Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Virus


  • Please log in to reply
11 replies to this topic

#1 xmyriadx

xmyriadx

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 May 2015 - 01:33 PM

need help to remvow malware or browser virus.  thanks for help!



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:56 AM

Posted 30 May 2015 - 01:52 PM

Hello,

Can you describe exactly to the best of your ability what is happening? Ads, redirects etc.?

Please run these to check things out.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 May 2015 - 10:31 PM

My Firefox Browser keeps scrolling up and down on it's own.

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by John (administrator) on 31-05-2015 at 20:28:28
Running from "C:\Documents and Settings\John\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: DG31PR Manufacturer: INTEL
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : John-Computer

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : att.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : att.net

        Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

        Physical Address. . . . . . . . . : 00-1C-C0-76-35-3A

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.73

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Sunday, May 31, 2015 7:51:13 PM

        Lease Expires . . . . . . . . . . : Monday, June 01, 2015 7:51:13 PM

Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    google.com
Address:  216.58.216.46



Pinging google.com [216.58.217.206] with 32 bytes of data:



Reply from 216.58.217.206: bytes=32 time=19ms TTL=55

Reply from 216.58.217.206: bytes=32 time=19ms TTL=55



Ping statistics for 216.58.217.206:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 19ms, Maximum = 19ms, Average = 19ms

Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=83ms TTL=48

Reply from 206.190.36.45: bytes=32 time=53ms TTL=48



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 53ms, Maximum = 83ms, Average = 68ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c c0 76 35 3a ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.73      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.73    192.168.1.73      20
     192.168.1.73  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255     192.168.1.73    192.168.1.73      20
        224.0.0.0        240.0.0.0     192.168.1.73    192.168.1.73      20
  255.255.255.255  255.255.255.255     192.168.1.73    192.168.1.73      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/11/2015 09:42:21 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (04/26/2015 07:04:36 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 37.0.2.5583, faulting module mozalloc.dll, version 37.0.2.5583, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/26/2015 07:04:29 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 37.0.2.5583, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/31/2015 07:51:25 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (05/31/2015 07:51:25 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (05/31/2015 04:26:39 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (05/31/2015 04:26:39 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (05/31/2015 03:00:13 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (05/31/2015 03:00:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (05/31/2015 00:26:46 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (05/31/2015 00:26:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (05/31/2015 01:11:35 AM) (Source: System Error) (User: )
Description: Error code 40000080, parameter1 8a656130, parameter2 8a003508, parameter3 ba4d3adc, parameter4 00000001.

Error: (05/31/2015 01:11:01 AM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (05/11/2015 09:42:21 PM) (Source: SecurityCenter)(User: )
Description:

Error: (04/26/2015 07:04:36 AM) (Source: Application Error)(User: )
Description: plugin-container.exe37.0.2.5583mozalloc.dll37.0.2.558300001aa1

Error: (04/26/2015 07:04:29 AM) (Source: Application Hang)(User: )
Description: firefox.exe37.0.2.5583hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
DataPilot (HKLM\...\{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}) (Version: 6.00.0000 - Susteen) Hidden
DataPilot (HKLM\...\InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}) (Version: 6.00.0000 - Susteen)
DEXIS Platinum Sensor Files (HKLM\...\{1B50D058-3864-4E8C-A477-B570D50246F7}) (Version: 1.00.0000 - Default Company Name) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD Solution (HKLM\...\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}) (Version:  - )
DVDFab 9.1.6.4 (21/08/2014) (HKLM\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
ENLTV (HKLM\...\{25B535F5-8E56-4F9E-981E-83AC2EDE7DCA}) (Version: 8.0.7 - ENLTV)
ENLTV Driver Setup (HKLM\...\{F60B8CC3-561F-47BE-B1F9-8F208617B830}) (Version: 1.00.0000 - Encore)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
InCD (HKLM\...\InCD!UninstallKey) (Version: 4.3.18.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 13.0.44.0 (HKLM\...\{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}) (Version: 13.0.44.0 - Intel)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Launcher (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.11.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5548 - Realtek Semiconductor Corp.)
Susteen Launcher (HKLM\...\{99ED894F-60CF-4D71-A645-442CD041D595}) (Version: 1.00.0000 - Susteen) Hidden
Susteen Launcher (HKLM\...\InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}) (Version: 1.00.0000 - Susteen)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (HKLM\...\KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (HKLM\...\KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (HKLM\...\KB980182) (Version: 1 - Microsoft Corporation) Hidden
USB-IrDA Adapter (HKLM\...\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Active Development Co., Ltd. (3xHybrid) MEDIA  (01/28/2007 1.3.3.2) (HKLM\...\0EE3AC5002FEB7039D326B15866A23084073CB72) (Version: 01/28/2007 1.3.3.2 - Active Development Co., Ltd.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 2035.77 MB
Available physical RAM: 1656.95 MB
Total Pagefile: 3928.71 MB
Available Pagefile: 3724.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:126.07 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHN-COMPUTER

Administrator            ASPNET                   Guest                    
HelpAssistant            John                     operatory 1              
SUPPORT_388945a0         

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini013015-01.dmp
C:\WINDOWS\Minidump\Mini031815-01.dmp
C:\WINDOWS\Minidump\Mini032215-01.dmp
C:\WINDOWS\Minidump\Mini032815-01.dmp
C:\WINDOWS\Minidump\Mini041115-01.dmp
C:\WINDOWS\Minidump\Mini041415-01.dmp
C:\WINDOWS\Minidump\Mini053115-01.dmp
C:\WINDOWS\Minidump\Mini072314-01.dmp
C:\WINDOWS\Minidump\Mini080510-01.dmp
C:\WINDOWS\Minidump\Mini082712-01.dmp
C:\WINDOWS\Minidump\Mini092512-01.dmp
C:\WINDOWS\Minidump\Mini102312-01.dmp
========================= Restore Points ==================================

24-02-2015 03:06:33 System Checkpoint
25-02-2015 12:31:37 System Checkpoint
28-02-2015 00:09:37 System Checkpoint
07-03-2015 11:51:46 System Checkpoint
11-03-2015 21:18:15 Software Distribution Service 3.0
13-03-2015 22:21:43 System Checkpoint
15-03-2015 20:23:53 System Checkpoint
18-03-2015 03:54:00 System Checkpoint
22-03-2015 11:09:17 System Checkpoint
26-03-2015 04:43:33 System Checkpoint
29-03-2015 05:33:06 System Checkpoint
03-04-2015 20:37:23 System Checkpoint
08-04-2015 01:05:14 System Checkpoint
11-04-2015 20:12:30 System Checkpoint
14-04-2015 00:30:04 System Checkpoint
14-04-2015 20:57:46 Software Distribution Service 3.0
15-04-2015 22:08:38 System Checkpoint
19-04-2015 10:27:30 System Checkpoint
27-04-2015 20:16:55 System Checkpoint
10-05-2015 08:37:41 System Checkpoint
12-05-2015 18:17:12 Software Distribution Service 3.0
22-05-2015 22:06:30 System Checkpoint
24-05-2015 00:21:36 System Checkpoint
27-05-2015 03:59:01 System Checkpoint
30-05-2015 12:20:53 System Checkpoint

**** End of log ****



#4 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 May 2015 - 10:34 PM

 Results of screen317's Security Check version 1.002  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Please wait while WMIC is being installed.
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player     17.0.0.169  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1)
 Google Chrome (43.0.2357.65)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:56 AM

Posted 01 June 2015 - 12:02 AM

Hi there,

Please uninstall the following software from Add/Remove Programs:

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

If you run into any issues, let me know.

After that please run this.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Full Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
Regards,
Alex

#6 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 01 June 2015 - 09:35 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 6/1/2015 7:11:02 PM
User account: JOHN-COMPUTER\John

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    6/1/2015 7:13:13 PM

Scanned    107442
Found    0

Scan end:    6/1/2015 7:33:51 PM
Scan time:    0:20:38



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:56 AM

Posted 02 June 2015 - 01:56 AM

Hi there,

Please run this next.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

Reset your browsers (in this case Firefox) using instructions here.

How is the computer doing?

Regards,
Alex

#8 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 02 June 2015 - 10:13 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Microsoft Windows XP x86
Ran by John on Tue 06/02/2015 at  8:10:38.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\wininit.ini



~~~ Folders



~~~ Chrome


[C:\Documents and Settings\John\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\John\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\John\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\John\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/02/2015 at  8:12:16.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:56 AM

Posted 02 June 2015 - 10:24 AM

Hi there,

Please run these next.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware from here.

Double click on the file mbam-setup-2.x.x.xxxx.exe to install the application. (x.x.xxxx is the version)
  • Follow the prompt. At the end place a checkmark in Launch Malwarebytes Anti-Malware, then choose Finish.
  • When MBAM opens it will says Your database is out of date. Choose Fix Now.
  • Click on the Scan tab at the top of the window, choose Threat Scan, then Scan Now.
  • If you receive a message that updates are available, choose Update Now button (the scan will start after updates are completed).
  • Please be patient as the scan will take some time.
  • If MBAM detected threats, choose Quarantine for all items, then click Apply Actions.
  • While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
After that reset your browsers using instructions here.

How is the computer doing?

Regards,
Alex

#10 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 02 June 2015 - 10:34 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/2/2015
Scan Time: 8:25:33 AM
Logfile: mal.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.02.03
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307157
Time Elapsed: 6 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#11 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 02 June 2015 - 11:02 AM

ESET found no threats.

 

Reset Firefox

 

Thanks for help, hopefully it will run smooth.  Thanks for help

 

If problem returns I will post an update thank you!



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:56 AM

Posted 02 June 2015 - 01:08 PM

Let me know if any problem turns up.

Download DelFix from here and save it to your Desktop.
  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process.
You can uninstall ESET Online Scanner from Programs and Features in Control Panel.

Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Personal Software Inspector - I suggest that you run it at least once a month.

Malwarebytes Anti-Exploit
Malwarebytes Anti-Exploit (MBAE) is a very useful utility in keeping your computer safe on the Internet. It uses innovative technologies to block exploits - peepholes in software that cybercriminals can use to get their malware into your system, thus stopping their advance before they can drop their payload. What's more, it's a "fire and forget" solution - just install MBAE and it will automatically do its job.
Malwarebytes Anti-Exploit Free offers protection for your browsers - upgrading to Premium allows you to create customized shields for other applications.

Safe computing practices

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

If you have any questions left, feel free to ask me here.

Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users