Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

\WINDOWS\$NtUninstallKB62280$\485945278\U\00000002.@


  • This topic is locked This topic is locked
37 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 18 September 2013 - 04:29 PM

Please help me get rid of this little bugger!  I have done full MSE and Malicous Software Remover tool scans from MS down-load site.  I have also done a MS disk clean, MS Defrag and a Auslogics Defrag.  The two Defrag scans are the ones that show this little bugger.  It says:  Fragments       File Size       Files that cannot be defragmented

4               220 KB          \WINDOWS\$NtUninstallKB62280$\485945278\U\00000002.@

 

My computer friend said that it was some kind of rootkit or something I forget.  Any one know the proper tool to remove this thing and what it is?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 18 September 2013 - 06:26 PM



Hello pcpunk

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 20 September 2013 - 02:10 PM

Okay, I did a BootTime Scan with Avast and Deleted four viruses.  Did a "M.S. Disk Clean and Defrag and the \WINDOWS\$NtUninstallKB62280$\485945278\U\00000002.@  showed up still.  

Started the computer and it was really slow and all jammed up.  I Restarted computer did a Avast Browser clean-up(Not that that helped)and now working great!  I need to do another Defrag or Disk Clean to see if it is still there I guess for now.  Thank you for your help though and I will perform these things as soon as I get a chance.  I would also like to donate to you for this but I am severely ill and have no money right now.  I am using my computer to raise some money and keep in contact with people so it is very important to me.  

I am curious as to what this thing is or do need the reports to tell?  Also I am having trouble thinking so some of this stuff is difficult to do for me but I will try.  I also hate downloading anything from the net. Lol.  I don't have computer access at home so possibly be a bit slow to reply.  Thanks so much for this valuable info.  I did read a simular post of yours concerning this but that person was having very different symptoms than I.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 20 September 2013 - 03:43 PM

Hello

The virus is called Zero access and you should get me the reports as soon as possible


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 23 September 2013 - 03:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 04 October 2013 - 05:02 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 04 October 2013 - 05:04 PM

I will get the reports to you but it will be later today or tomorrow.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 04 October 2013 - 08:19 PM

No problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 04 October 2013 - 08:45 PM

Here you go!.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2012 9:36:03 PM
System Uptime: 10/4/2013 8:22:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 30A2
Processor: Intel® Core™2 CPU         T5500  @ 1.66GHz | U10 | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 50.37 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: avast! SecureLine TAP Adapter
Device ID: ROOT\NET\0000
Manufacturer: TAP-Windows Provider V9
Name: avast! SecureLine TAP Adapter
PNP Device ID: ROOT\NET\0000
Service: tap0901
.
==== System Restore Points ===================
.
RP17: 8/8/2013 7:38:13 PM - Software Distribution Service 3.0
RP18: 8/10/2013 4:21:18 PM - Software Distribution Service 3.0
RP19: 8/12/2013 1:36:42 PM - Software Distribution Service 3.0
RP20: 8/12/2013 3:04:34 PM - Software Distribution Service 3.0
RP21: 8/12/2013 4:19:11 PM - Installed Microsoft Fix it 50195
RP22: 8/12/2013 5:01:54 PM - Installed Windows Media Player 11
RP23: 8/12/2013 5:02:19 PM - Software Distribution Service 3.0
RP24: 8/12/2013 5:44:37 PM - Software Distribution Service 3.0
RP25: 8/13/2013 9:04:05 PM - System Checkpoint
RP26: 8/15/2013 6:37:49 PM - Software Distribution Service 3.0
RP27: 8/15/2013 8:18:21 PM - Software Distribution Service 3.0
RP28: 8/16/2013 11:26:42 PM - Removed Sonic DLA
RP29: 8/17/2013 12:44:34 PM - Software Distribution Service 3.0
RP30: 8/17/2013 12:59:16 PM - Software Distribution Service 3.0
RP31: 8/18/2013 8:52:42 PM - System Checkpoint
RP32: 8/21/2013 12:34:56 PM - Software Distribution Service 3.0
RP33: 8/22/2013 7:57:21 PM - Software Distribution Service 3.0
RP34: 8/23/2013 9:02:26 PM - System Checkpoint
RP35: 8/24/2013 2:02:18 PM - Software Distribution Service 3.0
RP36: 8/27/2013 12:41:09 PM - Software Distribution Service 3.0
RP37: 8/27/2013 2:34:43 PM - Software Distribution Service 3.0
RP38: 8/30/2013 11:31:21 AM - Software Distribution Service 3.0
RP39: 9/8/2013 10:57:11 AM - Software Distribution Service 3.0
RP40: 9/8/2013 11:03:09 AM - Software Distribution Service 3.0
RP41: 9/13/2013 2:29:14 PM - System Checkpoint
RP42: 9/14/2013 8:46:49 PM - Software Distribution Service 3.0
RP43: 9/15/2013 2:52:51 PM - Software Distribution Service 3.0
RP44: 9/17/2013 12:13:41 PM - Software Distribution Service 3.0
RP45: 9/18/2013 2:00:38 PM - Software Distribution Service 3.0
RP46: 9/18/2013 5:20:07 PM - Software Distribution Service 3.0
RP47: 9/18/2013 6:49:49 PM - avast! Free Antivirus Setup
RP48: 9/20/2013 1:34:56 PM - Software Distribution Service 3.0
RP49: 9/21/2013 11:03:47 AM - Restore Operation
RP50: 9/21/2013 4:34:59 PM - Software Distribution Service 3.0
RP51: 9/23/2013 7:54:33 PM - Software Distribution Service 3.0
RP52: 9/23/2013 10:33:59 PM - Removed Java 7 Update 25
RP53: 9/23/2013 10:34:31 PM - Installed Java 7 Update 40
RP54: 9/23/2013 10:39:24 PM - Installed QuickTime
RP55: 9/26/2013 2:27:13 PM - Software Distribution Service 3.0
RP56: 9/28/2013 4:45:08 PM - Software Distribution Service 3.0
RP57: 9/30/2013 12:37:30 PM - Software Distribution Service 3.0
RP58: 10/2/2013 3:03:45 PM - Software Distribution Service 3.0
RP59: 10/3/2013 3:42:51 PM - Software Distribution Service 3.0
RP60: 10/3/2013 4:14:02 PM - Installed Windows XP KB932716-v2.
RP61: 10/4/2013 8:34:35 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8)
Agere Systems HDA Modem
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
avast! Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C4700
Codec
Compatibility Pack for the 2007 Office system
Destinations
DeviceDiscovery
Google Chrome
Google Update Helper
GoToMeeting 5.4.0.1082
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 14.0
HP Officejet 4620 series Basic Device Software
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Solution Center 14.0
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Java 7 Update 40
Java Auto Updater
JavaFX 2.1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SolutionCenter
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Status
T-Mobile Connection Manager
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/2/2013 3:10:41 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AswRdr aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tcpipBM
10/2/2013 3:10:41 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
10/2/2013 3:10:41 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/2/2013 3:10:41 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/2/2013 3:10:41 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/2/2013 3:09:51 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/2/2013 3:09:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/2/2013 3:09:31 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/2/2013 12:06:08 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1046.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10/2/2013 12:05:59 PM, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B7730EE13.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/2/2013 12:00:00 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/2/2013 1:50:31 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1046.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
10/1/2013 9:04:10 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1046.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
.
==== End Of File ===========================
Here is the other if I understood you properly.
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.40.2
Run by Chris at 21:42:10 on 2013-10-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.288 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\Codec.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS2\System32\alg.exe
C:\WINDOWS2\system32\igfxtray.exe
C:\WINDOWS2\system32\hkcmd.exe
C:\WINDOWS2\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\mcserver.exe
C:\WINDOWS2\system32\igfxsrvc.exe
C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\dbus-daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS2\system32\wbem\wmiprvse.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
C:\WINDOWS2\system32\svchost.exe -k NetworkService
C:\WINDOWS2\system32\svchost.exe -k LocalService
C:\WINDOWS2\system32\svchost.exe -k LocalService
C:\WINDOWS2\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS2\system32\svchost.exe -k HPService
C:\WINDOWS2\System32\svchost.exe -k HPZ12
C:\WINDOWS2\System32\svchost.exe -k HPZ12
C:\WINDOWS2\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.searchbrowsing.com
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows2\system32\hkcmd.exe
mRun: [Persistence] c:\windows2\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mctlsvc.lnk - c:\program files\t-mobile\t-mobile connection manager\bin\mcserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376169384968
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 68.87.74.162 68.87.68.162 192.168.1.1
TCP: Interfaces\{82A6B315-7DBA-404C-862A-FAB6F49E0E7D} : DHCPNameServer = 68.87.74.162 68.87.68.162 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows2\system32\drivers\aswRvrt.sys [2013-9-18 49376]
R0 aswVmm;aswVmm;c:\windows2\system32\drivers\aswVmm.sys [2013-9-18 177864]
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows2\system32\drivers\BMLoad.sys [2012-10-13 13184]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows2\system32\drivers\MpFilter.sys [2012-3-20 211560]
R1 aswSnx;aswSnx;c:\windows2\system32\drivers\aswSnx.sys [2013-9-18 770344]
R1 aswSP;aswSP;c:\windows2\system32\drivers\aswSP.sys [2013-9-18 369584]
R2 aswFsBlk;aswFsBlk;c:\windows2\system32\drivers\aswFsBlk.sys [2013-9-18 29816]
R2 aswMonFlt;aswMonFlt;c:\windows2\system32\drivers\aswMonFlt.sys [2013-9-18 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-18 46808]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
S0 cerc6;cerc6; [x]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 t_mobile_zte_cdc_acm;T-Mobile webConnect CDC-ACM driver;c:\windows2\system32\drivers\t_mobile_zte_cdc_acm.sys [2011-12-17 66432]
S3 t_mobile_zte_cdc_ecm;t_mobile_zte_cdc_ecm;c:\windows2\system32\drivers\t_mobile_zte_cdc_ecm.sys [2011-12-17 32768]
S3 t_mobile_zte_cpo;T-Mobile webConnect Install;c:\windows2\system32\drivers\t_mobile_zte_cpo.sys [2011-12-17 9984]
S3 t_mobile_zte_ecm_enum;T-Mobile webConnect DC Enumerator;c:\windows2\system32\drivers\t_mobile_zte_ecm_enum.sys [2011-12-17 44800]
S3 t_mobile_zte_ecm_enum_filter;t_mobile_zte_ecm_enum_filter;c:\windows2\system32\drivers\t_mobile_zte_ecm_enum_filter.sys [2011-12-17 44800]
.
=============== Created Last 30 ================
.
2013-10-05 00:34:41 7328304 ----a-w- c:\documents and settings\all users.windows2\application data\microsoft\microsoft antimalware\definition updates\{d6fa4ab2-363b-4e93-b203-0ba730ba64b1}\mpengine.dll
2013-10-03 20:12:57 62976 -c----w- c:\windows2\system32\dllcache\cdrom.sys
2013-10-03 20:12:57 465920 -c----w- c:\windows2\system32\dllcache\imapi2fs.dll
2013-10-03 20:12:57 465920 ------w- c:\windows2\system32\imapi2fs.dll
2013-10-03 20:12:56 317952 -c----w- c:\windows2\system32\dllcache\imapi2.dll
2013-10-03 20:12:56 317952 ------w- c:\windows2\system32\imapi2.dll
2013-10-03 19:57:49 -------- d-----w- C:\cd0bea8d604bbb3b5da22c3791bd
2013-10-03 19:43:01 7328304 ------w- c:\documents and settings\all users.windows2\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-24 02:40:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-09-24 02:40:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-09-24 02:40:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-09-24 02:40:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-09-24 02:40:35 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-09-24 02:35:02 144896 ----a-w- c:\windows2\system32\javacpl.cpl
2013-09-24 02:34:55 94632 ----a-w- c:\windows2\system32\WindowsAccessBridge.dll
2013-09-20 17:39:50 3723656 ----a-w- c:\windows2\system32\FlashPlayerInstaller.exe
2013-09-18 22:50:36 770344 ----a-w- c:\windows2\system32\drivers\aswSnx.sys
2013-09-18 22:50:35 49376 ----a-w- c:\windows2\system32\drivers\aswRvrt.sys
2013-09-18 22:50:35 177864 ----a-w- c:\windows2\system32\drivers\aswVmm.sys
2013-09-18 22:50:34 66336 ----a-w- c:\windows2\system32\drivers\aswMonFlt.sys
2013-09-18 22:49:31 41664 ----a-w- c:\windows2\avastSS.scr
2013-09-18 22:49:31 35088 ----a-w- c:\windows2\system32\drivers\tap0901.sys
2013-09-15 23:29:37 -------- d-----w- c:\documents and settings\chris\application data\RealNetworks
2013-09-15 23:28:55 -------- d-----w- c:\program files\RealNetworks
2013-09-15 23:28:53 -------- d-----w- c:\documents and settings\all users.windows2\application data\RealNetworks
2013-09-15 23:28:38 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M  ====================
.
2013-09-24 02:34:36 868264 ----a-w- c:\windows2\system32\npDeployJava1.dll
2013-09-24 02:34:36 790440 ----a-w- c:\windows2\system32\deployJava1.dll
2013-09-20 17:44:56 692616 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
2013-09-20 17:42:48 71048 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:28:12 499712 ----a-w- c:\windows2\system32\msvcp71.dll
2013-09-15 23:28:12 348160 ----a-w- c:\windows2\system32\msvcr71.dll
2013-08-09 01:56:45 386560 ----a-w- c:\windows2\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows2\system32\wininet.dll
2013-08-08 06:05:59 43520 ------w- c:\windows2\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows2\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows2\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows2\system32\win32k.sys
2013-08-08 00:02:34 385024 ------w- c:\windows2\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows2\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows2\system32\wmvdecod.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows2\system32\usp10.dll
.
============= FINISH: 21:42:56.28 ===============
 

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 04 October 2013 - 08:49 PM



Hello pcpunk

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 05 October 2013 - 09:07 AM

So, what do you think of the pathway being found in the Defrag Report?

Here are the reports:

C:\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\Codec.exe->C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\Codec.exe.vir
C:\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\profile.ini->C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\profile.ini.vir
C:\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\runtime.dll->C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users.WINDOWS2\Application Data\Premium\Codec\runtime.dll.vir
C:\Program Files\Dynamo Media\Dynamo Toolbar\browserData.ini->C:\AdwCleaner\Quarantine\C\Program Files\Dynamo Media\Dynamo Toolbar\browserData.ini.vir
C:\Program Files\savings explorer\background.html->C:\AdwCleaner\Quarantine\C\Program Files\savings explorer\background.html.vir
C:\Program Files\savings explorer\Installer.log->C:\AdwCleaner\Quarantine\C\Program Files\savings explorer\Installer.log.vir
C:\Documents and Settings\Chris\Application Data\DriverCure\LogFile.txt->C:\AdwCleaner\Quarantine\C\Documents and Settings\Chris\Application Data\DriverCure\LogFile.txt.vir
C:\END->C:\AdwCleaner\Quarantine\C\END.vir
C:\Program Files\Mozilla Firefox\user.js->C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\user.js.vir
 
# AdwCleaner v3.006 - Report created 04/10/2013 at 22:17:35
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chris - CHRIS-1EC6C6A3C
# Running from : C:\Documents and Settings\Chris\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\user.js
Folder Found C:\Documents and Settings\All Users.WINDOWS2\Application Data\Ask
Folder Found C:\Documents and Settings\All Users.WINDOWS2\Application Data\PC Optimizer Pro
Folder Found C:\Documents and Settings\All Users.WINDOWS2\Application Data\Premium
Folder Found C:\Documents and Settings\Chris\Application Data\DriverCure
Folder Found C:\Program Files\Dynamo Media
Folder Found C:\Program Files\incredibar.com
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup 
Folder Found C:\Program Files\savings explorer
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\DynConIE
Key Found : HKCU\Software\IB Updater
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\incredibar.com
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS2\system32\ARFC\wrtc.exe]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.searchbrowsing.com
 
-\\ Google Chrome v30.0.1599.66
 
[ File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7125 octets] - [04/10/2013 22:17:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7185 octets] ##########
 
# AdwCleaner v3.006 - Report created 04/10/2013 at 23:04:26
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chris - CHRIS-1EC6C6A3C
# Running from : C:\Documents and Settings\Chris\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v30.0.1599.66
 
[ File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7265 octets] - [04/10/2013 22:17:35]
AdwCleaner[R1].txt - [876 octets] - [04/10/2013 23:04:26]
AdwCleaner[S0].txt - [7424 octets] - [04/10/2013 22:25:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [995 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Chris on Fri 10/04/2013 at 22:46:51.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS2\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Chris\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\searchdonkey"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/04/2013 at 22:51:25.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 05 October 2013 - 12:59 PM


Hello pcpunk

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 05 October 2013 - 02:04 PM

Okay, I don't understand a lot of this stuff so when you say save to desktop I don't always know how to do this, unless it does it on it's own?

 

I did have trouble finding the files for AdWareCleaner at first because it was put into C:Drive.  I used the pathway you suggested but it did not work, perhaps I was not putting it in the right search area.  Should I have put into the "RUN" thingy? LOL. I don't know.  

 

I also had trouble turning off AVAST, I tried to do it by going to msconfig>startup>and then uncheck it but that did not work.  I finally went to the icon and turned it off.  What I did made the MSE icon come up on the bottom toolbar now, does that mean that is it running now?  

 

I also noticed that some other security devices were running in the "Services" dialog area?  Do I need to remove MSE if I am using AVAST, someone told me to fully remove it but my computer friend went to msconfig>startup>and unchecked it?  but now I don't even see it there?  Yes I am very new at all this but willing and eager.  

 

Also in "Startup" "Normal Startup is checked" is that right?

 

I am going to try and copy all the info. I need now and go home and run ComboFix now.

 

PS.  Computer runs fine right now but quite slow on starup and shutdown and sometimes during internet stuff even though I got 54Mbps connection.  Site with a lot of content ie: Facebook, Yahoo news, are slower than I feel they should be when running right.


Edited by pcpunk, 05 October 2013 - 02:14 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,739 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:06 PM

Posted 05 October 2013 - 06:16 PM

I have been here for two freaking hours trying to figure this crap out.  The lack of instructions sucks and the directions don't say  how long Recovery Console is supposed to take to load?  After two hours I quit.  Now the freaking instructions to manually download it suck!!!!  Am I downloading a service pack or will it say recovery console this is not clear?  Please go look at what you have to do and give me some decent instructions and I will do it.  Luckily everything still works well, I don't even know if I have a virus but I guess all this work will fix some of my issues anyhow.  I saw a lot of junk that was nice to get off my pc.  

 

Another thing I wanted to mention is that I am running XP Home edition but the computer came with XP Professional.  The original OS crashed from infection or something, so my friend installed the home edition in 2010.  

 

I won't be back tonight but tomorrow I will start back up.  I will try and do this stuff later in the evening also as you said that is when you are available.


Edited by pcpunk, 05 October 2013 - 06:59 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:06 PM

Posted 05 October 2013 - 09:09 PM

Hello PCPunk

Okay, I don't understand a lot of this stuff so when you say save to desktop I don't always know how to do this, unless it does it on it's own?

In my instructions I have to assume you have some computer knowledge of your system because if I was to put down every possible scenario for every possible browser on different type of windows the instructions would be even more confusing and very very long.

I ask you to save the files to the desktop so it will be easier for you later to cleanup our tools or I may ask you to rerun a program

Also if there is something you don't understand just come back and let me know - I took some extra time today to spend with my kids but I am normally online more



When you are asked to download a file in IE it asks you if you want to save run or cancel - if you choose save you can choose where you want it to be saved to.


and no the recovery console does not take that long - ten min tops so if it takes longer than that cancel it and restart the computer and try ONCE more - if it still has trouble then skip that part


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users