Jump to content

Help checking malawarebytes blocked scam..


Raineb

Recommended Posts

I posted last night about this scam I receive but its only when I go to a

SHS Aust forum.. no other one , then a box down right hand side toolbar says

Malwarebytes had successfully blocked access to a potentially

malicious website and the number of it is always the same..

109.163.234.234.. what does it mean.. is my computer infecting the forum ?

as my computer goes all strange for a while , it freezes so I have done what firefox

suggested here just so you can see what is happening..

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Lorraine at 15:07:44 on 2012-11-21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.607 [GMT 11:00]

.

AV: BP Security AntiMalware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: BP Security Firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe

c:\Program Files\bigpond\security\App\syssvcnt.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\mHotkey.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\bigpond\security\app\Console.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

c:\Program Files\Bigpond\ESP Elements\bigpond.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uWindow Title = Internet Explorer, optimized for Bing and MSN

dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CHotkey] mHotkey.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345461389625

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346750924046

TCP: NameServer = 10.0.0.138

TCP: Interfaces\{8BDC6399-C25B-4BA6-BF01-1301852D4BD9} : DHCPNameServer = 10.0.0.138

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2012-10-1 21616]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-11-19 21464]

R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\esp elements\AuthElementsSvc.exe [2012-10-22 243568]

R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2012-10-1 40304]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-31 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-31 676936]

R2 SBAMSvc;AntiMalware;c:\program files\common files\sunbelt\SBAMSvc.exe [2010-8-20 2763080]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-11-19 69976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-31 22856]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

=============== Created Last 30 ================

.

2012-11-19 02:42:37 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-11-19 02:42:36 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2012-11-19 02:42:33 -------- dc----w- c:\documents and settings\all users\application data\BP Security

2012-11-19 02:33:35 -------- dc----w- c:\documents and settings\all users\application data\Sunbelt

2012-11-19 02:31:36 -------- dc----w- c:\documents and settings\all users\application data\Authentium

2012-11-19 02:31:17 -------- d-----w- c:\program files\common files\Sunbelt

2012-11-19 02:19:30 -------- d-----w- c:\program files\common files\Authentium Shared

2012-11-18 12:50:21 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-11-18 12:47:04 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-11-18 12:47:04 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-11-18 12:47:04 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-11-18 12:47:04 117760 ------w- c:\windows\system32\prntvpt.dll

2012-11-18 12:47:03 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-11-18 12:47:03 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-11-18 12:47:03 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2012-11-18 12:47:03 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-11-18 12:47:02 -------- dc----w- C:\a36998e1156791e799ef4bec

2012-11-18 11:03:44 -------- dc----w- c:\documents and settings\all users\application data\ESP Elements

2012-11-18 10:58:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-11-18 10:58:38 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-18 10:51:48 -------- dc----w- c:\documents and settings\all users\application data\Bigpond

2012-11-18 10:51:48 -------- d-----w- c:\documents and settings\lorraine\application data\Bigpond

2012-11-18 10:44:21 -------- d-----w- c:\program files\Disk Cleaner

2012-11-18 01:11:15 -------- d-----w- c:\windows\system32\XPSViewer

2012-11-17 13:34:14 -------- dc----w- C:\a6466590732ffae1e6a3089e4cae02

2012-11-17 06:12:55 -------- d-----w- c:\documents and settings\lorraine\My Pictures

2012-11-16 03:56:15 -------- d-----w- c:\program files\Web Washer

2012-11-16 02:59:56 14664 ----a-w- c:\windows\stinger.sys

2012-11-16 02:55:08 -------- d-----w- c:\program files\stinger

2012-11-16 02:42:41 132880 ----a-w- c:\windows\system32\MSINET.OCX

2012-11-16 02:42:40 1008432 ----a-w- c:\windows\system32\MSCHRT20.OCX

2012-11-16 02:25:12 -------- d-----w- c:\documents and settings\lorraine\application data\ElevatedDiagnostics

2012-11-13 04:47:45 -------- d-----w- c:\documents and settings\lorraine\application data\Geek Uninstaller

2012-11-03 12:50:41 -------- d-----w- c:\program files\MSECache

2012-10-31 10:38:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-31 10:38:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-29 00:56:57 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2012-10-29 00:56:57 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-10-29 00:50:40 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-10-29 00:48:18 -------- d-----w- c:\windows\SHELLNEW

.

==================== Find3M ====================

.

2012-11-19 09:58:33 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-19 09:58:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-21 10:02:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-21 10:02:23 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-21 10:02:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 00:36:22 444272 ----a-w- c:\windows\system32\grfilter.dll

2012-10-01 00:36:18 40304 ----a-w- c:\windows\system32\drivers\GRTdiMon.sys

2012-10-01 00:36:18 21616 ----a-w- c:\windows\system32\drivers\GRFilter.sys

2012-10-01 00:30:46 149360 ----a-w- c:\windows\system32\AuthWSC.dll

2012-10-01 00:28:38 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-10-01 00:28:38 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-10-01 00:28:38 106496 ----a-w- c:\windows\system32\atl71.dll

2012-10-01 00:27:08 86016 ----a-w- c:\windows\system32\wscif.dll

2012-10-01 00:26:24 103656 ----a-w- c:\windows\system32\authcrypt.dll

2012-09-22 10:08:19 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

.

============= FINISH: 15:09:15.01 ===============

then next one is

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 8/18/2012 4:38:55 PM

System Uptime: 11/21/2012 1:44:51 PM (2 hours ago)

.

Motherboard: Acer | | E61ML

Processor: Intel® Celeron® CPU 2.60GHz | Socket 478 | 2600/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 25.999 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 11/16/2012 2:51:57 PM - System Checkpoint

RP2: 11/17/2012 6:34:47 PM - System Checkpoint

RP3: 11/17/2012 11:54:39 PM - Software Distribution Service 3.0

RP4: 11/18/2012 11:26:17 AM - Software Distribution Service 3.0

RP5: 11/18/2012 12:08:30 PM - Software Distribution Service 3.0

RP6: 11/18/2012 12:29:31 PM - Printer Driver Microsoft XPS Document Writer Installed

RP7: 11/18/2012 2:33:48 PM - Software Distribution Service 3.0

RP8: 11/18/2012 9:43:16 PM - Restore Operation

RP9: 11/18/2012 10:39:10 PM - Software Distribution Service 3.0

RP10: 11/18/2012 11:43:27 PM - Software Distribution Service 3.0

RP11: 11/19/2012 12:36:55 PM - Printer Driver Microsoft XPS Document Writer Installed

RP12: 11/19/2012 10:18:33 PM - Software Distribution Service 3.0

RP13: 11/19/2012 11:22:05 PM - Software Distribution Service 3.0

RP14: 11/20/2012 4:13:52 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Anti-Spyware (Sunbelt4)

BigPond (BIUS)

Bigpond Desktop

BigPond Security

Bing Rewards Client Installer

Disk Cleaner 2.0

Dropbox

ESP

Firewall (Core 2)

Firewall (User)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Deskjet 2050 J510 series Basic Device Software

HP Deskjet 2050 J510 series Help

HP Photo Creations

HP Update

IrfanView (remove only)

Java 7 Update 9

Java Auto Updater

Java SE Development Kit 7 Update 7

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Basic Edition 2003

Microsoft Office File Validation Add-In

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

SafeCentral Security Suite Web Install Helper

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Segoe UI

SiS 650/651/740/661FX/741/760 series

Third Party Prerequisites

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973815)

USB Multimedia Keyboard Driver Ver1.02

WebFldrs XP

Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Service Pack 3

WOT for Internet Explorer

Yahoo! Software Update

Yahoo! Toolbar

Yahoo!7 Messenger

.

==== Event Viewer Messages From Past Week ========

.

11/18/2012 9:41:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2012 9:41:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2012 9:41:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/18/2012 9:41:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/18/2012 12:30:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

11/18/2012 12:30:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

11/18/2012 12:30:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2012 10:55:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

11/18/2012 10:55:06 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2012 10:01:01 PM, error: Service Control Manager [7000] - The Active Malware Protection Support Driver service failed to start due to the following error: The system cannot find the file specified.

11/16/2012 2:47:35 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

11/16/2012 10:55:23 AM, error: Service Control Manager [7000] - The Office Source Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/16/2012 10:55:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Office Source Engine service to connect.

.

==== End Of File ===========================

Hoping you can help me..

Link to post
Share on other sites

Hello Raineb! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

Link to post
Share on other sites

Hi Maniac.. Thanks for being my helper.. I have run the scan and will post under this message..

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.22.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Lorraine :: LORRAINE-RIYXGZ [administrator]

11/23/2012 12:12:15 AM

mbar-log-2012-11-23 (00-12-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 24849

Time elapsed: 31 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.600000 GHz

Memory total: 1308082176, free: 659689472

------------ Kernel report ------------

11/22/2012 23:39:14

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\System32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\System32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

uagp35.sys

Mup.sys

GRFILTER.sys

\SystemRoot\System32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\sisgrp.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\imapi.sys

\SystemRoot\System32\DRIVERS\cdrom.sys

\SystemRoot\System32\DRIVERS\redbook.sys

\SystemRoot\System32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ALCXWDM.SYS

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ALCXSENS.SYS

\SystemRoot\System32\DRIVERS\usbohci.sys

\SystemRoot\System32\DRIVERS\USBPORT.SYS

\SystemRoot\System32\DRIVERS\usbehci.sys

\SystemRoot\System32\DRIVERS\HSFBS2S2.sys

\SystemRoot\System32\DRIVERS\HSFDPSP2.sys

\SystemRoot\System32\DRIVERS\HSFCXTS2.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\System32\DRIVERS\RTL8139.SYS

\SystemRoot\System32\DRIVERS\fdc.sys

\SystemRoot\System32\DRIVERS\serial.sys

\SystemRoot\System32\DRIVERS\serenum.sys

\SystemRoot\System32\DRIVERS\parport.sys

\SystemRoot\System32\DRIVERS\i8042prt.sys

\SystemRoot\System32\DRIVERS\kbdclass.sys

\SystemRoot\System32\DRIVERS\audstub.sys

\SystemRoot\System32\DRIVERS\rasl2tp.sys

\SystemRoot\System32\DRIVERS\ndistapi.sys

\SystemRoot\System32\DRIVERS\ndiswan.sys

\SystemRoot\System32\DRIVERS\raspppoe.sys

\SystemRoot\System32\DRIVERS\raspptp.sys

\SystemRoot\System32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\psched.sys

\SystemRoot\System32\DRIVERS\msgpc.sys

\SystemRoot\System32\DRIVERS\ptilink.sys

\SystemRoot\System32\DRIVERS\raspti.sys

\SystemRoot\System32\DRIVERS\termdd.sys

\SystemRoot\System32\DRIVERS\mouclass.sys

\SystemRoot\System32\DRIVERS\swenum.sys

\SystemRoot\System32\DRIVERS\update.sys

\SystemRoot\System32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\DRIVERS\usbhub.sys

\SystemRoot\System32\DRIVERS\USBD.SYS

\SystemRoot\System32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\System32\DRIVERS\ipsec.sys

\SystemRoot\System32\DRIVERS\tcpip.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\srvkp.sys

\SystemRoot\system32\drivers\sbaphd.sys

\SystemRoot\System32\DRIVERS\rdbss.sys

\SystemRoot\System32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\DRIVERS\ipnat.sys

\SystemRoot\System32\DRIVERS\wanarp.sys

\SystemRoot\System32\DRIVERS\hidusb.sys

\SystemRoot\System32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\SiSGRV.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\sbapifs.sys

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\System32\Drivers\GRTdiMon.sys

\SystemRoot\System32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\DRIVERS\HSF_FALL.sys

\SystemRoot\System32\DRIVERS\HSF_FSKS.sys

\SystemRoot\System32\DRIVERS\HSF_K56K.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\DRIVERS\mdmxsdk.sys

\SystemRoot\System32\DRIVERS\HSF_FAXX.sys

\SystemRoot\System32\DRIVERS\HSF_TONE.sys

\SystemRoot\System32\DRIVERS\HSF_V124.sys

\SystemRoot\System32\DRIVERS\ipfltdrv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff893d0ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff89341940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.22.03

Downloaded database version: v2012.11.19.01

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff893d0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff893d4900, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff893d0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89350f18, DeviceName: \Device\0000005c\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff89341940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe395be68, 0xffffffff893d0ab8, 0xffffffff88729ab8

Lower DeviceData: 0xffffffffe3c7c2a8, 0xffffffff89341940, 0xffffffff88ed8ca0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3470346F

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 78156162

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 40020664320 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Administrator\Application Data\Netsweeper\liger.cf9" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Ament.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\license.exl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\prefs.exl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Bigpond\ESP Elements\transactionlog.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\BP Security\AntiMalware\WSCConfig.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-uninstall.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\WSCConfig.xml" is compressed (flags = 1)

Read File: File "C:\boot.ini" is compressed (flags = 1)

Read File: File "C:\END" is compressed (flags = 1)

Done!

Scan finished

=======================================

Will wait for your advice next .. thanks again and enjoy your day or evening there..

.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi Maniac.. the next reply and Combo fix scan for you ...

ComboFix 12-11-23.02 - Lorraine 11/24/2012 12:44:10.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.722 [GMT 11:00]

Running from: c:\documents and settings\Lorraine\Desktop\ComboFix.exe

FW: BP Security Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Lorraine\Application Data\PriceGong

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\5791.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\5938.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Lorraine\Application Data\PriceGong\Data\z.txt

c:\windows\TEMP\SBS_LIBNSIS_TEMP_20121024123200.796_ 9

c:\windows\TEMP\SBS_LIBNSIS_TEMP_20121024123210.218_ 13

.

.

((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))

.

.

2012-11-22 21:37 . 2012-11-22 21:37 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-19 02:42 . 2010-06-14 03:54 69976 ----a-w- c:\windows\system32\drivers\sbapifs.sys

2012-11-19 02:42 . 2010-06-14 03:54 21464 ----a-w- c:\windows\system32\drivers\sbaphd.sys

2012-11-19 02:42 . 2012-11-19 02:42 -------- dc----w- c:\documents and settings\All Users\Application Data\BP Security

2012-11-19 02:33 . 2012-11-19 02:33 -------- dc----w- c:\documents and settings\All Users\Application Data\Sunbelt

2012-11-19 02:31 . 2012-11-19 02:36 -------- dc----w- c:\documents and settings\All Users\Application Data\Authentium

2012-11-19 02:31 . 2012-11-19 02:42 -------- d-----w- c:\program files\Common Files\Sunbelt

2012-11-19 02:19 . 2012-11-19 02:30 -------- d-----w- c:\program files\Common Files\Authentium Shared

2012-11-18 12:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-11-18 12:47 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-11-18 12:47 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2012-11-18 12:47 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-11-18 12:47 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-11-18 12:47 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-11-18 12:47 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-11-18 12:47 . 2012-11-18 12:50 -------- dc----w- C:\a36998e1156791e799ef4bec

2012-11-18 11:03 . 2012-11-18 11:03 -------- dc----w- c:\documents and settings\All Users\Application Data\ESP Elements

2012-11-18 10:51 . 2012-11-18 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Bigpond

2012-11-18 10:51 . 2012-11-18 10:51 -------- d-----w- c:\documents and settings\Lorraine\Application Data\Bigpond

2012-11-18 10:44 . 2012-11-18 10:44 -------- d-----w- c:\program files\Disk Cleaner

2012-11-18 10:40 . 2012-11-18 10:43 -------- dcs---w- c:\documents and settings\Administrator

2012-11-18 01:11 . 2012-11-19 12:28 -------- d-----w- c:\windows\system32\XPSViewer

2012-11-18 01:11 . 2012-11-18 01:11 -------- d-----w- c:\program files\MSBuild

2012-11-18 01:10 . 2012-11-18 01:10 -------- d-----w- c:\program files\Reference Assemblies

2012-11-17 13:34 . 2012-11-18 10:53 -------- dc----w- C:\a6466590732ffae1e6a3089e4cae02

2012-11-17 06:12 . 2012-11-18 07:21 -------- d-----w- c:\documents and settings\Lorraine\My Pictures

2012-11-16 03:56 . 2012-11-18 10:57 -------- d-----w- c:\program files\Web Washer

2012-11-16 02:59 . 2012-11-16 02:59 14664 ----a-w- c:\windows\stinger.sys

2012-11-16 02:55 . 2012-11-16 03:19 -------- d-----w- c:\program files\stinger

2012-11-16 02:42 . 2004-03-08 13:00 132880 ----a-w- c:\windows\system32\MSINET.OCX

2012-11-16 02:42 . 1998-06-25 13:00 1008432 ----a-w- c:\windows\system32\MSCHRT20.OCX

2012-11-16 02:25 . 2012-11-16 02:25 -------- d-----w- c:\documents and settings\Lorraine\Application Data\ElevatedDiagnostics

2012-11-13 04:47 . 2012-11-13 04:48 -------- d-----w- c:\documents and settings\Lorraine\Application Data\Geek Uninstaller

2012-11-03 12:50 . 2012-11-03 12:50 -------- d-----w- c:\program files\MSECache

2012-10-31 10:38 . 2012-09-29 08:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-31 10:38 . 2012-10-31 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-29 00:56 . 2007-04-09 02:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-10-29 00:56 . 2007-04-09 02:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-10-29 00:50 . 2012-10-29 00:50 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-10-29 00:48 . 2012-10-29 00:51 -------- d-----w- c:\windows\SHELLNEW

2012-10-29 00:33 . 2012-10-29 00:33 -------- dc----r- C:\MSOCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-19 09:58 . 2012-08-20 15:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-19 09:58 . 2012-08-20 15:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-22 08:37 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-21 10:02 . 2012-10-21 10:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-21 10:02 . 2012-10-21 10:03 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-21 10:02 . 2012-09-14 12:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 18:04 . 2003-03-31 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-10-01 00:36 . 2012-10-01 00:36 444272 ----a-w- c:\windows\system32\grfilter.dll

2012-10-01 00:36 . 2012-10-01 00:36 40304 ----a-w- c:\windows\system32\drivers\GRTdiMon.sys

2012-10-01 00:36 . 2012-10-01 00:36 21616 ----a-w- c:\windows\system32\drivers\GRFilter.sys

2012-10-01 00:30 . 2012-10-01 00:30 149360 ----a-w- c:\windows\system32\AuthWSC.dll

2012-10-01 00:28 . 2012-09-04 11:47 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-10-01 00:28 . 2012-09-04 11:47 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-10-01 00:28 . 2012-09-04 11:47 106496 ----a-w- c:\windows\system32\atl71.dll

2012-10-01 00:27 . 2012-10-01 00:27 86016 ----a-w- c:\windows\system32\wscif.dll

2012-10-01 00:26 . 2012-10-01 00:26 103656 ----a-w- c:\windows\system32\authcrypt.dll

2012-09-22 10:08 . 2012-09-14 12:59 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 15:14 . 2003-03-31 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2012-08-20 11:00 385024 ------w- c:\windows\system32\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]

"SiSPower"="SiSPower.dll" [2008-03-20 53248]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"CHotkey"="mHotkey.exe" [2003-03-28 524800]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]

"ESP"="c:\program files\bigpond\security\app\start.exe" [2012-10-01 62952]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Lorraine^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Lorraine\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Documents and Settings\\Lorraine\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [10/1/2012 11:36 AM 21616]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [11/19/2012 1:42 PM 21464]

R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\ESP Elements\AuthElementsSvc.exe [10/22/2012 10:45 AM 243568]

R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [10/1/2012 11:36 AM 40304]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/31/2012 9:38 PM 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2012 9:38 PM 676936]

R2 SBAMSvc;AntiMalware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [8/20/2010 9:16 AM 2763080]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [11/19/2012 1:42 PM 69976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2012 9:38 PM 22856]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:58]

.

2012-11-24 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2012-09-08 06:14]

.

2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{83B47298-E7EA-4BFC-9126-0AE23CE49174}.job

- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com.au/

TCP: DhcpNameServer = 10.0.0.138

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-24 12:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-515967899-854245398-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2892)

c:\windows\system32\WININET.dll

c:\documents and settings\Lorraine\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\program files\bigpond\ESP Elements\elements\el00000000000130\bigpondslx.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\bigpond\security\App\syssvcnt.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SOUNDMAN.EXE

c:\windows\mHotkey.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\bigpond\security\app\Console.exe

c:\windows\system32\wscntfy.exe

c:\program files\Bigpond\ESP Elements\bigpond.exe

.

**************************************************************************

.

Completion time: 2012-11-24 13:04:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-24 02:04

.

Pre-Run: 27,617,120,256 bytes free

Post-Run: 27,646,353,408 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 153F148429FCC8D29506AEA7D340287D

Thanks again for your help ,, I really appreciate it,. have a good day there ..

Link to post
Share on other sites

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

Here is the scan of the JRT log. for you..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.5.1 (11.25.2012)

OS: Microsoft Windows XP x86

Ran by Lorraine on Mon 11/26/2012 at 15:15:07.32

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Lorraine\Local Settings\Application Data\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduit"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 11/26/2012 at 15:24:14.34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks again for your help..

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi Maniac..

Here is the next file . had a little trouble locating it as not very knowledgable in lots of ways around the computer.

it was by luck mainly but any way here it is..

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a679d1f0a7d4694f99ee735742477de6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-27 09:20:06

# local_time=2012-11-27 08:20:06 (+1000, AUS Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=41137

# found=0

# cleaned=0

# scan_time=2807

I really don`t know why the computers location is in United States as I have changed that

before but still its computer locale is US,, very strange.. thanks again and will check for further post from you..

Link to post
Share on other sites

Hi there Maniac... Yes there doesn`t seem to be those popups now as went to the forum I usually

get them from SHS forum its a seniors forum and it never popped up once so maybe its all gone

hope so .. thanks for your help and hopefully thats all that is needed .. the computer is going really

well.. take care..

Link to post
Share on other sites

Now 7 or so hrs after I posted to you I go to that forum where those warnings of malaware bytes successfully blocked a malicious website and it came back again .. do you think its on that forum ... and its outgoing does that mean its from there or my computer? I

don`t have any trouble in any other forums just this Senior one.. thanks for the help but feel its not right yet.. even though the

computer is going great.. I worry that I might be doing something that is not right..

Link to post
Share on other sites

Hi Maniac I did what you suggested and all seems ok , I haven`t had that pop up again since last night .. so

fingers crossed thanks for your help.. I have Malawarebytes pro and did a scan this morning

and it got rid of a pup infection.. or what I thought it was so will send you this scan here to check it out for

me..

2012/12/01 00:32:10 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing)

2012/12/01 00:32:13 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing)

2012/12/01 00:32:19 +1100 LORRAINE-RIYXGZ Lorraine IP-BLOCK 109.163.234.234 (Type: outgoing)

2012/12/01 00:42:07 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection

2012/12/01 00:42:07 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully

2012/12/01 00:43:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection

2012/12/01 00:44:11 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully

2012/12/01 00:45:12 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting database refresh

2012/12/01 00:45:12 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection

2012/12/01 00:45:13 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully

2012/12/01 00:45:48 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Database refreshed successfully

2012/12/01 00:45:48 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection

2012/12/01 00:46:25 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully

2012/12/01 11:56:07 +1100 LORRAINE-RIYXGZ MESSAGE Starting protection

2012/12/01 11:56:08 +1100 LORRAINE-RIYXGZ MESSAGE Protection started successfully

2012/12/01 11:56:08 +1100 LORRAINE-RIYXGZ MESSAGE Starting IP protection

2012/12/01 11:58:25 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully

2012/12/01 12:08:11 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Executing scheduled update: Daily

2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Scheduled update executed successfully: database updated from version v2012.11.30.06 to version v2012.12.01.02

2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting database refresh

2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Stopping IP protection

2012/12/01 12:09:39 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection stopped successfully

2012/12/01 12:09:54 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Database refreshed successfully

2012/12/01 12:09:54 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE Starting IP protection

2012/12/01 12:10:26 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully

2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Starting protection

2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Protection started successfully

2012/12/01 12:37:42 +1100 LORRAINE-RIYXGZ MESSAGE Starting IP protection

2012/12/01 12:39:19 +1100 LORRAINE-RIYXGZ Lorraine MESSAGE IP Protection started successfully

Have a look and tell me what you think?

Link to post
Share on other sites

Hi Maniac.

No was before I did the reset .. as thought would run Malawarebytes first and just see as the popups showed like I said only on the forum.. again..

well did the scan , they showed that pup infection.removed them and . then I reset the modem and all yesterday had trouble getting it back on to the net..

so now its ok and went to the site and no more of that popups.. seems like you fixed it up.. you do a good job with your knowledge..

thanks for that so any thing else I need to do now to see if its all gone or ok .. as the programs are still on and the scan logs on the desktop..thanks for your help..

bye for now Raine ..

Link to post
Share on other sites

Good news! :)

Please perform a last scan for sure:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.