Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, popups from Aviasales, unrequested download to my Android


  • Please log in to reply
6 replies to this topic

#1 cooked

cooked

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 02 December 2014 - 09:44 PM

This  one of the rare occasions that I can start up without being in Safe Mode. Last night in addition to repeated BSODs, I start getting popups from Aviasales, a Russian travel company with offices here in Thailand, where I live. I also got links to porno sites and a gambling site.
This morning my Android tells me it has downloaded a file from rmakaro.beget.ru called v4.4.0.apk.
I have used various virus scanners, Tdss killer an a few others, that sometimes break down in mid scan.
 
Any ideas? I found a nice Dell with Linux ready loaded yesterday...

Edited by Queen-Evie, 02 December 2014 - 10:00 PM.
moved from XP to Am I Infected


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 AM

Posted 02 December 2014 - 11:00 PM

Hello cooked, lets try to get thru these...

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cooked

cooked
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 03 December 2014 - 06:28 AM

Wow, ESET is impressive. The Junkware removal tool 'failed to initialise properly' , so no results. I uninstalled the Ubuntu file today, didn't realise it was still there.

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Administrator (administrator) on 03-12-2014 at 17:25:16
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 15471 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "{336CA856-B7E4-4C99-A6CF-55A9DBCCFD58}"

set address name="{336CA856-B7E4-4C99-A6CF-55A9DBCCFD58}" source=dhcp
set dns name="{336CA856-B7E4-4C99-A6CF-55A9DBCCFD58}" source=dhcp register=PRIMARY
set wins name="{336CA856-B7E4-4C99-A6CF-55A9DBCCFD58}" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : PC2013120610RST

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

        Physical Address. . . . . . . . . : 00-26-18-BD-3F-05

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.9

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 94.249.192.104

                                            8.8.8.8

        Lease Obtained. . . . . . . . . . : 03 December 2014 17:05:59

        Lease Expires . . . . . . . . . . : 06 December 2014 17:05:59



Ethernet adapter {336CA856-B7E4-4C99-A6CF-55A9DBCCFD58}:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Anchorfree HSS Adapter - Packet Scheduler Miniport

        Physical Address. . . . . . . . . : 00-FF-33-6C-A8-56

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  1.179.249.187, 1.179.249.167, 1.179.249.157, 1.179.249.168
      1.179.249.158, 1.179.249.178, 1.179.249.177, 1.179.249.163, 1.179.249.162
      1.179.249.153, 1.179.249.148, 1.179.249.172, 1.179.249.173, 1.179.249.182
      1.179.249.152, 1.179.249.183



Pinging google.com [1.179.249.163] with 32 bytes of data:



Reply from 1.179.249.163: bytes=32 time=14ms TTL=58

Reply from 1.179.249.163: bytes=32 time=50ms TTL=58



Ping statistics for 1.179.249.163:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 14ms, Maximum = 50ms, Average = 32ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=365ms TTL=44

Reply from 98.138.253.109: bytes=32 time=417ms TTL=44



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 365ms, Maximum = 417ms, Average = 391ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 18 bd 3f 05 ...... Realtek PCIe FE Family Controller - Packet Scheduler Miniport
0x10004 ...00 ff 33 6c a8 56 ...... Anchorfree HSS Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.9      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.9     192.168.1.9      20
      192.168.1.9  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.9     192.168.1.9      20
        224.0.0.0        240.0.0.0      192.168.1.9     192.168.1.9      20
  255.255.255.255  255.255.255.255      192.168.1.9     192.168.1.9      1
  255.255.255.255  255.255.255.255      192.168.1.9           10004      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/03/2014 05:06:57 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=34E5F832A3A14A8D9E4DBD62D5C00869;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\b4d81266-0f01-4b45-bc5a-1c2091e11232.dmp

Error: (12/03/2014 05:06:49 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=34E5F832A3A14A8D9E4DBD62D5C00869;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\2a294205-0c42-46d2-83b7-eae5c9034101.dmp

Error: (12/03/2014 05:06:13 PM) (Source: Service Control Manager) (User: )
Description: aswSnx

Error: (12/03/2014 05:06:11 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager) (User: )
Description: WD File Management Shadow Engine%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager) (User: )
Description: WD File Management Engine%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager) (User: )
Description: WDDMService%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager) (User: )
Description: Norton Identity Safe%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager) (User: )
Description: avast! Antivirus%%3

Error: (12/03/2014 11:29:00 AM) (Source: Service Control Manager) (User: )
Description: aswSnx


System errors:
=============
Error: (12/03/2014 06:41:22 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (12/01/2014 11:23:35 PM) (Source: Print) (User: NT AUTHORITY)
Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.

Error: (11/30/2014 05:08:11 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.8 for the Network Card with network address 002618BD3F05 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/30/2014 06:31:00 AM) (Source: 0) (User: )
Description: C:


Microsoft Office Sessions:
=========================
Error: (12/03/2014 05:06:57 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=34E5F832A3A14A8D9E4DBD62D5C00869;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\b4d81266-0f01-4b45-bc5a-1c2091e11232.dmp

Error: (12/03/2014 05:06:49 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=39.0.2171.71;lang=;guid=34E5F832A3A14A8D9E4DBD62D5C00869;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\2a294205-0c42-46d2-83b7-eae5c9034101.dmp

Error: (12/03/2014 05:06:13 PM) (Source: Service Control Manager)(User: )
Description: aswSnx

Error: (12/03/2014 05:06:11 PM) (Source: Service Control Manager)(User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager)(User: )
Description: WD File Management Shadow Engine%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager)(User: )
Description: WD File Management Engine%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager)(User: )
Description: WDDMService%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager)(User: )
Description: Norton Identity Safe%%3

Error: (12/03/2014 05:06:06 PM) (Source: Service Control Manager)(User: )
Description: avast! Antivirus%%3

Error: (12/03/2014 11:29:00 AM) (Source: Service Control Manager)(User: )
Description: aswSnx



=========================== Installed Programs ============================
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX Free Download Packages (HKCU\...\Adobe Flash Player ActiveX Free Download Packages) (Version:  - )
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Auslogics Duplicate File Finder (HKLM\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
BusinessCards MX (HKLM\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.1 - MOJOSOFT)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Everything 1.2.1.371 (HKLM\...\Everything) (Version:  - )
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Free Alarm Clock 3.0.5 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
Genesys USB Mass Storage Device (HKLM\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 2.5.0.0 - Genesys Logic)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Deskjet 2520 series Basic Device Software (HKLM\...\{692BAD63-C88E-4399-B900-1ED066396EA1}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 0.0.0.0000 - Intel Corporation)
Intkey (HKLM\...\Intkey) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
K-Lite Mega Codec Pack 10.2.2 (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.2 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{9011041E-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
MozyHome (HKLM\...\{06BFC7A0-2C6A-ED03-5684-37E8949A5823}) (Version: 2.26.0.376 - Mozy, Inc.)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
OpenWith.org 1.0.3 (HKLM\...\{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1) (Version:  - OpenWith.org)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.0.4 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM\...\com.webkinesis.PicasaUploaderDesktop) (Version: 0.7 - UNKNOWN)
Picasa Uploader (Version: 0.7 - UNKNOWN) Hidden
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.1.00.11270 - Sony Corporation)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.0.02.12110 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Ubuntu (HKLM\...\Wubi) (Version: 14.04-rev286 - Ubuntu)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
WebcamMax (HKLM\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 2038.11 MB
Available physical RAM: 1605.99 MB
Total Pagefile: 2384.9 MB
Available Pagefile: 2033.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.8 MB

========================= Partitions: =====================================

1 Drive c: (WINXP) (Fixed) (Total:39.07 GB) (Free:22.15 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:49.04 GB) (Free:44.43 GB) NTFS
3 Drive e: () (Fixed) (Total:209.98 GB) (Free:181.4 GB) NTFS

========================= Users: ========================================

User accounts for \\PC2013120610RST

Administrator            ASPNET                   COM                      
Guest                    HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 

# AdwCleaner v4.103 - Report created 03/12/2014 at 09:27:42
# Updated 01/12/2014 by Xplode
# Database : 2014-12-02.2 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - PC2013120610RST
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.103.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[43jrm2lm.default] - Line Found : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1417487274349");

-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R2].txt - [1947 octets] - [02/12/2014 09:00:28]
AdwCleaner[R3].txt - [3538 octets] - [02/12/2014 09:06:01]
AdwCleaner[R4].txt - [1028 octets] - [03/12/2014 09:27:42]
AdwCleaner[S1].txt - [3583 octets] - [02/12/2014 09:09:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1148 octets] ##########
 

I ran TDSS many times in the past, and I still have no result. Should I uninstall the Junkware removal tool and reinstall in safe mode with networking?

 

thanks


Edited by cooked, 03 December 2014 - 06:30 AM.


#4 BRK1

BRK1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 03 December 2014 - 09:01 AM

getting the same problem following the steps



#5 Cardium

Cardium

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 December 2014 - 10:45 AM

I'm also having the same problem on 2 pcs and 3 android devices.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 AM

Posted 03 December 2014 - 03:14 PM

@BFK1 .. Turn off SpyBot... and see... if needed use safe mode.

@Cardium run the above tools and post the logs in a new topic.. it will become too confusing here ,thx.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cooked

cooked
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 PM

Posted 06 December 2014 - 01:15 AM

ah well, thanks anyway.Buying a Dell pre loaded with Linux on Monday.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users