Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

homepages hijacked


  • Please log in to reply
19 replies to this topic

#16 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:00 PM

Posted 21 November 2013 - 02:48 PM

Just a bit more help -

 

 

If all else fails here is an On-site - How To Tutorial
How to Copy and Paste - Tutorial

 

 

Thank You -



BC AdBot (Login to Remove)

 


#17 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:00 AM

Posted 21 November 2013 - 09:24 PM

Hi,
Okay this works! It's weird that I can copy but not paste. I've tried it numerous times. I can only think it may have to do with whatever my system has wrong. I send the Mini dump and Rkill results. I ran anti-malewarebytes and it came up zero problems. However HijackThis showed stuff. I can send it alonf if you need it. Thanks again for your patience.


MiniToolBox by Farbar Version: 13-07-2013
Ran by bob (administrator) on 19-11-2013 at 13:12:33
Running from "C:\Documents and Settings\bob\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com

There are 15058 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=NONE
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : bobalu

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : dslextreme.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : dslextreme.com

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-BC-83-01

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.1.1

DHCP Server . . . . . . . . . . . : 10.0.1.1

DNS Servers . . . . . . . . . . . : 10.0.1.1

Lease Obtained. . . . . . . . . . : Tuesday, November 19, 2013 12:49:29 PM

Lease Expires . . . . . . . . . . : Wednesday, November 20, 2013 12:49:29 PM

Server: UnKnown
Address: 10.0.1.1

Name: google.com
Addresses: 74.125.224.78, 74.125.224.64, 74.125.224.65, 74.125.224.66
74.125.224.67, 74.125.224.68, 74.125.224.69, 74.125.224.70, 74.125.224.71
74.125.224.72, 74.125.224.73



Pinging google.com [74.125.224.78] with 32 bytes of data:



Reply from 74.125.224.78: bytes=32 time=47ms TTL=58

Reply from 74.125.224.78: bytes=32 time=11ms TTL=58



Ping statistics for 74.125.224.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 47ms, Average = 29ms

Server: UnKnown
Address: 10.0.1.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=121ms TTL=50

Reply from 206.190.36.45: bytes=32 time=171ms TTL=50



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 121ms, Maximum = 171ms, Average = 146ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f bc 83 01 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.2 30
10.0.1.0 255.255.255.0 10.0.1.2 10.0.1.2 30
10.0.1.2 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.1.2 10.0.1.2 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.1.2 10.0.1.2 30
255.255.255.255 255.255.255.255 10.0.1.2 10.0.1.2 1
Default Gateway: 10.0.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.161.2244.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/19/2013 01:00:31 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.161.2244.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 01:00:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1290" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\qmgr.dll,-1000 service failed to start due to the following error:
%%1290

Error: (11/19/2013 00:49:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
ACDSee Classic
Adobe Flash Player 11 ActiveX (Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AI RoboForm
AirPort (Version: 5.5.3.2)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
AusLogics Disk Defrag (Version: version 1.4)
Belarc Advisor 7.2
Bonjour (Version: 2.0.5.0)
Bonjour Print Services (Version: 2.0.2.0)
CCleaner (Version: 3.27)
Comodo BackUp (Version: 1.0.4.337)
COMODO Firewall Pro (Version: 3.0.25.378)
Corel Business Applications
Corel Photo Album 6 (Version: 6.31)
Creative Audio Console
Creative MediaSource (Version: 3.00)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 3.0.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2094)
Dell Support Center (Support Software) (Version: 2.2.08100)
Dell System Restore (Version: 2.00.0000)
DellConnect (Version: 1.00.522)
DeviceDiscovery (Version: 120.0.194.000)
DFX for Windows Media Player (Version: 8.501.0.0)
DMUninstaller
Dropbox (Version: 2.0.22)
ELIcon (Version: 1.00.0000)
EMET (Tech Preview) (Version: 3.5.0)
ERUNT 1.1j
Final Draft 5
Final Draft 7 (Version: 7.1.1.19)
Google Chrome (Version: 24.0.1312.57)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HD Tune 2.54
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
IE New Window Maximizer 2.4
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Internet Explorer (Enable DEP)
iPhone Configuration Utility (Version: 2.1.0.163)
iTunes (Version: 10.1.1.4)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
jv16 PowerTools 1.3
Logitech Updater (Version: 1.70)
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.0 (Version: 2.0.5029.2)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0090)
Microsoft IntelliPoint 4.1 (Version: 4.10.0851)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel (Version: 2.6.0.29)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Move Networks Media Player for Internet Explorer
Movie Magic Screenwriter Demo (Version: 4.6.05)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSN
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nitro Reader 3 (Version: 3.5.2.10)
NTREGOPT 1.1j
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
overland (Version: 2.1.5)
PDF Download for Internet Explorer (Version: 3.0.0)
Photo Loader 2.3E
PowerDVD 5.9
Qualxserve Service Agreement (Version: 1.11.0000)
QuickTime (Version: 7.73.80.64)
Recuva (remove only)
RegSupreme 1.3
Revo Uninstaller 1.89 (Version: 1.89)
SanDiskSecureAccess_Manager.exe (Version: 1.1.19269)
Skype™ 5.8 (Version: 5.8.156)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic Audio module (Version: 2.0.0.1)
Sonic DLA (Version: 4.98)
Sonic Encoders (Version: 1.00)
Sonic RecordNow Data (Version: 2.0.0.1)
Sonic RecordNow! (Version: 7.3)
Sound Blaster for Media Center
Sound Blaster X-Fi (Version: 1.0)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 120.0.194.000)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.3.13.0)
TrayApp (Version: 120.0.194.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
User Profile Hive Cleanup Service (Version: 1.6.36)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VoptXP v7.22
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Webshots Desktop
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Backup Utility (Version: 5.1)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol 2007 (Version: 14.0.2007.1)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinZip (Version: 9.0 SR-1 (6224))
WordWeb (Version: 6)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2046.07 MB
Available physical RAM: 1521.59 MB
Total Pagefile: 3938.81 MB
Available Pagefile: 3486.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:227.87 GB) (Free:202.09 GB) NTFS

========================= Users: ========================================

User accounts for \\BOBALU

Administrator bob Guest
HelpAssistant marie SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/20/2013 02:55:01 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

* AFD (AFD) is not Running.
Startup Type set to: System

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* AFD (AFD) is not Running.
Startup Type set to: System

* IPSEC driver (IPSec) is not Running.
Startup Type set to: System

* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System

* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System

* MSDTC [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 03:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys : 72,960 : 07/06/2007 01:52 AM : d92fce6729ee150a15a7cdbc433f390e [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 03:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB937894$\mqac.sys : 72,960 : 08/10/2004 03:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 07/06/2007 02:05 AM : 157a32ddc6a019a4e31b19d604d2f127 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 10:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 03:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 wazzupnet.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 www.gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.kabex.com
127.0.0.1 hityou.com

20 out of 15078 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/20/2013 02:57:47 PM
Execution time: 0 hours(s), 2 minute(s), and 46 seconds(s)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#18 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:00 AM

Posted 21 November 2013 - 09:27 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#19 bobalu4u

bobalu4u
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 22 November 2013 - 03:47 PM

Hey Boopme...I did the Farbar Service scan and again when I copy from Notepad I can't get it to paste here. Drivin' me nuts!!! I've got to figure that "do searches", which is still on my computer might have something to do with it? How do I get the log to you? PM again? Thanks.



#20 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:00 AM

Posted 22 November 2013 - 05:05 PM

Yes PM it.. must be the malware..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users