Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack Infection


  • Please log in to reply
19 replies to this topic

#1 hunnybunny

hunnybunny

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 January 2014 - 03:52 PM

Re: http://www.bleepingcomputer.com/forums/t/520483/what-is-luckshopscom/

luckshops and shopingkicks is showing up in FF and IE sends me to Yahoo.
 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 18 January 2014 - 04:27 PM

Hi -

Looks like you still have me to deal with (for now) - :)

We will have a quick look at some programs, and try a few uninstallers.

There are more of these types of programs being released every day, and often the Uninstall methods given will not work.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop to run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Next -

If this is already installed, please Update and run a Full Scan

 

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Next - (this is the longest - 2 hours or more is not unexpected)

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer

Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.
3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

3.1 - / Click on This Link to download the External ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer.

Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thanks -



#3 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 January 2014 - 04:37 PM

..and here we are again :wink:

 

Thx for the instructions, I'll go thru the steps when I get home.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 18 January 2014 - 05:49 PM

Will be waiting whenever you have time.

 

Sorry these things can not be fixed with one click (would be better)

 

Regards -



#5 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 January 2014 - 07:19 PM

Will be waiting whenever you have time.

 

Sorry these things can not be fixed with one click (would be better)

 

Regards -

Didn't expect a quick fix by any means but if ESET can take up to 2 hrs, I won't be able to get through the entire process tonight so will work through it tomorrow when I have some uninterrupted time.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 18 January 2014 - 08:36 PM

Please do it at your own speed, as we do not design these, just advise on usage.

 

Thank You -



#7 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 19 January 2014 - 06:58 PM

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.9.900.170  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Sharon (administrator) on 19-01-2014 at 14:37:22
Running from "C:\Documents and Settings\Sharon\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2014 04:58:28 PM) (Source: Application Error) (User: )
Description: Faulting application logitechupdate.exe, version 2.22.6.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
Processing media-specific event for [logitechupdate.exe!ws!]

Error: (01/18/2014 10:02:09 AM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault address 0x0000c010.

Error: (01/18/2014 10:02:00 AM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault address 0x0000c010.

Error: (01/18/2014 10:01:41 AM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault address 0x0000c010.

Error: (01/18/2014 10:01:27 AM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault address 0x0000c010.

Error: (01/18/2014 10:01:18 AM) (Source: Microsoft Office 11) (User: )
Description: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault address 0x0000c010.

Error: (01/11/2014 02:36:40 PM) (Source: Application Error) (User: )
Description: Faulting application logitechupdate.exe, version 2.22.6.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
Processing media-specific event for [logitechupdate.exe!ws!]

Error: (01/11/2014 04:12:24 AM) (Source: Application Error) (User: )
Description: Faulting application logitechupdate.exe, version 2.22.6.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
Processing media-specific event for [logitechupdate.exe!ws!]

Error: (01/09/2014 05:29:39 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/09/2014 08:23:30 AM) (Source: Application Error) (User: )
Description: Faulting application logitechupdate.exe, version 2.22.6.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
Processing media-specific event for [logitechupdate.exe!ws!]


System errors:
=============
Error: (01/19/2014 01:53:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (01/19/2014 01:53:45 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3

Error: (01/19/2014 01:53:21 PM) (Source: Dhcp) (User: )
Description: The IP address lease 154.20.158.178 for the Network Card with network address 001E0BA221B9 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (01/19/2014 07:55:02 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (01/19/2014 05:52:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (01/19/2014 05:52:38 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3

Error: (01/19/2014 05:52:08 AM) (Source: Dhcp) (User: )
Description: The IP address lease 205.250.100.244 for the Network Card with network address 001E0BA221B9 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (01/18/2014 09:42:22 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 00000000, parameter3 a58decd8, parameter4 00000000.

Error: (01/18/2014 04:56:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (01/18/2014 04:56:35 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (01/18/2014 04:58:28 PM) (Source: Application Error)(User: )
Description: logitechupdate.exe2.22.6.0ntdll.dll5.1.2600.352000018af2

Error: (01/18/2014 10:02:09 AM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8217.0480f95d9outlph.dll11.0.8202.04742046000000c010

Error: (01/18/2014 10:02:00 AM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8217.0480f95d9outlph.dll11.0.8202.04742046000000c010

Error: (01/18/2014 10:01:41 AM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8217.0480f95d9outlph.dll11.0.8202.04742046000000c010

Error: (01/18/2014 10:01:27 AM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8217.0480f95d9outlph.dll11.0.8202.04742046000000c010

Error: (01/18/2014 10:01:18 AM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8217.0480f95d9outlph.dll11.0.8202.04742046000000c010

Error: (01/11/2014 02:36:40 PM) (Source: Application Error)(User: )
Description: logitechupdate.exe2.22.6.0ntdll.dll5.1.2600.352000018af2

Error: (01/11/2014 04:12:24 AM) (Source: Application Error)(User: )
Description: logitechupdate.exe2.22.6.0ntdll.dll5.1.2600.352000018af2

Error: (01/09/2014 05:29:39 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1hungapp0.0.0.000000000

Error: (01/09/2014 08:23:30 AM) (Source: Application Error)(User: )
Description: logitechupdate.exe2.22.6.0ntdll.dll5.1.2600.352000018af2


=========================== Installed Programs ============================

Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Bullzip PDF Printer 10.1.0.1871 (Version: 10.1.0.1871)
CameraHelperMsi (Version: 13.51.815.0)
CCleaner (Version: 4.07)
COMODO Internet Security (Version: 5.0.32580.1142)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
erLT (Version: 1.20.138.34)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes (Version: 11.0.1.12)
LG Bluetooth Drivers (Version: 1.1)
LG United Mobile Drivers (Version: 3.8.1)
Logitech Webcam Software (Version: 2.51)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.51.827.0)
LWS Help_main (Version: 13.51.828.0)
LWS Launcher (Version: 13.51.828.0)
LWS Motion Detection (Version: 13.51.815.0)
LWS Pictures And Video (Version: 13.51.815.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Webcam Software (Version: 13.51.815.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MSXML4SP2 (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF-Viewer (Version: 2.5.200.0)
Protected Toolbar for IE (Version: 6.17.2.8)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
Skype™ 6.1 (Version: 6.1.129)
Soap 3.0 Toolkit (Version: 1.00.0000)
SpywareBlaster 5.0 (Version: 5.0.0)
SUPERAntiSpyware (Version: 5.0.1134)
TELUS eProtect Advisor 1.5.12 (Version: 1.5.12)
TELUS Wireless Connection Manager
TurboTax 2012 (Version: 1.00.0000)
UFile 2011 (Version: 15.20.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB896727) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB900485) (Version: 2)
Update for Windows XP (KB904942) (Version: 2)
Update for Windows XP (KB908531) (Version: 2)
Update for Windows XP (KB910437) (Version: 1)
Update for Windows XP (KB911280) (Version: 2)
Update for Windows XP (KB916595) (Version: 1)
Update for Windows XP (KB920342) (Version: 1)
Update for Windows XP (KB920872) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Update for Windows XP (KB925720) (Version: 1)
Update for Windows XP (KB925876) (Version: 1)
Update for Windows XP (KB925877) (Version: 1)
Update for Windows XP (KB927891) (Version: 3)
Update for Windows XP (KB930916) (Version: 1)
Update for Windows XP (KB931836) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB938828) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 7 Multilingual User Interface (MUI) (Version: 20071019.120000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Messenger 5.1 (Version: 5.1.0701)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Hotfix - KB873333 (Version: 20050114.005213)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890175 (Version: 20041201.233338)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Hotfix - KB893086 (Version: 1)
XML Paper Specification Shared Components Pack 1.0
XnView 2.00 (Version: 2.00)

========================= Devices: ================================

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2002.23 MB
Available physical RAM: 1535.31 MB
Total Pagefile: 3894.66 MB
Available Pagefile: 3581.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.29 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.42 GB) (Free:53.85 GB) NTFS

========================= Users: ========================================

User accounts for \\SHARON-RAS

Administrator            ASPNET                   Guest                    
HelpAssistant            Sharon                   SUPPORT_388945a0         


**** End of log ****

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.19.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Sharon :: SHARON-RAS [administrator]

19/01/2014 2:39:24 PM
mbam-log-2014-01-19 (14-39-24).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 315505
Time elapsed: 30 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\NXTH6H2X\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi    a variant of Win32/PriceGong.A application    deleted - quarantined
C:\System Volume Information\_restore{170BF47B-8E16-4788-84CC-3E46B6624584}\RP1651\A2024010.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{170BF47B-8E16-4788-84CC-3E46B6624584}\RP1651\A2024012.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined

 



#8 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 19 January 2014 - 07:25 PM

After all scans, luckshop etc is still there. :-(

 

A Win32/ variant. I have to log off for the night now.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 19 January 2014 - 08:20 PM

Hi -

OK , this will be here for you whenever -

 

A few basic things first - Do you have Windows Updates turned on, or have you checked for a long while ?

Windows XP Service Pack 2 x86 Out of date service pack!!
The
Red writing at the top report has a link to show you how to install SP3.

 

 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!

Go - Start > Programs > Accessories > System Tools > Defragment, and let this run till Blue (it will be quite Red)

 

 

Please Tell Me If I Have Got This Next Bit Wrong - -

 

Unless you had Comodo installed and it has been Uninstalled, it is not listed except the Firewall

And I need to add that you have Comodo and Windows firewall both activated (only use one)

 

Your reports show there is no Antivirus installed -  None of these are Antivirus programs
SpywareBlaster  / SUPERAntiSpyware / Malwarebytes Anti-Malware / CCleaner / Comodo Firewall cfp.exe

TELUS eProtect Advisor is only an advising program and not Antivirus.

 

See below

 

Free Antivirus programs: (choose and install only one).
* avast! Free Antivirus <- includes Google Chrom pre-checked by default during installation but gives you the option to uncheck
* Microsoft Security Essentials <- includes the option to join the customer experience improvement program
* BitDefender Antivirus Free Edition
* Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation
* AVG Anti-Virus Free Edition <- includes AVG Security Toolbar - AVG Secure Search pre-checked by default during installation but gives you the option to uncheck

-- As noted above in red many anti-virus vendors are bundling toolbars and other software with their products. If pre-checked by default that means you need to uncheck that option during installation if you don't want it. This practice is now the most common revenue generator for free downloads by many legitimate vendors and is typically the reason for the pre-checked option.

 

 

At least these 2 minor problems are gone now.
Win32/PriceGong.A application
Win32/Bundled.Toolbar.Ask application

 

After all scans, luckshop etc is still there <= You do not mention if you did the ESET Scan.

 

To reset Home Page in Internet Explorer -

Open Internet Explorer > Click Tools along the top - If you do not see it then press the ALT key and it will show.

Go down to Internet Options > Under General can you reset your home page ?? Click Apply and OK.

 

 

Thank You -


Edited by noknojon, 19 January 2014 - 09:47 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 19 January 2014 - 09:13 PM

Well, I think I have found the better of several solutions for you.

Many of the procedures offered were worse than the infection / Adware -

 

Remove luckshops.com Do not Click on the button to start downloading the "recommended anti-malware tool", this is just Malwarebytes.
Remove shopingkicks.com Again the "Special Tool" is just Malwarebytes.

The only thing they have added is an avast-browser-cleanup that has been very recently released.

You can use that tool as listed and Reset your browser / home page(s).

I checked it all, and it was OK -



#11 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 19 January 2014 - 10:03 PM

my esetscan:

C:\Documents and Settings\Sharon\Local Settings\Temporary Internet Files\Content.IE5\NXTH6H2X\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi    a variant of Win32/PriceGong.A application    deleted - quarantined
C:\System Volume Information\_restore{170BF47B-8E16-4788-84CC-3E46B6624584}\RP1651\A2024010.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{170BF47B-8E16-4788-84CC-3E46B6624584}\RP1651\A2024012.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined

I was under the impression that Comodo was an AV when I was here having a separate problem a while back. I digress..No luck installing Avira - requires SP3. Have installed AVG. Should I keep the Comodo firewall or (?)

I've had issues installing SP3 but (will try again with link you've provided).

Will look through your posts again tomorrow / & thank you for the 'luckshop' removal links.
 



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 19 January 2014 - 11:29 PM

Please take your time and carefully read first, and then perform the steps.

 

I did rush a few bits to get you going as soon as I could.

Comodo can be one or both, Antivirus / Firewall or full suite of both components.

Since it is not listed in Antivirus as either Disabled, or Active, it is not there.

 

If I was you, I would just try and install  AVG Anti-Virus Free  for now (as it is simple) and remove Comodo for now.

Then you can only have the Windows Firewall Enabled.

All of these things can be changed later, but this is only to start you off.

 

"I've had issues installing SP3" <= I had noticed this in your Errors. => Windows is unable to connect to the automatic updates service and therefore cannot download and install updates

 

 

You may note that we do not only try to fix your listed problem, but we like to look at the system as a whole, and see if we can find other small problems (like your Defrag , Antivirus, updates and other problems)

So I am sorry if I drift off to other programs at times and do not just link "Run This"

 

As always, feel free to ask / post questions where you are not sure anywhere :) .

 

Thank You -



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:47 PM

Posted 21 January 2014 - 05:51 PM

Hello -

Not sure how you are going, but I discussed with a few others for more solutions

A few more things we have picked up along the way that will cause your problems.

 

NOTED -
RealDownloader (Version: 1.3.3)
 RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
 RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
 RealPlayer (Version: 16.0.3)
 RealUpgrade 1.1 (Version: 1.1.0)
 Always in XP....and always exacerbated if you are only running SP2 as the system is not yet ready
 

 

Now I would remove the TELUS products,

Run All in One Repair Tool..(http://www.tweaking.com/content/page/windows_repair_all_in_one.html) starting at step 4

.reg backup

and make sure....these boxes ticked...

 

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows FireWall
Repair Internet Explorer
Repair MDAV/MS Jet
Repair Hosts Files
Remove Policies Set By Infections
Repair Winsock & Dns Cache
Remove Temp Files
Repair Proxy Settings
Repair Windows Updates
Set Windows Services To Default Startup
Repair MSI (Windows Installer)

 

 

Thanks -



#14 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 21 January 2014 - 07:17 PM

Thanks for sticking with me. :)

I've had a sick child at home so I haven't been able to focus on much else. I have installed AVG, removed Comodo and activated the Windows firewall. I haven't been able to sort out the 'luckshop' issue but have been using StartPage for now.

Updating to SP3 is still an issue, but will post this in a separate thread of course. I rec'd a windows update today which may be the result of recent update attempt.

What are you suggesting I do with these:
RealDownloader (Version: 1.3.3)
 RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
 RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
 RealPlayer (Version: 16.0.3)
 RealUpgrade 1.1 (Version: 1.1.0)

 

Will remove the Telus products...

 



#15 hunnybunny

hunnybunny
  • Topic Starter

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 21 January 2014 - 10:11 PM

After running the all-in-one repair tool, I noticed that I should have disabled my AV.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users