Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam Being Sent from My IP Address


  • Please log in to reply
15 replies to this topic

#1 abstubbs

abstubbs

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 04 March 2014 - 12:55 PM

I received a phone call this morning from my ISP telling me that "major amounts" of emails were sent out yesterday morning using my IP address.  They were not sent from my email account.  My ISP is small town and I don't think they know how to help me, if they do - they're not telling me.  I've run scans on my computers using my antivirus software and they've found nothing.  I'm also not experiencing any noticable problems with my devices.

 

I need to find the problem, my ISP is threatening to cut me off if the emails continue.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 Chuck Devlin

Chuck Devlin

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 04 March 2014 - 01:32 PM

One thing you can try to make sure a previous infection didn't set up your computer as a Proxy Server.  Go to Control Panel ==> Internet Options ==> Connections ==> Lan Settings ==> Proxy Server (Make sure Proxy Server box is not ticked.  If it is untick it.)  If it is ticked, possibly a previous infection set up your computer as a Proxy Server so they can mass email thru your computer.  If not the issue, then need to continue to look.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:26 PM

Posted 04 March 2014 - 02:10 PM

Next Change your Email Password.
 
 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     

    .
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 04 March 2014 - 07:51 PM

Ok, I will follow the above directions and post results.  Do I need to do this for all (3) computers on my home network?



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:26 PM

Posted 04 March 2014 - 08:03 PM

Start with the main and lets see what comes back to determine the rest.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 04 March 2014 - 08:25 PM

MiniToolBox

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Administrator (administrator) on 04-03-2014 at 17:24:14
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1505 Draft 802.11n WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : laptop-8a33fb6

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-1D-09-B8-2A-96



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card

        Physical Address. . . . . . . . . : 00-1E-4C-78-47-83

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.102

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Tuesday, March 04, 2014 5:20:21 PM

        Lease Expires . . . . . . . . . . : Wednesday, March 05, 2014 5:20:21 PM

Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  173.194.33.32, 173.194.33.33, 173.194.33.34, 173.194.33.35
      173.194.33.36, 173.194.33.37, 173.194.33.38, 173.194.33.39, 173.194.33.40
      173.194.33.41, 173.194.33.46



Pinging google.com [173.194.33.46] with 32 bytes of data:



Reply from 173.194.33.46: bytes=32 time=12ms TTL=56

Reply from 173.194.33.46: bytes=32 time=17ms TTL=56



Ping statistics for 173.194.33.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 12ms, Maximum = 17ms, Average = 14ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=50ms TTL=52

Reply from 98.138.253.109: bytes=32 time=57ms TTL=52



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 50ms, Maximum = 57ms, Average = 53ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 b8 2a 96 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 1e 4c 78 47 83 ...... Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102      20
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102      20
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102      20
  255.255.255.255  255.255.255.255    192.168.1.102               2      1
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/12/2014 06:32:12 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (02/10/2014 00:45:11 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x100257d5.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/16/2014 07:39:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/16/2014 07:39:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/04/2014 04:07:22 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverKITCHENNetBT_Tcpip_{8E4188DE-DBDA-4D06-B

Error: (02/25/2014 06:47:59 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 001E4C784783.

Error: (02/23/2014 01:13:32 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/23/2014 01:09:58 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 001E4C784783.

Error: (02/18/2014 08:01:04 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{8E4188DE-DBDA-4D06-BA8C-58A6DB34198C} because another computer on the network has the same name.  The server could not start.

Error: (02/17/2014 08:08:40 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 001E4C784783.

Error: (02/15/2014 07:49:07 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.102 on the
Network Card with network address 001E4C784783.

Error: (02/13/2014 08:03:58 AM) (Source: 0) (User: )
Description: 192.168.1.10270:F1:A1:29:F4:AF

Error: (02/13/2014 08:03:38 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.109 for the Network Card with network address 001E4C784783 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/12/2014 07:01:45 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2045.97 MB
Available physical RAM: 1407.7 MB
Total Pagefile: 3938.74 MB
Available Pagefile: 3323.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.6 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:441.5 GB) NTFS
3 Drive e: (NIKON D3100) (Removable) (Total:3.69 GB) (Free:3.42 GB) FAT32

========================= Users: ========================================

User accounts for \\LAPTOP-8A33FB6

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         


**** End of log ****

 

AdwCleaner:

 

# AdwCleaner v3.020 - Report created 04/03/2014 at 17:17:50
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - LAPTOP-8A33FB6
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ec1v364.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [935 octets] - [04/03/2014 17:15:32]
AdwCleaner[S0].txt - [859 octets] - [04/03/2014 17:17:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [918 octets] ##########
 



#7 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 04 March 2014 - 08:34 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 03/04/2014 at 17:27:36.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 17:33:04.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:26 PM

Posted 04 March 2014 - 09:03 PM

Pretty clean,

 

You can run them on the others as they are quick.

 

You did change the email password? Is your router password protected?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 12:59 PM

All email passwords have been changed.  When you refer to router password, do you mean the default "admin" password?



#10 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 01:08 PM

PC-2 MiniToolBox:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Chente  Benavides (administrator) on 05-03-2014 at 10:05:28
Running from "C:\Documents and Settings\Chente  Benavides\Local Settings\Temporary Internet Files\Content.IE5\3C32BM4U"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

D-Link Xtreme N = Wireless Network Connection (Disconnected)
Intel® PRO/100 VE Network Connection = qwest Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "qwest Connection"

set address name="qwest Connection" source=dhcp
set dns name="qwest Connection" source=dhcp register=PRIMARY
set wins name="qwest Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : KITCHEN

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter qwest Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-11-11-22-F2-D5

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.2.105

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::211:11ff:fe22:f2d5%4

        Default Gateway . . . . . . . . . : 192.168.2.1

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

                                            fec0:0:0:ffff::1%1

                                            fec0:0:0:ffff::2%1

                                            fec0:0:0:ffff::3%1

        Lease Obtained. . . . . . . . . . : Tuesday, March 04, 2014 3:57:37 PM

        Lease Expires . . . . . . . . . . : Wednesday, March 05, 2014 3:57:37 PM

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

        Default Gateway . . . . . . . . . :

        NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter Automatic Tunneling Pseudo-Interface:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-02-69

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.105%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                            fec0:0:0:ffff::2%1

                                            fec0:0:0:ffff::3%1

        NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  173.194.33.68, 173.194.33.69, 173.194.33.70, 173.194.33.71
   173.194.33.72, 173.194.33.73, 173.194.33.78, 173.194.33.64, 173.194.33.65
   173.194.33.66, 173.194.33.67

 

Pinging google.com [173.194.33.67] with 32 bytes of data:

 

Reply from 173.194.33.67: bytes=32 time=10ms TTL=56

Reply from 173.194.33.67: bytes=32 time=9ms TTL=56

 

Ping statistics for 173.194.33.67:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 9ms, Maximum = 10ms, Average = 9ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=45ms TTL=54

Reply from 206.190.36.45: bytes=32 time=35ms TTL=54

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 35ms, Maximum = 45ms, Average = 40ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 22 f2 d5 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1   192.168.2.105   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.2.0    255.255.255.0    192.168.2.105   192.168.2.105   20
    192.168.2.105  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.2.255  255.255.255.255    192.168.2.105   192.168.2.105   20
        224.0.0.0        240.0.0.0    192.168.2.105   192.168.2.105   20
  255.255.255.255  255.255.255.255    192.168.2.105   192.168.2.105   1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/20/2014 01:39:03 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe . Error code = 0x80131047

Error: (02/14/2014 08:07:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (02/14/2014 08:07:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/30/2014 01:13:37 PM) (Source: Windows Live Mail) (User: )
Description: wlmail.exe14.0.8089.7264a6ce53dmsmail.dll14.0.8089.7264a6ce58f00021ccde

Error: (01/27/2014 05:49:19 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/18/2014 01:07:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/18/2014 01:07:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/18/2014 01:07:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/09/2014 03:52:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/15/2013 07:32:21 AM) (Source: Application Error) (User: )
Description: Faulting application _ise.exe, version 12.0.0.58849, faulting module _ise.exe, version 12.0.0.58849, fault address 0x0001e7b9.
Processing media-specific event for [_ise.exe!ws!]

System errors:
=============
Error: (01/29/2014 06:56:46 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverLAPTOP-8A33FB6NetBT_Tcpip_{8BCB5E93-84B6

Error: (01/09/2014 03:39:27 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (01/09/2014 03:39:27 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/09/2014 03:39:08 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (01/09/2014 03:39:08 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/09/2014 03:33:37 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (01/09/2014 03:33:37 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (01/09/2014 03:29:39 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (12/15/2013 09:22:52 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (12/15/2013 06:52:35 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Microsoft Office Sessions:
=========================
Error: (02/20/2014 01:39:03 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe . Error code = 0x80131047
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe

Error: (02/14/2014 08:07:20 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (02/14/2014 08:07:20 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/30/2014 01:13:37 PM) (Source: Windows Live Mail)(User: )
Description: wlmail.exe14.0.8089.7264a6ce53dmsmail.dll14.0.8089.7264a6ce58f00021ccde

Error: (01/27/2014 05:49:19 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/18/2014 01:07:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/18/2014 01:07:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/18/2014 01:07:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/09/2014 03:52:11 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/15/2013 07:32:21 AM) (Source: Application Error)(User: )
Description: _ise.exe12.0.0.58849_ise.exe12.0.0.588490001e7b9

=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
AVG 2014 (Version: 14.0.3705)
AVG 2014 (Version: 14.0.4335)
AVG 2014 (Version: 2014.0.4335)
Banctec Service Agreement (Version: 1.00.00)
Banctec Service Agreement (Version: 1.00.0005)
Brother MFL-Pro Suite (Version: 1.00.000)
CCleaner (Version: 3.19)
CDDRV_Installer (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DA920EN (Version: 1.0.0.0)
Dell Driver Download Manager (Version: 2.0.0.0)
Dell Media Experience
Dell Networking Guide (Version: 1.00.0001)
DIGOpt (Version: 9.0.0917.2)
DIRECTV Player (Version: 9.2)
D-Link DWA-552 Xtreme N Desktop Adapter (Version: 1.11b04)
Dropbox (Version: 2.4.11)
EarthLink MDAC (Version: 2003.2.92.0)
Help and Support Customization (Version: 1.00.0000)
HijackThis 2.0.2 (Version: 2.0.2)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
Internet Explorer Default Page (Version: 1.00.03)
iolo technologies' System Mechanic (Version: 12.5.0)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 18 (Version: 6.0.180)
Junk Mail filter update (Version: 14.0.8117.416)
KhalInstallWrapper (Version: 4.00.121)
Lexia Reading (Version: 9.0.0)
Logitech SetPoint (Version: 4.00)
Maxtor MaxBlast (Version: 10.0.5018)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Fix it Center (Version: 1.0.0090)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSSoap (Version: 2003.2.1.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton AntiSpam (Version: 2004.1.3.5)
Norton Internet Security (Version: 7.0.6.16)
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
PowerDVD 5.1
QuickBooks Remote Access
QuickTime (Version: 7.69.80.9)
RealPlayer
Segoe UI (Version: 14.0.4327.805)
Sonic DLA (Version: 4.90)
Sonic RecordNow! (Version: 7.10)
Sonic Update Manager (Version: 2.9)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.6513)
Windows Backup Utility (Version: 5.1)
Windows Defender Signatures (Version: 1.20.1459.12)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2302.98 MB
Available physical RAM: 1542.54 MB
Total Pagefile: 4453.73 MB
Available Pagefile: 3738.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.92 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:264.62 GB) (Free:204.39 GB) NTFS

========================= Users: ========================================

User accounts for \\KITCHEN

Administrator            ASPNET                   Chente  Benavides       
Guest                    HelpAssistant            SUPPORT_388945a0        
SUPPORT_3f151ab9        

**** End of log ****



#11 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 01:12 PM

PC-2 AdwCleaner:

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 10:09:28
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chente  Benavides - KITCHEN
# Running from : C:\Documents and Settings\Chente  Benavides\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Chente  Benavides\Application Data\Mozilla\Firefox\Profiles\gew631h1.default\user.js
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\Chente  Benavides\Application Data\Viewpoint

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Chente  Benavides\Application Data\Mozilla\Firefox\Profiles\gew631h1.default\prefs.js ]

Line Found : user_pref("aol_toolbar.surf.date", "4");
Line Found : user_pref("aol_toolbar.surf.lastDate", "29");
Line Found : user_pref("aol_toolbar.surf.lastMonth", "7");
Line Found : user_pref("aol_toolbar.surf.lastYear", "2009");
Line Found : user_pref("aol_toolbar.surf.month", "4");
Line Found : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Found : user_pref("aol_toolbar.surf.total", "4");
Line Found : user_pref("aol_toolbar.surf.week", "4");
Line Found : user_pref("aol_toolbar.surf.year", "4");
Line Found : user_pref("browser.search.defaultthis.engineName", "Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1414396&SearchSource=3&q=");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a25jeyns.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Chente  Benavides\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [4364 octets] - [05/03/2014 10:09:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4424 octets] ##########



#12 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 01:19 PM

PC-2 AdwCleaner (after reboot)

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 10:12:34
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Chente  Benavides - KITCHEN
# Running from : C:\Documents and Settings\Chente  Benavides\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Chente  Benavides\Application Data\Viewpoint
File Deleted : C:\Documents and Settings\Chente  Benavides\Application Data\Mozilla\Firefox\Profiles\gew631h1.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Chente  Benavides\Application Data\Mozilla\Firefox\Profiles\gew631h1.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.surf.date", "4");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "29");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "7");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2009");
Line Deleted : user_pref("aol_toolbar.surf.month", "4");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Deleted : user_pref("aol_toolbar.surf.total", "4");
Line Deleted : user_pref("aol_toolbar.surf.week", "4");
Line Deleted : user_pref("aol_toolbar.surf.year", "4");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1414396&SearchSource=3&q=");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a25jeyns.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Chente  Benavides\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [4504 octets] - [05/03/2014 10:09:28]
AdwCleaner[S0].txt - [4435 octets] - [05/03/2014 10:12:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4495 octets] ##########



#13 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 01:28 PM

PC-2 JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Chente  Benavides on Wed 03/05/2014 at 10:20:50.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Chente  Benavides\Application Data\getrighttogo"

 

~~~ FireFox

Emptied folder: C:\Documents and Settings\Chente  Benavides\Application Data\mozilla\firefox\profiles\gew631h1.default\minidumps [14 files]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/05/2014 at 10:27:29.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 abstubbs

abstubbs
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 March 2014 - 01:53 PM

Ok.  Just received another call from my ISP, they're now telling me that the problem is with my TP Link modem.  I guess 300,000+ have been compromised.  They are also recommending that I upgrade my modem firmware.  Does this sound reasonable to you?  How difficult is it to upgrade the firmware without messing things up?  I work from home and can't afford to be down for any amount of time.



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:26 PM

Posted 05 March 2014 - 02:04 PM

YES,,,,do you mean the default "admin" password?


PC 2
In Control Panel, Uninstall....

Adobe Reader X (10.1.9) (Version: 10.1.9)
Java 7 Update 45 (Version: 7.0.450)
Java™ 6 Update 18 (Version: 6.0.180)

Reboot

Install Adobe Reader XI


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users