Jump to content

Recommended Posts

I'm a level 1 tech for a medium sized corporation, and i have an end user with this malady. I've run MBAM, SuperantiSpyware and TDSSKiller. Mbam only got 1 hit, which was the pum.bad.proxy reg entry. I fixed and restarted, but it came back. I then ran the other 2 scans which came up with nothing except tracking cookies. Logs from MBAB and DDS:

 

WinXP SP3, IE8

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.14.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jfinch :: JANFINCH6320 [administrator]

3/14/2014 1:41:08 PM
mbam-log-2014-03-14 (13-41-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277105
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2011 8:57:54 AM
System Uptime: 3/14/2014 3:07:56 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 01MCMN
Processor: Intel Pentium III Xeon processor | CPU 1 | 2594/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 193.835 GiB free.
D: is CDROM ()
G: is NetworkDisk (NTFS) - 3440 GiB total, 154.315 GiB free.
H: is NetworkDisk (NTFS) - 1792 GiB total, 211.637 GiB free.
I: is NetworkDisk (NTFS) - 3440 GiB total, 154.315 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP676: 12/14/2013 6:52:49 PM - System Checkpoint
RP677: 12/16/2013 2:42:41 AM - System Checkpoint
RP678: 12/17/2013 3:25:33 AM - System Checkpoint
RP679: 12/18/2013 4:36:41 AM - System Checkpoint
RP680: 12/19/2013 5:23:52 AM - System Checkpoint
RP681: 12/20/2013 5:53:49 AM - System Checkpoint
RP682: 12/21/2013 6:53:03 AM - System Checkpoint
RP683: 12/22/2013 7:00:15 AM - System Checkpoint
RP684: 12/23/2013 9:41:37 AM - System Checkpoint
RP685: 12/24/2013 11:23:38 AM - System Checkpoint
RP686: 12/25/2013 12:46:51 PM - Installed TomTom HOME.
RP687: 12/26/2013 1:18:10 PM - System Checkpoint
RP688: 12/28/2013 9:43:42 AM - System Checkpoint
RP689: 1/1/2014 1:10:17 PM - System Checkpoint
RP690: 1/2/2014 2:17:16 PM - System Checkpoint
RP691: 1/3/2014 2:49:28 PM - System Checkpoint
RP692: 1/4/2014 3:20:58 PM - System Checkpoint
RP693: 1/5/2014 4:19:52 PM - System Checkpoint
RP694: 1/6/2014 7:30:14 PM - System Checkpoint
RP695: 1/7/2014 7:35:13 PM - System Checkpoint
RP696: 1/8/2014 7:54:47 PM - System Checkpoint
RP697: 1/9/2014 8:53:42 PM - System Checkpoint
RP698: 1/10/2014 9:16:35 PM - System Checkpoint
RP699: 1/11/2014 9:51:50 PM - System Checkpoint
RP700: 1/12/2014 10:06:14 PM - System Checkpoint
RP701: 1/14/2014 7:12:35 AM - System Checkpoint
RP702: 1/15/2014 7:37:36 AM - System Checkpoint
RP703: 1/16/2014 4:03:12 PM - System Checkpoint
RP704: 1/17/2014 7:39:27 PM - System Checkpoint
RP705: 1/18/2014 8:00:37 PM - System Checkpoint
RP706: 1/19/2014 8:03:42 PM - System Checkpoint
RP707: 1/20/2014 8:28:09 PM - System Checkpoint
RP708: 1/21/2014 9:27:02 PM - System Checkpoint
RP709: 1/22/2014 10:26:06 PM - System Checkpoint
RP710: 1/23/2014 11:25:17 PM - System Checkpoint
RP711: 1/25/2014 3:35:59 AM - System Checkpoint
RP712: 1/26/2014 4:01:01 AM - System Checkpoint
RP713: 1/27/2014 4:21:55 AM - System Checkpoint
RP714: 1/28/2014 5:20:43 AM - System Checkpoint
RP715: 1/29/2014 5:42:19 AM - System Checkpoint
RP716: 1/30/2014 6:29:24 AM - System Checkpoint
RP717: 1/31/2014 11:35:09 AM - System Checkpoint
RP718: 2/1/2014 12:31:08 PM - System Checkpoint
RP719: 2/3/2014 10:08:01 AM - System Checkpoint
RP720: 2/4/2014 10:27:45 AM - System Checkpoint
RP721: 2/6/2014 11:11:10 AM - System Checkpoint
RP722: 2/7/2014 11:37:13 AM - Software Distribution Service 3.0
RP723: 2/8/2014 1:01:57 PM - System Checkpoint
RP724: 2/9/2014 4:32:59 PM - System Checkpoint
RP725: 2/10/2014 6:25:37 PM - System Checkpoint
RP726: 2/11/2014 6:40:14 PM - System Checkpoint
RP727: 2/12/2014 6:54:01 PM - System Checkpoint
RP728: 2/13/2014 7:29:59 PM - System Checkpoint
RP729: 2/15/2014 8:35:07 AM - System Checkpoint
RP730: 2/16/2014 9:57:14 AM - System Checkpoint
RP731: 2/17/2014 1:08:37 PM - System Checkpoint
RP732: 2/18/2014 2:19:50 PM - System Checkpoint
RP733: 2/19/2014 5:32:11 PM - System Checkpoint
RP734: 2/20/2014 6:45:57 PM - System Checkpoint
RP735: 2/24/2014 1:53:17 PM - System Checkpoint
RP736: 2/25/2014 2:43:56 PM - System Checkpoint
RP737: 2/26/2014 3:09:27 PM - System Checkpoint
RP738: 2/27/2014 3:34:16 PM - System Checkpoint
RP739: 2/28/2014 11:33:15 PM - System Checkpoint
RP740: 3/2/2014 10:15:14 AM - System Checkpoint
RP741: 3/8/2014 11:40:38 PM - System Checkpoint
RP742: 3/9/2014 11:56:46 PM - System Checkpoint
RP743: 3/13/2014 3:25:39 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6400_Help
AccelerometerP11
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connect Participant Application v9.0.82
Baan IV BW
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Citrix Online Launcher
CustomerResearchQFolder
CyberLink PowerDVD 9.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ControlVault Host Components Installer
Dell Touchpad
Dell Webcam Central
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DirectX 9 Runtime
DocProc
DocProcQFolder
Fax
Google Earth
Google Update Helper
GoToMeeting 5.4.0.1082
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Officejet Pro 8100 Basic Device Software
HP Officejet Pro 8100 Help
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Update
HPSSupply
IBM Tivoli Continuous Data Protection for Files
IDT Audio
Imagistics im3511/im4511 Series PCL Printer Driver
Imagistics PC-FAX driver V2
Intel PROSet WiMAX
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiMAX Software
iTunes
J2SE Runtime Environment 5.0 Update 22
J6400
Java Auto Updater
Java 6 Update 26
Juniper Networks Host Checker
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.4.0
Juniper Networks, Inc. Setup Client
Lotus Notes 8.5.2
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Meeting Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O2Micro Flash Memory Card Windows Driver
OCR Software by I.R.I.S. 10.0
PGP Desktop
PrimoPDF
Printer Status Monitor Version 4.0
ProductContext
Professional Capture Systems 2.1
PSSWCORE
QuickTime 7
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2817670) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2863902) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrintingOC
Sonic CinePlayer Decoder Pack
Status
SUPERAntiSpyware
Symantec Endpoint Protection
Symantec_pcAnywhere_plugin_installer
System Requirements Lab for Intel
TAM E-SSO AccessAgent
TeamViewer 9
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
View Password
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
3/8/2014 10:30:51 PM, error: Dhcp [1002]  - The IP address lease 10.2.200.36 for the Network Card with network address 00FFA0365489 has been denied by the DHCP server 10.2.200.1 (The DHCP Server sent a DHCPNACK message).
3/14/2014 10:01:51 AM, error: PlugPlayManager [12]  - The device 'Communications Port (COM1)' (ACPI\PNP0501\0) disappeared from the system without first being prepared for removal.
3/13/2014 11:05:00 AM, error: System Error [1003]  - Error code 000000f4, parameter1 00000003, parameter2 872d0da0, parameter3 872d0f14, parameter4 805d22da.
3/12/2014 8:31:54 AM, error: Dhcp [1002]  - The IP address lease 10.2.201.49 for the Network Card with network address 00FFF8044989 has been denied by the DHCP server 10.2.200.1 (The DHCP Server sent a DHCPNACK message).
3/12/2014 7:32:26 AM, error: Dhcp [1002]  - The IP address lease 10.2.200.145 for the Network Card with network address 00FFF8044989 has been denied by the DHCP server 10.2.200.1 (The DHCP Server sent a DHCPNACK message).
3/12/2014 7:31:41 AM, error: NETLOGON [5719]  - No Domain Controller is available for domain ANDENT due to the following:  There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
3/11/2014 8:15:01 AM, error: Dhcp [1002]  - The IP address lease 10.2.200.51 for the Network Card with network address 00FFF8044989 has been denied by the DHCP server 10.2.200.1 (The DHCP Server sent a DHCPNACK message).
3/10/2014 9:38:35 PM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
3/10/2014 6:32:08 AM, error: Dhcp [1002]  - The IP address lease 10.2.200.51 for the Network Card with network address 00FFA0365489 has been denied by the DHCP server 10.2.200.1 (The DHCP Server sent a DHCPNACK message).
3/10/2014 6:30:16 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.5.0_22
Run by jfinch at 16:57:26 on 2014-03-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3241.1644 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:13828
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: CEnBrowserListener Object: {089D765F-DF2D-42EA-8013-E9F6BCE95216} - c:\program files\encentuate\WebSSOAgent.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Push Client] "c:\documents and settings\jfinch\local settings\application data\att connect\participant\pull.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [intelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AAAgent] "c:\program files\encentuate\AATray.exe"
mRun: [Receiver] c:\program files\imagistics\pcfax2\PcfaxRcv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cdpfor~1.lnk - c:\program files\tivoli\cdp_for_files\FilePathSrv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{edb95985-54d4-412b-97d9-37202e33edc9}\Icon6560581611.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printe~1.lnk - c:\program files\imagistics\printer status monitor\Smon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profes~1.lnk - c:\pcs\Jascap32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: legalnoticecaption = !!!Authorized Use Only!!!
mPolicies-System: legalnoticetext = Unauthorized access or use of this system is NOT permitted and is strictly prohibited by security policies.
UNAUTHORIZED USE IS SUBJECT TO DISCIPLINARY AND/OR CRIMINAL ACTION.
Access to this equipment is monitored and logged.
More information can be found in the IT Acceptable Use Policy
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\PGPlsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

















TCP: NameServer = 10.0.0.200 10.0.0.201 10.6.11.1
TCP: Interfaces\{0AA73B27-4955-4181-8F3C-A85426498BE9} : DHCPNameServer = 10.0.0.200 10.0.0.201 10.6.11.1
TCP: Interfaces\{85A1E02C-6428-4656-A8A9-57A3E356461F} : DHCPNameServer = 10.0.0.200 10.0.0.201 10.6.11.1
TCP: Interfaces\{C2202A30-3D5E-4FCB-B182-2A5AF3087054} : DHCPNameServer = 10.6.11.100 10.6.11.39
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= ConsoleHookLoader.dll PGPmapih.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli PGPpwflt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jfinch\application data\mozilla\firefox\profiles\689g3asc.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2011-5-9 136824]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [2011-5-9 13432]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-5-25 17648]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymDS.sys [2013-11-9 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymEFA.sys [2013-11-9 935512]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\bashdefs\20140304.011\BHDrvx86.sys [2014-3-8 1098968]
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\ccSetx86.sys [2013-11-9 134744]
R1 FilePath;VitalFile;c:\windows\system32\drivers\Fp.sys [2008-9-24 314513]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\Ironx86.sys [2013-11-9 175192]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-10-25 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-10-25 32160]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2011-6-6 450560]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2011-5-26 8192]
R2 ObsService;ObsService;c:\program files\encentuate\ObsService.exe [2009-2-16 83288]
R2 PGP RDD Service;PGP RDD Service;c:\program files\pgp corporation\pgp desktop\RDDService.exe [2011-5-9 166520]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ccSvcHst.exe [2013-11-9 144368]
R2 SOCIAccess;SOCIAccess;c:\program files\encentuate\SOCIAccess.exe [2009-2-16 951640]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-2-4 4915040]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-5-25 2656280]
R2 ViewPassword;View Password;c:\program files\view-password-soft\ViewPassword155.exe [2014-2-28 192512]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2011-6-6 765952]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-5-25 43888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-5-25 113664]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\drivers\bpenum.sys [2011-5-19 199936]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\drivers\bpmp.sys [2011-5-19 140160]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\drivers\bpusb.sys [2011-5-19 70656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-5-26 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-5-25 33832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-14 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\ipsdefs\20140313.011\IDSXpx86.sys [2014-3-14 383120]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-5-25 260864]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-25 41088]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\virusdefs\20140313.016\NAVENG.SYS [2014-3-14 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\virusdefs\20140313.016\NAVEX15.SYS [2014-3-14 1612376]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-5-25 7391744]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [2011-5-26 63976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FilePathsrv;CDPforFilesSrv;c:\windows\system32\FilePathSrv.exe [2008-9-24 516415]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2012-1-4 620376]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\coh_mon.sys --> c:\windows\system32\drivers\COH_Mon.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-5-26 134144]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfxp.sys [2011-5-26 60192]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\SyDvCtrl32.sys [2013-11-9 28576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-03-14 20:45:35 -------- d-----w- c:\documents and settings\jfinch\application data\SUPERAntiSpyware.com
2014-03-14 20:45:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-14 20:45:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2014-03-14 19:43:03 -------- d-----w- c:\documents and settings\jfinch\application data\smkits
2014-03-13 16:51:28 -------- d-----w- c:\documents and settings\jfinch\application data\Malwarebytes
2014-03-13 16:51:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-03-13 16:51:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-13 16:51:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-02 02:04:19 -------- d-----w- c:\program files\iPod
2014-03-02 02:04:16 -------- d-----w- c:\program files\iTunes
2014-03-02 02:04:16 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-02 01:28:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-02 01:28:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-02 01:28:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-02 01:28:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-02 01:28:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-02 00:43:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-03-02 00:43:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-02-28 16:11:47 -------- d-----w- c:\program files\View-Password-soft
.
==================== Find3M  ====================
.
2014-03-13 15:45:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 15:45:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-17 21:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 21:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:57:38.41 ===============
 

 

 

 

I won't be back to check on this until 3-17-14 around 8am EST.

 

Thanks in advance.

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Sorry for the delay.  I will be out for most of the day tomorrow but will check back on you later in the evening.

Please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

 
STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


 
 
STEP 02
Please run a Quick Scan with Malwarebytes
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post back the report.
Make sure that everything is checked, and click Remove Selected if anything is found.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 
Thanks
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.