#1  
Old 06-12-2012, 04:15 AM
onslaught onslaught is offline
New Member
 
Join Date: Apr 2005
Location: Sydney, Australia
Posts: 13
Unhappy Broken Windows XP

First of all see this for my PC profile https://www.yousendit.com/download/Q...Z2pqV0N5VmNUQw

I am running Windows XP SP3 and am up-to-date with Windows Updates and use Norton as my A/V and Zonealarm as my firewall.

My IE problems began when I noticed I could not use my golf club member login but everything was fine using my new tablet computer. At this point I asked my neighbour (mmfell on this forum) for assistance.

Ran Malwarebytes and found & fixed 3 items (see attachment) and mentioned I was getting something called Babylon. Subsequent MBAM scans found nothing to report.

Mmfell came over and found home page had been hijacked into search.nu.com/406 and we attempted to fix the PC following this http://www.uninstall-tool.com/remove...removal-guide/ we managed to delete the program files of the search and got the home page changed to google.

PC is very slow and we have found that it will not install anything (we have tried to install Spybot) – it hangs and never gets off collecting info. Also trying the remove programs causes the PC to hang, and a forced reboot has to be used to stop the lockup. There are at least 3 toolbars installed in IE but cannot be removed due to removal lockup.

We are tempted to use a sledgehammer approach and go for a system repair or even a reformat and re-install of XP.

What do you think we should do at this time ?? Do a DDS scan ?? Try removals in safe mode with networking ?? We cannot do any install unless we try safe mode.
Attached Files
File Type: txt mbam-log-2012-06-06 (19-28-30).txt (1.2 KB, 47 views)
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
Reply With Quote
  #2  
Old 06-12-2012, 05:16 AM
MikeN.
Guest
 
Posts: n/a
Quote:
Originally Posted by onslaught View Post
First of all see this for my PC profile https://www.yousendit.com/download/Q...Z2pqV0N5VmNUQw

I am running Windows XP SP3 and am up-to-date with Windows Updates and use Norton as my A/V and Zonealarm as my firewall.

My IE problems began when I noticed I could not use my golf club member login but everything was fine using my new tablet computer. At this point I asked my neighbour (mmfell on this forum) for assistance.

Ran Malwarebytes and found & fixed 3 items (see attachment) and mentioned I was getting something called Babylon. Subsequent MBAM scans found nothing to report.

Mmfell came over and found home page had been hijacked into search.nu.com/406 and we attempted to fix the PC following this http://www.uninstall-tool.com/remove...removal-guide/ we managed to delete the program files of the search and got the home page changed to google.

PC is very slow and we have found that it will not install anything (we have tried to install Spybot) – it hangs and never gets off collecting info. Also trying the remove programs causes the PC to hang, and a forced reboot has to be used to stop the lockup. There are at least 3 toolbars installed in IE but cannot be removed due to removal lockup.

We are tempted to use a sledgehammer approach and go for a system repair or even a reformat and re-install of XP.

What do you think we should do at this time ?? Do a DDS scan ?? Try removals in safe mode with networking ?? We cannot do any install unless we try safe mode.
Your version of Malwarebytes is way out of date. Boot into Safe Mode with Networking and see if you can uninstall the old version and reinstall the new version, make sure its fully updated if possible, run a Full scan, remove everything and COPY AND PASTE the log. DO NOT attach a log from an infected machine to a forum reply please. http://majorgeeks.com/downloadget.ph...d909666f809b26

If you are already considering doing a format, I would go ahead and do it myself given all you have described.
Reply With Quote
  #3  
Old 06-12-2012, 09:01 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Quote:
Originally Posted by MikeN. View Post
Your version of Malwarebytes is way out of date. Boot into Safe Mode with Networking and see if you can uninstall the old version and reinstall the new version, make sure its fully updated if possible, run a Full scan, remove everything and COPY AND PASTE the log. DO NOT attach a log from an infected machine to a forum reply please. http://majorgeeks.com/downloadget.ph...d909666f809b26

If you are already considering doing a format, I would go ahead and do it myself given all you have described.
As Mike said, the MBA-M version is way out of date...3+years out of date in fact so it could not even scan for any of the very serious infections that have been plaguing people for the last 3 years and would be in it's database and found and also removed if the program was the new version and the database fully up to date. MBA-M is still considered the top of the line for removing serious infections such as these, if it is kept fully up to date.

The files found and deleted likely are all Legitimate legal files from Norton. MBA-M flagged these files because it is so old it could never recognize NEW files from Norton and therefore it did what it was programmed to do, saw files it didn't believe were true Norton files and removed them. So your Norton program is now likely broken also and will have to be reinstalled.

I agree with Mike, if you are fully prepared and comfortable with a reformat/reload, I would also do this. It likely will be faster to do this than attempt to "jump through the hoops" this infection will make you do in order to get it fully removed.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #4  
Old 06-12-2012, 09:16 AM
MMFELL's Avatar
MMFELL MMFELL is offline
Retired Computer Techo
 
Join Date: Nov 2003
Location: Sydney. Australia
Posts: 16,643
OK - will try the uninstall/install new version and updated MBAM.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below.
Google is your friend


Reply With Quote
  #5  
Old 06-12-2012, 09:50 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Quote:
Originally Posted by MMFELL View Post
OK - will try the uninstall/install new version and updated MBAM.
Ok, since you have decided to try to clean, there will be a lot of other steps required besides running MBA-M. There very well could be a rootkit involved here also.

Norton should definitely be Uninstalled now and then Reinstalled, AFTER the computer is clean, because it very likely has been damaged, either by the hijacker (therefore infected) or by the original run by the old MBA-M version.

Safe Mode with Networking will be needed if possible in order to download, install and UPDATE MBA-M. If Safe Mode with Networking is not possible then of course the install file can be downloaded to a clean computer and then moved to the infected computer using either a flash drive or CD, however it will not likely be able to be updated so a Full scan would be needed without the definition update, though the new version would at least be 3 years newer than the one previously used so at least there you would be ahead of the game. All attempts should be made however to do an update to the program.

Then it may likely have to be run first while in Safe Mode with Networking because the infection probably won't allow it to be run in Normal mode, and removal done, then a reboot to normal to attempt to do another Update and Full scan with MBA-M.
Then a DDS scan done and posted.
http://www.bleepingcomputer.com/download/dds/

Likely then multiple other tools will also be needed, but we won't know how many until these first logs are posted.


Post, using copy/paste of course, the log from the new MBA-M. Then the DDS logs, two of them, will need to be posted also. After that it will be easier to determine if the other tools will be needed, chances are that they will be needed.


EDIT: Something to seriously consider.
I have to tell you here, found attempts to remove this hijacker on multiple threads from many good forums, including bleepingcomputer. Very few had an easy time of it, many, if not most, opted finally to do a reformat/reload.
On many of the threads I have read no less than 7 different tools were used in an attempt to remove this infection and many of those tools just would not run at all, this would not count the DDS scan which is not a removal tool only a needed scanner and on some of those computers even DDS wouldn't run.
If you choose to attempt to clean I'll be happy to help but just wanted you to be aware that it may very well not work.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up

Last edited by jholland1964; 06-12-2012 at 10:16 AM. Reason: added info
Reply With Quote
  #6  
Old 06-13-2012, 02:52 AM
MMFELL's Avatar
MMFELL MMFELL is offline
Retired Computer Techo
 
Join Date: Nov 2003
Location: Sydney. Australia
Posts: 16,643
My apologies Judy I only saw your post#3 after I posted recovery would be attempted.

Got PC booted up into safe mode with networking, removed old MBAM, installed newest version, updated and scanned - results


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
User :: OWNER-23CFD3638 [administrator]

13/06/2012 11:44:56 AM
mbam-log-2012-06-13 (11-44-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332096
Time elapsed: 36 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 41
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM7Q6M72\Spybot%20Search%20&%20D estroy[1].exe (Trojan.Hoaxsms) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
Then I rebooted back into normal mode and scanned again, told onslaught to remove all thats found

Results :-


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
User :: OWNER-23CFD3638 [administrator]

13/06/2012 12:28:06 PM
mbam-log-2012-06-13 (12-28-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333907
Time elapsed: 1 hour(s), 27 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 35
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)


After onslaught has played golf and I have taken the dogs for a walk we propose to run a DDS scan.

Meanwhile I will arrange for files etc to be backed up in case a reformat is necessary.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below.
Google is your friend


Reply With Quote
  #7  
Old 06-13-2012, 05:12 AM
MikeN.
Guest
 
Posts: n/a
Quote:
Originally Posted by MMFELL View Post
My apologies Judy I only saw your post#3 after I posted recovery would be attempted.

Got PC booted up into safe mode with networking, removed old MBAM, installed newest version, updated and scanned - results


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
User :: OWNER-23CFD3638 [administrator]

13/06/2012 11:44:56 AM
mbam-log-2012-06-13 (11-44-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332096
Time elapsed: 36 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 41
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM7Q6M72\Spybot%20Search%20&%20D estroy[1].exe (Trojan.Hoaxsms) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\020000000885cba6583S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
Then I rebooted back into normal mode and scanned again, told onslaught to remove all thats found

Results :-


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
User :: OWNER-23CFD3638 [administrator]

13/06/2012 12:28:06 PM
mbam-log-2012-06-13 (12-28-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333907
Time elapsed: 1 hour(s), 27 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 35
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1043\A0142875.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142998.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0142999.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143000.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143002.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143003.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143004.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143005.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143006.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143007.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143008.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143009.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143010.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143011.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143012.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143013.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143014.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143015.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143016.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143017.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143018.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143020.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143022.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143023.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143024.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143025.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143027.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143039.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143040.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143041.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143042.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143043.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143001.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1045\A0143019.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{83CC94A0-113B-4721-83C8-F23E1370A4D8}\RP1046\A0143059.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)


After onslaught has played golf and I have taken the dogs for a walk we propose to run a DDS scan.

Meanwhile I will arrange for files etc to be backed up in case a reformat is necessary.
Where are you putting those backed up files??????? Machine is most likely not clean.

This can be done in Safe Mode with Networking

Next do this:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log
Reply With Quote
  #8  
Old 06-13-2012, 08:47 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
MM, I, like Mike, am extremely concerned about any files backed up from this computer, chances are those files will not be clean. I would be extremely suspicous about any of them. Each and every one of those will have to be thoroughly scanned before they are re-used and where ever the back up is done should also be thoroughly scanned and if even one of them is infected then don't use any of them. If they are backed up to a flash drive or an external drive I honestly would recommend those should also be reformatted once onslaught is finished with it.

Based on the number of infected files deleted from System Restore I also would trust absolutely nothing in there at all so I'm saying something I rarely do, you also need to turn off System Restore to clear out all restore points. Leave it turned off until the computer is hopefully clean.

Based on the problems onslaught is having, I firmly believe that MBA-M didn't find everything and actually just "scratched the surface", even the one done in Normal Mode. Though that normal mode scan took longer as it should have, it only scanned 1001 more objects, which is rare, the number of objects scanned should really have been much higher.

The one trojan found thus far was in Temp files. It was a fake installer for the program SpyBot Search and Destroy. So that program should be uninstalled immediately if it is on the computer because it likely is not the "real" Search and Destroy. That program should only be downloaded from the developer, Safer Networking.Org or one of their 6 mirror sites listed by them on their web site, no place else. To believe that one of their install files contains a trojan would be unheard of unless their entire site has been hacked and if it had been we would have heard about that by now.
If it WAS the original program installed a long time ago then its likely that it is no longer the original and has been compromised by the infections on there. Uninstall SpyBot Search and Destroy and leave it off the computer until you are told the computer is clean and then it should be downloaded brand new from Safer Networking.Org.

Do the ESET scan as requested by Mike and have it clean everything found and be sure to save the log, then do the DDS scan I previously requested and post all three logs, the one from ESET and the two produced by DDS.
Then there will likely be a minimum of two other tools needed, possibly more, after those two programs are run.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #9  
Old 06-13-2012, 09:54 AM
MMFELL's Avatar
MMFELL MMFELL is offline
Retired Computer Techo
 
Join Date: Nov 2003
Location: Sydney. Australia
Posts: 16,643
OK will do the eset scan followed by DDS.

Files being backed up are going onto an external drive and I can scan that with my PC.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below.
Google is your friend


Reply With Quote
  #10  
Old 06-13-2012, 10:00 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Quote:
Originally Posted by MMFELL View Post
OK will do the eset scan followed by DDS.

Files being backed up are going onto an external drive and I can scan that with my PC.
Know I don't really have to tell you MM, really stating this for onslaught's benefit, to take extreme care on what actually is backed up...downloaded videos would be suspicious, downloaded music suspicious, downloaded internet images or graphics, suspicious. Don't save any downloaded program install files either would be my personal recommendation.

Actual personal stuff...pictures, documents are a different story of course, though all should still be scanned. But anything that can be "gotten or downloaded again" I would truly dump. You have no idea where these infections came from so anything that came from a download is highly suspicious and why take the chance.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #11  
Old 06-13-2012, 11:39 PM
onslaught onslaught is offline
New Member
 
Join Date: Apr 2005
Location: Sydney, Australia
Posts: 13
ESET completed, found 7 items

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\YontooSetup-S.exe probably a variant of Win32/Adware.SLITAT application cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temp\is1068456772\ezLooker-S-Setup_Suite1.exe probably a variant of Win32/Adware.DFJFHGU application cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\XM7Q6M72\speedupmypc[1].exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Downloads\software\registrybooster(1).exe Win32/RegistryBooster application deleted - quarantined
C:\Downloads\software\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

DDS scan follows in next post.
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
Reply With Quote
  #12  
Old 06-13-2012, 11:41 PM
onslaught onslaught is offline
New Member
 
Join Date: Apr 2005
Location: Sydney, Australia
Posts: 13
DDS scan is

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by User at 14:29:17 on 2012-06-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2002.1325 [GMT 10:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://search.joobers.com/toolbar/CustomizeSearch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\watch football tv\tbhelper.dll
uURLSearchHooks: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: TBSB05245 Class: {65c117be-6005-4b7e-811a-2e8a046c52a6} - c:\program files\watch football tv\tbcore3.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\s wg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\user\application data\flashgetbho\FlashGetBHO3.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
TB: Watch Football TV: {8e114b8e-c041-4063-a432-ebbf454e9057} - c:\program files\watch football tv\tbcore3.dll
TB: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {252E8A9B-56BD-4FC4-B5C2-2A2A1F0975B0} - No File
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [WireLessMouse ] c:\program files\multimedia combo set\MouseDrv.exe
mRun: [WireLessKeyboard ] c:\program files\multimedia combo set\PS2USBKbdDrv.exe
mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISW]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - http://tbedits.videodownloadconverte...D&n=2012052623
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetUrl.htm
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1DAC1A8F-2858-46CF-9666-25B614170B45} : DhcpNameServer = 10.0.0.138
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-5-7 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\ symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010 .005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\bashdefs\2 0120531.001\BHDrvx86.sys [2012-6-6 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.00 5\ccsetx86.sys [2012-5-18 132744]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-7 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-5-7 485808]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005 \ironx86.sys [2012-5-18 149624]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-5-3 526608]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497280]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2008-8-2 3712]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-8-9 126904]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-2 2514944]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-4-20 285152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\ipsdefs\20 120613.007\IDSXpx86.sys [2012-6-13 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVENG.SYS [2012-6-14 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVEX15.SYS [2012-6-14 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-4-13 257696]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2008-8-2 36256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-5 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-20 50704]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2011-10-21 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2011-10-21 105216]
.
=============== Created Last 30 ================
.
2012-06-14 02:31:41 -------- d-----w- c:\program files\ESET
2012-06-13 02:22:49 54016 ----a-w- c:\windows\system32\drivers\jquxi.sys
2012-06-13 01:38:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 23:34:34 -------- d-----w- c:\documents and settings\user\application data\PriceGong
2012-06-06 21:18:57 -------- d-----w- c:\documents and settings\user\application data\searchqutoolbar
2012-06-06 21:08:01 -------- d-----w- c:\documents and settings\user\local settings\application data\WiseConvert
2012-06-06 21:07:51 -------- d-----w- c:\program files\WiseConvert
2012-06-06 01:44:34 -------- d-----w- c:\documents and settings\user\application data\SpeedyPC Software
2012-06-06 00:43:55 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-06-05 06:00:01 -------- d-----w- c:\documents and settings\user\application data\SpeedMaxPc
2012-06-05 05:59:34 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-05-29 01:24:10 -------- d-----w- c:\program files\DealPly
2012-05-29 01:23:36 -------- d-----w- c:\program files\Yontoo
2012-05-29 01:23:33 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-05-28 07:41:41 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2012-05-27 03:11:50 -------- d-----w- c:\documents and settings\user\AppData
2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\local settings\application data\Ilivid Player
2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\application data\searchquband
2012-05-22 23:46:26 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius
2012-05-18 07:32:54 388216 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi .sys
2012-05-18 07:32:54 345208 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi v.sys
2012-05-18 07:32:53 905336 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symefa .sys
2012-05-18 07:32:53 574072 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtsp. sys
2012-05-18 07:32:53 340088 ----a-r- c:\windows\system32\drivers\nav\1307010.005\symds. sys
2012-05-18 07:32:53 32888 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtspx .sys
2012-05-18 07:32:53 318584 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symnet s.sys
2012-05-18 07:32:52 149624 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ironx8 6.sys
2012-05-18 07:32:52 132744 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ccsetx 86.sys
2012-05-18 07:32:34 4782 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symvtc er.dat
2012-05-18 07:32:34 -------- d-----w- c:\windows\system32\drivers\nav\1307010.005
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 23:51:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:51:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 23:04:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-15 23:04:26 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2008-08-05 02:59:39 16 ----a-w- c:\program files\temp.bat
.
============= FINISH: 14:30:08.64 ===============
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
Reply With Quote
  #13  
Old 06-13-2012, 11:42 PM
onslaught onslaught is offline
New Member
 
Join Date: Apr 2005
Location: Sydney, Australia
Posts: 13
Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/08/2008 10:35:48 AM
System Uptime: 14/06/2012 8:05:28 AM (6 hours ago)
.
Motherboard: Intel Corporation | | DQ35JO
Processor: Intel Pentium III Xeon processor | J1PR | 2989/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 121 GiB total, 40.432 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\WEC1000\4&376E3BFF&0
Manufacturer:
Name:
PNP Device ID: ACPI\WEC1000\4&376E3BFF&0
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Adobe Flash Player 11 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.5.1
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
Avery Wizard 3.1
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Belarc Advisor 6.1
BigPond ADSL SIK 5.5 Files
BigPond Broadband ADSL
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 5.0
Canon G.726 WMP-Decoder
Canon iP3600 series Printer Driver
Canon PhotoRecord
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PrintToolBox
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CanoScan 8600F
CDDRV_Installer
Choice Guard
Compatibility Pack for the 2007 Office system
Conduit Engine
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports for .NET Framework 2.0 (x86)
DealPly
DesignPro 5
e-tax 2011
EASEUS Partition Master 5.0.1 Home Edition
Easy-WebPrint
Easy Media Player 1.1.12
Elf 1.13 Toolbar
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
EZTMM
FastFox
FlashGet 3.5
FW LiveUpdate
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Inkjet Printer/Scanner Extended Survey Program
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Intel® Active Management Technology
Intel® Management Engine Interface
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Join ME
jZip
K-Lite Codec Pack 7.0.0 (Standard)
KeyBlaze Typing Tutor
KhalInstallWrapper
LoadIt
Logitech Desktop Messenger
Logitech SetPoint
MailWasher Free 6.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mouse Driver
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Combo Set
Nero 7 Essentials
Nero Suite
neroxml
NETGEAR WNA3100 wireless USB 2.0 adapter
Norton AntiVirus
Norton Safe Web Lite
Picasa 3
Presto! PageManager 7.15.13
Prism Video Converter
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Recuva (remove only)
Safari
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
SAMSUNG PC Studio 2.0.9
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 4.2
SpeedTouch USB Software
Spelling Dictionaries Support For Adobe Reader 9
SyncBack
TranslatorBar 3.3 Toolbar
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VideoPad Video Editor
VLC media player 1.1.8
Watch Football TV
WebFldrs XP
Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WiseConvert Toolbar
Yontoo 1.10.02
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
7/06/2012 7:51:00 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: Access is denied.
13/06/2012 11:37:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
13/06/2012 11:35:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt BHDrvx86 ccSet_NAV eeCtrl Fips intelppm KLIF SRTSP SRTSPX StarOpen SymIRON SYMTDI
13/06/2012 11:34:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
13/06/2012 11:34:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/06/2012 2:12:37 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
10/06/2012 10:06:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729).
.
==== End Of File ===========================
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
Reply With Quote
  #14  
Old 06-13-2012, 11:47 PM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
That was not the Full ESET log, it should have been fully posted from top to bottom. If full logs are requested then they must be posted, from the first line to the last. We ask this for very specific reasons. The items found are not the only pieces of information we get from these logs. Please, from now on if full logs are requested then please post them in full.

Based on what I see in the DDS.txt log, you have at least two anti-virus programs installed and running on the computer and the absolute rule is only ONE. There are multiple other very dangerous and very questionable programs showing in that log also.

Based on that log and the Attach.txt log I have to say I believe that the computer truly, even with the scans run thus far is still very likely grossly infected and based on what shows in the log, most of these infected files began entering the computer on or after May 27th.

One thing also I see is Akamai NetSession Interface that is autostarting with each boot of the computer. This needs to be Stopped immediately, ask MM to help you with this, it Must be removed from auto start before anything else is done. This is a client-side networking technology that enhances networking protocols for delivery of software and media. There is no reason in the world this should be auto starting.

You have the following anti-virus programs and firewall installed and they all must be Uninstalled using Add/Remove
Norton AntiVirus
Norton Safe Web Lite

ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Spy Blocker

The DDS log also shows at least remnants of at least one Kaspersky security program, though Kaspersky does not show in the installed programs log, the files are showing so a manual search for Kaspersky files must be done and if any are found they must be deleted.

These programs show in Add/Remove and absolutely, positively must be Uninstalled using Add/Remove. I would recommend doing this in Safe Mode in hopes of eliminating interference by other programs.

Choice Guard
Conduit Engine
DealPly
ERUNT 1.1j
jZip
TranslatorBar 3.3 Toolbar
Watch Football TV
WiseConvert Toolbar
Yontoo 1.10.02

These programs show clearly in the DDS.txt log but do not show in Add/Remove, which will make their Uninstall very, very difficult and they absolute DO have to go, they are all KNOWN Bad programs.

SpeedyPC Software
PriceGong
searchqutoolbar
SpeedMaxPc
Ilivid Player

You probably need to get MM to help you with all of these removals of the programs not listed in Add/Remove. Frankly don't know how easy this is going to be, it's likely going to require a manual search and removal probably again in Safe Mode.

A safe mode removal of all may be the way you will have to go on these. I will let MM make that decision.

After those removals are complete, please make note of any that you have either not found or have not been able to remove, then you will have to do the following:

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/down...virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop If it is NOT run from the desktop then it will not work correctly. So it MUST be ON the desktop, NOT located in a folder someplace.
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!


Post back here with the Full Combofix Log from top to bottom, every single line and every single section is vitally important so please be sure you do not leave one single thing out. It must be copy/pasted also.

Do nothing else after the run of Combofix and posting of the log.

I will give you the next set of instructions after reading that log.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #15  
Old 06-14-2012, 01:05 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Also uninstall
Java Auto Updater
Java(TM) 6 Update 24

It is way out of date.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #16  
Old 06-14-2012, 02:52 AM
MMFELL's Avatar
MMFELL MMFELL is offline
Retired Computer Techo
 
Join Date: Nov 2003
Location: Sydney. Australia
Posts: 16,643
Thanks Judy, sorry about the eset log - its my fault.

I will consult with onslaught and I think a reformat reinstall is the way to go.
__________________
2.67 GHz Intel Core2 Quad 2GB RAM, 150GB + 500GB + 2TB SATA + 1TB Ext, DVD-RW, WinXP Pro (SP3), IE7, Avira, Outpost Firewall, Nero 7, Office XP. Cable. Pics of my Radar & Parrish now retired therapy dogs below.
Google is your friend


Reply With Quote
  #17  
Old 06-14-2012, 09:24 AM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Quote:
Originally Posted by MMFELL View Post
Thanks Judy, sorry about the eset log - its my fault.

I will consult with onslaught and I think a reformat reinstall is the way to go.
No problem MM. At this rate those missing lines wouldn't help us much anyway.
Think also that reformat is the way to go to but if onslaught wants to continue to attempt a clean up just post the logs and we can go from there.
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #18  
Old 06-19-2012, 09:41 PM
trapper trapper is offline
Senior Member
 
Join Date: Sep 2002
Location: canada
Posts: 527
Judy:

I was just browsing your stuff with Onslaught and noticed something that you might just already know. But here is a quote from A/V Software Review for your info: If you already know this, just ignore my comments:

Most people do not know that ZoneAlarm sports the goodness of the Kaspersky virus-scanning engine under the hood.
__________________
trapper
Reply With Quote
  #19  
Old 06-19-2012, 10:33 PM
jholland1964's Avatar
jholland1964 jholland1964 is online now
Almost Really Old Member
 
Join Date: Feb 2004
Location: The Middle
Posts: 30,535
Quote:
Originally Posted by trapper View Post
Judy:

I was just browsing your stuff with Onslaught and noticed something that you might just already know. But here is a quote from A/V Software Review for your info: If you already know this, just ignore my comments:

Most people do not know that ZoneAlarm sports the goodness of the Kaspersky virus-scanning engine under the hood.
You know I had forgotten that, thanks for reminding me! Very good catch!!!
__________________

1. Dell Inspiron N5040;
Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0

2.Dell Inspiron N7010; Windows 7 64bit SP1
IE11;WLM2012; Firefox v.31.0
Cable/Wireless
Avira Free; Windows Firewall; SpywareBlaster;
MBA-M; SpyBot;SAS


System Restore

Stick with the Clean up
Reply With Quote
  #20  
Old 06-19-2012, 11:07 PM
trapper trapper is offline
Senior Member
 
Join Date: Sep 2002
Location: canada
Posts: 527
You are welcome Judy!
__________________
trapper
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:49 PM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 2000-2011 WorldStart, Inc