2eed.fb.vir
2012-07-10 02:57:23 . 2012-07-10 02:57:15           11,070 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\e2e7cb02190e201d.fb.vir
2012-06-12 02:41:47 . 2013-08-15 02:57:09              668 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6d03dad1035885d3.fb.vir
2012-06-12 02:41:47 . 2013-08-15 02:57:09              663 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c1fa887b03019701.fb.vir
2012-06-12 02:41:46 . 2013-08-15 02:57:09              661 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\32c84fe32bb74d60.fb.vir
2012-06-12 02:41:46 . 2013-08-15 02:57:09            1,071 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f998975c9cc711ee.fb.vir
2012-06-12 02:41:46 . 2013-08-15 02:57:09              628 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\31a0997e9a5b5eb3.fb.vir
2012-06-12 02:41:46 . 2012-06-12 02:41:39           11,070 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\55ca78f19611e981.fb.vir
2012-03-12 22:24:34 . 2012-03-12 22:24:29            7,902 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8fbdeb546e3ebb39.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              630 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\272512937d9e61a4.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              639 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\590ba23ce359fd0c.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              398 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c59ac5e7e7a3ad0.fb.vir
2012-01-24 04:13:51 . 2013-05-21 16:14:47              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\651c5d3cdbfb8bd1.fb.vir
2012-01-24 04:13:51 . 2012-11-08 21:22:30              669 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\a8556537add6dfc5.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              586 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c4d28dca2e7648be.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09            1,045 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d201ef9910cd39de.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              622 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\287204568329e189.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              366 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ad10a52aff5e038d.fb.vir
2012-01-24 04:13:51 . 2012-03-12 22:24:29            1,062 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\e0de16f883bea794.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09            1,022 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3917078cb68ec657.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              365 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\610289e025a3ee9a.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              567 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d2e94710a5708128.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d79b9dfe81484ec4.fb.vir
2012-01-24 04:13:51 . 2013-08-15 02:57:09            1,291 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\28bc8f716fd76a47.fb.vir
2012-01-24 04:13:51 . 2012-07-10 02:57:15              633 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\2c53092c95605355.fb.vir
2012-01-24 04:13:50 . 2012-01-24 04:13:43            7,902 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\5b13cff58cfcd0a2.fb.vir
2006-10-06 18:22:54 . 2004-09-22 22:46:16        5,550,080 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\setb4.tmp.vir
2005-06-01 01:02:42 . 1999-08-04 16:00:00          522,752 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\DC120fc7_32.dll.vir
2004-08-09 23:56:39 . 2004-04-13 00:14:02            1,640 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\hack\OEMLINK\OEM3.reg.vir
2004-08-09 23:56:39 . 2004-04-13 00:13:26            3,872 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\hack\OEMLINK\OEM2.reg.vir
2004-08-09 23:56:39 . 2004-04-13 00:12:26            3,512 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\hack\OEMLINK\OEM1.reg.vir
2004-08-09 23:34:33 . 2003-03-31 12:00:00          415,082 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\Help\wmplayer.bak.vir





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users