Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i.e. opens but command window flashes as it is opening


  • Please log in to reply
17 replies to this topic

#1 Urge21

Urge21

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 02 December 2014 - 02:50 PM

Hi,  The title says it all.  I have Windows XP SP3 running.

 

Urge



BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 03:22 PM

Hello there  :welcome:

 

You've already done a thread about an issue with IE (http://www.bleepingcomputer.com/forums/t/558396/no-internet-explorer-oe-wacky/#entry3555831). To avoid confusion, I recommend you edit that thread and copy your IE issue from this thread to that one.

 

Thank you.



#3 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  

Posted 02 December 2014 - 03:58 PM

These are 2 different computers with 2 slightly different problems.  I was told only 1 problem to a post.

 

Urge



#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 04:54 PM

Ah ok, thanks for letting me know. I'll look into this issue and get back to you.

 

By I.E, do you mean Internet Explorer? If so, does Internet Explorer open as well as the black CMD box?


Edited by LighthouseParty, 02 December 2014 - 04:55 PM.


#5 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 02 December 2014 - 04:59 PM

I do mean internet explorer and yes it does open with the command window.

 

Urge



#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2014 - 02:04 AM

Let's check to see if your computer's infected.

 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#7 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  

Posted 03 December 2014 - 03:16 PM

Hi LP,  Here is the Mini Toolbox log:

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Reception Desk (administrator) on 03-12-2014 at 12:31:36
Running from "C:\Documents and Settings\Reception Desk\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.



=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\{23170F69-40C1-2701-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{B5C209B1-8DDB-4642-A573-375B951514CB}) (Version: 1.1.2.23 - Apple Inc.)
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
AutoCAD Architecture 2008 (HKLM\...\AutoCAD Architecture 2008) (Version: 5.5.256.0 - Autodesk)
AutoCAD Architecture 2008 (Version: 5.5.256.0 - Autodesk) Hidden
AutoCAD Architecture 2008 SP1 (HKLM\...\AutoCAD Architecture 2008 SP1) (Version: 1 - Autodesk)
Autodesk Architectural Desktop 2006 (HKLM\...\{5783F2D7-4004-0409-0002-0060B0CE6BBA}) (Version: 4.7.302.0 - Autodesk)
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Avast Internet Security (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.8 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated)
CPUID CPU-Z 1.55 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dell 2155 Color MFP Address Book Editor Ver.1.0.4.2 (HKLM\...\{E41D6BBF-0C69-44EE-9F3E-B294CDB7F83C}) (Version: 1.0.4.2 - Dell Inc.)
Dell 2155 Color MFP ScanButton Manager Ver.1.0.2.2 (HKLM\...\{93637B1B-551C-44FF-A6FE-6650B2C71D2A}) (Version: 1.0.2.2 - Dell Inc.)
Dell 2155 Color MFP Scanner Driver (HKLM\...\{40989F6C-18D8-4EE1-9B79-3D6FD2893EE9}) (Version: 1.0.2.2 - Dell Inc.)
Dell Printer Software (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
DeLorme Street Atlas USA 2008 (HKLM\...\{81D0EAC7-B352-4E71-B8A1-461E41029A2E}) (Version: 1.00.2008 - DeLorme Publishing, Inc.)
EditPad Lite 7.1.2 (HKLM\...\EditPad Lite) (Version: 7.1.2 - Just Great Software)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.1536.6592 - Google Inc.)
Hard Drive Inspector Pro 3.40.287 (HKLM\...\Hard Drive Inspector Pro_is1) (Version:  - )
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version:  - )
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - hp psc 2170 series (HKLM\...\HP PSC 2170 Series) (Version:  - )
HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
hp psc 2170 series (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HydroCAD (HKLM\...\HydroCAD) (Version:  - )
InCD EasyWrite Reader (HKLM\...\MRW!UninstallKey) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Hotfix (KB928366) (HKLM\...\M928366) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Visio Standard 2007 (HKLM\...\VISSTDR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Standard 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.30109.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
nCleaner second 2.3.4.0 (HKLM\...\nCleaner) (Version: 2.3.4.0 - )
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon View 6 (HKLM\...\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}) (Version:  - )
Nitro Reader 2 (HKLM\...\{1B90DADD-3136-45C9-B913-1DAEBDE8A585}) (Version: 2.5.0.36 - Nitro PDF Software)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PS_AIO_07_C310_SW_Min (Version: 140.0.304.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SuperPurge Lite (HKLM\...\SuperPurge Lite) (Version:  - )
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
TightVNC (HKLM\...\{D903B276-81AE-4AED-AEF9-45DACFBF16CE}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Update for Office 2007 (KB932080) (HKLM\...\{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{EDC9CA29-6BC1-471C-828C-7A36109005D7}) (Version:  - )
Update for Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB904942) (HKLM\...\KB904942) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB910437) (HKLM\...\KB910437) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB916595) (HKLM\...\KB916595) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB920342) (HKLM\...\KB920342) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB922582) (HKLM\...\KB922582) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB925876) (HKLM\...\KB925876) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB929338) (HKLM\...\KB929338) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB930916) (HKLM\...\KB930916) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB938828) (HKLM\...\KB938828) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
========================= Restore Points ==================================

06-09-2014 11:58:27 System Checkpoint
07-09-2014 12:08:36 System Checkpoint
08-09-2014 16:55:13 System Checkpoint
09-09-2014 17:47:42 System Checkpoint
10-09-2014 17:48:18 System Checkpoint
11-09-2014 22:34:33 System Checkpoint
13-09-2014 17:11:08 System Checkpoint
14-09-2014 18:38:42 System Checkpoint
15-09-2014 21:50:44 System Checkpoint
16-09-2014 22:40:12 System Checkpoint
18-09-2014 13:49:57 System Checkpoint
19-09-2014 17:18:28 System Checkpoint
21-09-2014 16:34:53 System Checkpoint
22-09-2014 18:24:03 System Checkpoint
23-09-2014 18:52:20 System Checkpoint
25-09-2014 14:56:14 System Checkpoint
26-09-2014 16:21:22 System Checkpoint
27-09-2014 17:29:09 System Checkpoint
28-09-2014 19:11:44 System Checkpoint
01-10-2014 13:47:29 System Checkpoint
02-10-2014 17:32:49 System Checkpoint
03-10-2014 18:02:06 System Checkpoint
04-10-2014 18:54:50 System Checkpoint
05-10-2014 22:39:23 System Checkpoint
07-10-2014 17:24:33 System Checkpoint
08-10-2014 18:21:41 System Checkpoint
10-10-2014 16:55:06 System Checkpoint
11-10-2014 16:56:44 System Checkpoint
12-10-2014 17:28:28 System Checkpoint
13-10-2014 19:16:33 System Checkpoint
14-10-2014 20:34:25 System Checkpoint
16-10-2014 16:31:31 System Checkpoint
17-10-2014 21:02:33 System Checkpoint
20-10-2014 16:43:51 System Checkpoint
21-10-2014 17:20:58 System Checkpoint
23-10-2014 16:29:56 System Checkpoint
25-10-2014 12:42:46 System Checkpoint
26-10-2014 12:54:59 System Checkpoint
27-10-2014 16:00:18 System Checkpoint
28-10-2014 21:17:53 System Checkpoint
30-10-2014 18:00:36 System Checkpoint
31-10-2014 19:03:05 System Checkpoint
01-11-2014 23:02:05 System Checkpoint
03-11-2014 20:46:22 System Checkpoint
05-11-2014 22:08:26 System Checkpoint
07-11-2014 11:18:04 System Checkpoint
08-11-2014 17:21:45 System Checkpoint
09-11-2014 18:47:01 System Checkpoint
10-11-2014 19:16:00 System Checkpoint
12-11-2014 14:37:32 System Checkpoint
13-11-2014 20:14:02 System Checkpoint
14-11-2014 23:06:03 System Checkpoint
16-11-2014 18:42:48 System Checkpoint
17-11-2014 20:06:25 System Checkpoint
19-11-2014 11:19:10 System Checkpoint
20-11-2014 17:01:07 System Checkpoint
21-11-2014 18:10:44 System Checkpoint
22-11-2014 21:00:27 System Checkpoint
24-11-2014 11:19:23 System Checkpoint
26-11-2014 11:11:09 System Checkpoint
28-11-2014 11:17:02 System Checkpoint
29-11-2014 13:17:09 System Checkpoint
30-11-2014 17:28:04 System Checkpoint
01-12-2014 20:59:11 System Checkpoint
02-12-2014 18:28:29 avast! antivirus system restore point

**** End of log ****
 

Here is the MBAM log:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/12/03 13:04:58 -0500</date>
<logfile>mbam-log-2014-12-03 (13-04-56).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2014.12.03.09</malware-database>
<rootkit-database>v2014.12.02.02</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows XP Service Pack 2</osversion>
<arch>x86</arch>
<username>Reception Desk</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>438958</objects>
<time>1005</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Documents and Settings\Reception Desk\My Documents\Downloads\Setup(1).exe</path><vendor>PUP.Optional.OptimumInstaller.A</vendor><action>success</action><hash>7ff6ff5f94e8dd594863bbae7c85639d</hash></file>
</items>
</mbam-log>
 

Here is the Security Check log:

 Results of screen317's Security Check version 0.99.91  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
T
r
e
n
d
ECHO is off.
M
i
c
r
o
ECHO is off.
C
l
i
e
n
t
S
e
r
v
e
r
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
A
g
e
n
t
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 nCleaner second 2.3.4.0   
 Java 7 Update 21  
 Java™ 6 Update 3  
 Java™ 6 Update 5  
 Java™ 6 Update 7  
 Java version 32-bit out of Date!
  Adobe Flash Player     11.9.900.170 Flash Player out of Date!  
 Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Bill



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2014 - 04:14 PM

Hello there,
 
:step1: Uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Click the start menu, select Control Panel and click add or remove programs. Navigate to each of the following below one-by-one and click uninstall:

  • Java 7 Update 21
  • Java Auto Updater
  • Java™ 6 Update 3
  • Java™ 6 Update 5
  • Java™ 6 Update 7

Please download JavaRa from here and once opened it, select 'remove JRE'. 
 
:step2: Update to Windows XP Service Pack 3: http://technet.microsoft.com/en-gb/windows/windows-xp-service-pack-3.aspx (How to)



#9 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 05 December 2014 - 06:21 PM

I went to download Java from the link you provided and I guess I didn't pay close enough attention to the download link I clicked.  I was getting someshaking little window telling me to click to updare media player(I didn't clic it).  Then another tab opened in Firefox that Avast closed.  I have screenshots:

 http://i46.photobucket.com/albums/f137/Urge212/malwarescreenshot2_zps03cfb205.jpg

 

http://i46.photobucket.com/albums/f137/Urge212/malwarescreenshot_zps6a5321c1.jpg

 

I hope you can see these clearly.

 

 

I was able to remove all the Java versions but I didn't install a current version.  I'm not sure what just happened but it's hard to believe that you guys would send me somewhere that would give me malware so, I guess I just don't know...(could be a line from a Lou Reed Song).lol

 

Urge


Edited by Urge21, 05 December 2014 - 06:30 PM.


#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2014 - 06:33 PM

I'm not even quite sure how you got to that webpage.. the link I posted for JavaRa is this: http://singularlabs.com/software/javara Have you updated to Windows XP Service Pack 3?

 

:step1: Download and run AdwCleaner

  • Click here to download AdwCleaner to your desktop.
  • Double click adwcleaner_x.xxx.exe. If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once you've restarted, a log should appear. Please post this in your next reply.

:step2: Download Junkware Removal Tool

  • Click here to download Junkware Removal Tool to your desktop.
  • Double click JRT.exe. (Win 7 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.


#11 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  

Posted 05 December 2014 - 08:02 PM

Hi LP,  Here is the AdwCleaner log:

 

# AdwCleaner v4.103 - Report created 05/12/2014 at 19:26:42
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Reception Desk - HAPPY
# Running from : C:\Program Files\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update DigiHelp
[#] Service Deleted : Util DigiHelp
[#] Service Deleted : {4f2819d0-bef1-4b68-bead-13848229eb6f}Gt

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FileOpener
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files\Tweaks
Folder Deleted : C:\Program Files\WSE_Vosteran
Folder Deleted : C:\Program Files\Optimizer Pro 3.11
[!] Folder Deleted : C:\Program Files\DigiHelp
Folder Deleted : C:\DOCUME~1\RECEPT~1\LOCALS~1\Temp\DigiHelp
Folder Deleted : C:\Documents and Settings\Reception Desk\Application Data\Optimizer Pro
Folder Deleted : C:\Documents and Settings\Reception Desk\Application Data\WSE_Vosteran
Folder Deleted : C:\Documents and Settings\Reception Desk\My Documents\Optimizer Pro
File Deleted : C:\Documents and Settings\All Users\Desktop\FileOpener.lnk
File Deleted : C:\WINDOWS\system32\drivers\{4f2819d0-bef1-4b68-bead-13848229eb6f}Gt.sys
File Deleted : C:\Documents and Settings\Reception Desk\Desktop\Continue Zip Extractor Installation.lnk
File Deleted : C:\Documents and Settings\Reception Desk\Desktop\Optimizer Pro.lnk
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wggciswu.default\user.js
File Deleted : C:\Documents and Settings\Reception Desk\Application Data\Mozilla\Firefox\Profiles\uhoz0tjf.default\user.js
File Deleted : C:\Documents and Settings\Urge\Application Data\Mozilla\Firefox\Profiles\qrcgx9bi.default\user.js
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wggciswu.default\searchplugins\Vosteran.xml
File Deleted : C:\Documents and Settings\Reception Desk\Application Data\Mozilla\Firefox\Profiles\uhoz0tjf.default\searchplugins\Vosteran.xml
File Deleted : C:\Documents and Settings\Urge\Application Data\Mozilla\Firefox\Profiles\qrcgx9bi.default\searchplugins\Vosteran.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update DigiHelp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util DigiHelp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\WSE_Vosteran
Key Deleted : HKCU\Software\DigiHelp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\DigiHelp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigiHelp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tweaks FileOpener
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DigiHelp

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16640

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v33.1 (x86 en-US)

[wggciswu.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzy[...]
[wggciswu.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Vosteran");
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzy[...]
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyE[...]
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutC[...]
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[uhoz0tjf.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1Czu[...]
[qrcgx9bi.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzy[...]
[qrcgx9bi.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[qrcgx9bi.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[qrcgx9bi.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
[qrcgx9bi.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");

*************************

AdwCleaner[R0].txt - [9398 octets] - [05/12/2014 18:54:09]
AdwCleaner[R1].txt - [9458 octets] - [05/12/2014 19:03:03]
AdwCleaner[S0].txt - [8510 octets] - [05/12/2014 19:26:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8570 octets] ##########

 

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Reception Desk on Fri 12/05/2014 at 19:48:10.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Reception Desk\Application Data\mozilla\firefox\profiles\uhoz0tjf.default\prefs.js

user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAtFy
user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2XzutAt
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_49_ff_na01&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByCtByByDyD0AzyzyyEzyzztN0D0Tzu0StCtDyCzytN1L2Xzut
Emptied folder: C:\Documents and Settings\Reception Desk\Application Data\mozilla\firefox\profiles\uhoz0tjf.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/05/2014 at 19:54:24.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

The JRT program stopped and a pop up said that plugin-container.exe encountered a problem and needs to close.  I ran it again and it finished.

 

Urge

 



#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2014 - 04:19 AM

How is the PC now?



#13 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 06 December 2014 - 02:45 PM

Hi LP,  Well, it seems to be working.  I was able to go to windows update.  I didn't actually try to download anything, but I was able to go there.  I didn't notice any command window.  What do you think caused this?

 

Urge



#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 06 December 2014 - 03:13 PM

It's possible that it was caused by malware.. glad your issue's now resolved.

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

Happy surfing!



#15 Urge21

Urge21
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  

Posted 06 December 2014 - 06:25 PM

Hi LP,  I upgraded to SP3 and I ran Delfix.  So we do not know what caused this?

 

Urge






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users