Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected!


  • This topic is locked This topic is locked
45 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 11:49 AM

I got infected and now my laptop won't access the internet and the bottom toolbar won't come up including the start button.  I ran an avast free antivirus and MS malicious software removal tool but no luck.  I did a full scan with both and tried to do a boot time scan on the avast but it did not work.  I tried system restore but can not access the "Help" section.  I tried "Safe mode with Networking" but that did not work either.  I tried doing all these scans in safe mode also.  Please tell me what is my best course of action.  I am at the public library so it might take me a bit to get back with you.  Thanks Chris.

 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 13 February 2014 - 01:02 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 02:13 PM

I can't get online? can I do this by downloading onto a usb then plug into my pc?  Even then I am not sure it will function 

 

I have downloaded all these to a usb and will try to run them tonight!


Edited by pcpunk, 13 February 2014 - 02:46 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 13 February 2014 - 02:51 PM

OK...


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 03:24 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Chris (administrator) on 13-02-2014 at 15:01:46
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

WARNING: Could not obtain host information from machine: [CHRIS-1EC6C6A3C]. Some commands may not be available.
The RPC server is unavailable.

 

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration        Host Name . . . . . . . . . . . . : chris-1ec6c6a3c        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Broadcast        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller        Physical Address. . . . . . . . . : 00-17-A4-E6-F5-B9Ethernet adapter Wireless Network Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection        Physical Address. . . . . . . . . : 00-1B-77-30-EE-13Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 a4 e6 f5 b9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x10004 ...00 1b 77 30 ee 13 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
  255.255.255.255  255.255.255.255  255.255.255.255               2   1
  255.255.255.255  255.255.255.255  255.255.255.255           10004   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS2\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Event Log service is starting.
The Event Log service could not be started.

A system error has occurred.

System error 126 has occurred.

The specified module could not be found.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe AIR (Version: 4.0.0.1390)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: 3.6)
avast! Free Antivirus (Version: 9.0.2013)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.04)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
Citrix Online Launcher (Version: 1.0.168)
Codec (Version: 1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Printer Software Uninstall
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (Version: 6.0.0.1259)
GPBaseService2 (Version: 140.0.211.000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 4620 series Basic Device Software (Version: 28.0.1315.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.80.000)
SolutionCenter (Version: 140.0.213.000)
Sonic MyDVD (Version: 5.3.0)
Sonic RecordNow! (Version: 7.3)
Sonic Update Manager (Version: 2.9)
SoundMAX (Version: 5.10.01.5210)
Status (Version: 140.0.212.000)
T-Mobile Connection Manager (Version: 1.0.0.3)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)

=========================
Windows Management Instrumentation service is not running. Could not scan devices
=========================

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 1015.36 MB
Available physical RAM: 726.18 MB
Total Pagefile: 2442.24 MB
Available Pagefile: 2259.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:44.31 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.88 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator            Chris                    Guest                   
HelpAssistant            SUPPORT_388945a0        

**** End of log ****

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Chris (administrator) on 13-02-2014 at 15:01:46
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
::1       localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

WARNING: Could not obtain host information from machine: [CHRIS-1EC6C6A3C]. Some commands may not be available.
The RPC server is unavailable.

 

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : chris-1ec6c6a3c

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-17-A4-E6-F5-B9

 

Ethernet adapter Wireless Network Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

        Physical Address. . . . . . . . . : 00-1B-77-30-EE-13

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 a4 e6 f5 b9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x10004 ...00 1b 77 30 ee 13 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
  255.255.255.255  255.255.255.255  255.255.255.255               2   1
  255.255.255.255  255.255.255.255  255.255.255.255           10004   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS2\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Event Log service is starting.
The Event Log service could not be started.

A system error has occurred.

System error 126 has occurred.

The specified module could not be found.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe AIR (Version: 4.0.0.1390)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: 3.6)
avast! Free Antivirus (Version: 9.0.2013)
Broadcom 440x 10/100 Integrated Controller (Version: 8.06.04)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
Citrix Online Launcher (Version: 1.0.168)
Codec (Version: 1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Printer Software Uninstall
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
Google Chrome (Version: 32.0.1700.107)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (Version: 6.0.0.1259)
GPBaseService2 (Version: 140.0.211.000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 4620 series Basic Device Software (Version: 28.0.1315.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HPProductAssistant (Version: 140.0.212.000)
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.74.80.86)
QuickTransfer (Version: 140.0.98.000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 140.0.80.000)
SolutionCenter (Version: 140.0.213.000)
Sonic MyDVD (Version: 5.3.0)
Sonic RecordNow! (Version: 7.3)
Sonic Update Manager (Version: 2.9)
SoundMAX (Version: 5.10.01.5210)
Status (Version: 140.0.212.000)
T-Mobile Connection Manager (Version: 1.0.0.3)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)

=========================
Windows Management Instrumentation service is not running. Could not scan devices
=========================

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 1015.36 MB
Available physical RAM: 726.18 MB
Total Pagefile: 2442.24 MB
Available Pagefile: 2259.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:44.31 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.88 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator            Chris                    Guest                   
HelpAssistant            SUPPORT_388945a0        

**** End of log ****

 

Farbar Service Scanner Version: 02-02-2014
Ran by Chris (administrator) on 13-02-2014 at 14:58:17
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS2\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS2\system32\es.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\System32\cryptsvc.dll".

Windows Autoupdate Disabled Policy:
============================

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs: "%SystemRoot%\system32\svchost.exe -k rpcss".
The ServiceDll of RpcSs service is OK.

Other Services:
==============

File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\WINDOWS2\system32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) tcpipBM(10)
0x090000000500000001000000020000000300000004000000080000000A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 avast! Free Antivirus   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1   
 Java 7 Update 51 
 Adobe Flash Player  12.0.0.44 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (26.0)
 Google Chrome 32.0.1700.102 
 Google Chrome 32.0.1700.107 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````
 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 03:26 PM

I am having trouble running mbam and don't have a screen capture so I will right down the error message.  It seems it is not an updated version? and I am not able to access the internet.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 03:42 PM

mbam problem: Run-time Error '372'

Failed to load control 'vbalGrid' from vbalsgred6.ocx  Your version of vbalsgred.ocx may be outdated.  Make sure you are using the version of the control that was provided with your application.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 13 February 2014 - 03:43 PM

To manually update MBAM, download this file: http://data.mbamupdates.com/tools/mbam-rules.exe
Double click on downloaded file to update the program.
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 13 February 2014 - 04:00 PM

Okay I did that, then went to my laptop and ran it but the same error is coming up.  I am at a library so that might be the issue but it seems to be downloading to my usb and then Runs when I put it to my laptop? 

 

Okay, this might be the issue:  I took it to my laptop then clicked on it, is that right.  Or should I have clicked on it while in the good computer at the library?  I tried the later and it would not let me do so, library computer locked to this type of action.


Edited by pcpunk, 13 February 2014 - 04:02 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 13 February 2014 - 04:35 PM

Try this one...

 

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Click on "Preferences" button.
  • Click the "Scanning Control" tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
  • Click Close to exit the program.


Post SUPERAntiSpyware log.
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 14 February 2014 - 01:44 PM

Okay I will do this on Monday or Tuesday, busy working till then.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 14 February 2014 - 01:45 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 15 February 2014 - 03:19 PM

Broni, is it safe to update mbam to my usb at work, and is it even possible to do it this way or does it need to be saved to a computer?  Otherwise I will just try the other tool you advised me too.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:44 PM

Posted 15 February 2014 - 03:36 PM

MBAM won't run from USB. It has to be installed.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 6,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:44 PM

Posted 16 February 2014 - 04:28 PM

Broni, should I run Malwarebytes Antirootkit now or post the Superantispyware logs first?


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users