Jump to content

MBAM AND DDS/GMER LOGS-help requested


Recommended Posts

For about the last week, I have been unable to work in Office applications, including Wordpad, and occasionally others including Adobe Acrobat and Firefox. I can email them and open them, but shortly after or upon any attempt to edit, I get error messages which close the apps without explanation, error codes or text. (See attached screenshot.) MBAM (thank goodness!) works great and since July 15 (about a month) it has been doing up to 50 or more blocks per day of IP address 222.186.13.212; prior to that, I would get perhaps 5-15 blocks per day of various addresses. Since then, other addresses have been blocked, including 222.186.24.11, 218.8.245.123, but none as frequently as 222.186.13.212.

The problem with the crashing apps initially began about 2.5 weeks ago, in fact, but after several days and the offloading of gigs of (legal) audio and video files (incl. many .flv) to an external hard drive, the problem cleared up, only to resurface last week.

It may be notable that the Office and other applications first started crashing after a "routine" (pre Vista SP1) Windows Update in which the update for MS Excel failed to install. I had to manually update the mapisvc.inf file in Windows/System32 and allow system and administrator permission to access it, then was able to manually install the Excel Update and also restored permissions to the default. However, when the apps started crashing, I successfully restored the system to a pre-update point, but the apps continued to crash. When I again installed the same updates after the problem cleared itself but surfaced again after a week or so, I had to do the same things with the mapisvc.inf file to manually install that specific Excel Update (KB912833) and returned system and administrator access permissions for that file to the default.

Notes of potential interest:

1. I use Alltel Wireless Internet, Quick Link Mobile for internet access, with a Huawei EC168 wireless modem.

2. I am running Vista Business SP2 on this laptop.

3. When I plug my laptop in to the network server at work, I do not receive the blocked IP notices, presumably because the security on the server at work is very good and probably stops it before reaching the computer.

4. I exclusively run Mozilla Firefox as my browser.

5. Since the problem occurred, I have installed all pending "important" Windows updates, including Vista SP2. However, a rootkit or something may have slipped through in the interim OR awakened and begun replicating from some previous hidden infection, because I had not previously installed all updates. :-(

6. I am prepared to reinstall MS Office (now running 2003 and will actually upgrade to Office 7) and the other apps if necessary (and I expect it will be); however, I want to clean the invader before doing so to avoid the same problem again.

7. I have seen many instances of problems with this IP addy in numerous forums and it is one of the top 10 attack IPs identified on HoneyBot.com and other sites. It appears to originate in China. I have not, however, searched any of the other blocked IPs since this one has predominated since July 15.

8. After searching countless forums, I have found nothing to identify the possible infection nor any removal tools.

9. I am running Symantec AntiVirus v. 10.2.0.276 with daily updates and scans but Norton has never reported any risks found, even after a full scan. I plan to upgrade to 360, which appears to do a better job than SAV.

10. MBAM v.1.46, (dbv. 4052) quick and full scans also do not detect any risks.

11. I have not used any P2P software or services in recent memory. Any existing files obtained via P2P have been scanned and declared virus-free and most if not all were offloaded after the first occurence of apps crashing.

12. I am the only user of this computer.

I am pasting the DDC.txt file below as well as the screenshot of the application error message. The ark.txt and attach.txt files are attached. I am also attaching 2 MBAM logs showing the blocked IP activity in the event the patterns of attack prove helpful.

Is there any software you recommend using when MBAM cannot detect or eliminate a rootkit or other particularly stealthy invader? It's the best I have tried! Also, do you recommend getting rid of the now apparently frequently targeted mainstream Nortons and McAfee for AV protection, and installing an alternate AV product such as Avira (or other, if so which?), which may be less susceptible to the ever evolving malware? I am truly sick of these evil H4x0r2 who dream up and release these insidious attacks, ruining the internet for everyone and costing us countless hours and dollars to repair or replace software and hardware, not to mention the value of lost data and productivity! Do the "good guys" ever stand a chance of becoming proactive and preventive rather than reactionary? I suppose there's no hope of AV and anti-malware companies hiring these evil geniuses and turning them into forces for the good, huh? Damn. (Sorry for the rant, but this is the 3rd computer this year I've suffered malware problems with and the ridiculous futility of it all is truly infuriating!)

If you need additional info, please ask. Thanks for any assistance you can provide! I am forever in your debt.

rarejem1908

================================

DDS (Ver_10-03-17.01) - NTFSx86

Run by sponsor10 at 7:35:12.23 on Wed 08/11/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

Microsoft

Attach.zip

ark.zip

post-26306-1281539562_thumb.png

protection_log_2010_08_10.txt

protection_log_2010_08_04.txt

protection_log_2010_07_24.txt

Link to post
Share on other sites

Hello ,

And :( My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Thanks Elise. Here's the Combofix log: I was worried for a moment because after Combofix rebooted, I couldn't open MBAM or System or my wireless internet connection software, but a manual reboot has now enabled these features!

ComboFix 10-08-12.03 - sponsor10 08/13/2010 4:51.1.2 - x86

Microsoft

Link to post
Share on other sites

I am also pasting the combofix quarantined files log:

2010-08-13 09:14:11 . 2010-08-13 09:14:11 996 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Uniblue RegistryBooster 2.reg.dat

2010-08-13 09:14:11 . 2010-08-13 09:14:11 916 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-swg.reg.dat

2010-08-13 09:14:11 . 2010-08-13 09:14:11 918 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SearchSettings.reg.dat

2010-08-13 09:14:11 . 2010-08-13 09:14:11 948 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MyWebSearch Plugin.reg.dat

2010-08-13 09:14:11 . 2010-08-13 09:14:11 946 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MyWebSearch Email Plugin.reg.dat

2010-08-13 09:14:10 . 2010-08-13 09:14:10 946 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-masqform.reg.dat

2010-08-13 09:14:10 . 2010-08-13 09:14:10 920 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BitTorrent DNA.reg.dat

2010-08-13 09:14:10 . 2010-08-13 09:14:10 840 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-au.reg.dat

2010-08-13 09:14:02 . 2010-08-13 09:14:02 155 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SearchSettings.reg.dat

2010-08-13 09:14:02 . 2010-08-13 09:14:02 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-RadioPlanet.reg.dat

2010-08-13 09:14:02 . 2010-08-13 09:14:02 94 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-TVPlanet.reg.dat

2010-08-13 08:58:51 . 2010-08-13 08:58:51 1,284 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_RelevantKnowledge.reg.dat

2010-08-13 08:58:34 . 2010-08-13 08:58:34 12,509 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2010-08-13 08:46:45 . 2010-08-13 08:51:14 62 ----a-w- C:\Qoobox\Quarantine\catchme.log

2010-01-08 05:36:58 . 2010-01-08 05:36:58 974,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir

2010-01-08 05:27:40 . 2010-01-08 05:27:40 1,109,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir

2010-01-08 05:07:26 . 2010-01-08 05:07:26 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir

Link to post
Share on other sites

Unfortunately, yes the blocks continue. Apps still crash. No router; I use Alltel Wireless Internet, Quick Link Mobile for internet access, with a Huawei EC168 wireless usb modem. Had a weird system crash this morning; had to power off manually. Thanks!

MBAM protection-log-2010-08-14.txt

01:51:48 sponsor10 IP-BLOCK 222.186.13.212

01:51:49 sponsor10 IP-BLOCK 222.186.13.212

01:51:49 sponsor10 IP-BLOCK 222.186.13.212

02:09:42 sponsor10 IP-BLOCK 222.186.13.212

02:09:42 sponsor10 IP-BLOCK 222.186.13.212

03:30:01 sponsor10 IP-BLOCK 222.186.13.212

03:30:01 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

07:05:33 sponsor10 IP-BLOCK 222.186.13.212

07:05:34 sponsor10 IP-BLOCK 222.186.13.212

07:05:34 sponsor10 IP-BLOCK 222.186.13.212

07:41:45 sponsor10 IP-BLOCK 222.186.13.212

08:33:59 sponsor10 MESSAGE Protection started successfully

08:34:03 sponsor10 MESSAGE IP Protection started successfully

Link to post
Share on other sites

Please click Start > Programs > Accessories, right click on Command Prompt and select "Run as Administrator".

Copy/paste the following at the command prompt and press enter.

NETSH FIREWALL RESET

Let me know if this was successful and afterwards see if you still get IP blocks.

Link to post
Share on other sites

Got an "ok" after executing the process, so far (50 mins) no blocks; will report back in the morning. Note, there is some success! Since the weird "haywire" crash at 08:33:59 on the log mentioned previously, the original site hasn't shown up (yay!); in fact, no sites were blocked for nearly 8 hrs but then a couple of others appeared prior to the firewall reset. I will advise tomorrow. Thanks!

01:51:48 sponsor10 IP-BLOCK 222.186.13.212

01:51:49 sponsor10 IP-BLOCK 222.186.13.212

01:51:49 sponsor10 IP-BLOCK 222.186.13.212

02:09:42 sponsor10 IP-BLOCK 222.186.13.212

02:09:42 sponsor10 IP-BLOCK 222.186.13.212

03:30:01 sponsor10 IP-BLOCK 222.186.13.212

03:30:01 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

04:47:03 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

05:23:40 sponsor10 IP-BLOCK 222.186.13.212

07:05:33 sponsor10 IP-BLOCK 222.186.13.212

07:05:34 sponsor10 IP-BLOCK 222.186.13.212

07:05:34 sponsor10 IP-BLOCK 222.186.13.212

07:41:45 sponsor10 IP-BLOCK 222.186.13.212

08:33:59 sponsor10 MESSAGE Protection started successfully

08:34:03 sponsor10 MESSAGE IP Protection started successfully

16:28:30 sponsor10 IP-BLOCK 222.186.24.11

20:09:18 sponsor10 IP-BLOCK 8.5.1.46

20:09:18 sponsor10 IP-BLOCK 8.5.1.46

20:25:36 sponsor10 IP-BLOCK 208.73.210.125

20:25:36 sponsor10 IP-BLOCK 208.73.210.125

Link to post
Share on other sites

Lets see if we can find anything out about those crashes as well. :)

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL.TXT:

pasted text but post was too long to submit; attached file instead.

EXTRAS.TXT:

OTL Extras logfile created on: 8/15/2010 10:27:19 PM - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\sponsor10\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 72.45 Gb Total Space | 30.69 Gb Free Space | 42.36% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.36 Gb Free Space | 68.16% Space Free | Partition Type: NTFS

Drive E: | 18.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

Drive H: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive I: | 465.11 Gb Total Space | 444.36 Gb Free Space | 95.54% Space Free | Partition Type: NTFS

Computer Name: CU-SPONSOR10

Current User Name: sponsor10

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2353270013-749069410-1218720731-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [QCD.add] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)

Directory [QCD.load] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)

Directory [QCD.play] -- "c:\program files\quintessential player\qcdplayer.exe" /ddeexec (Quinnware)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1AC561AA-6C40-407A-AC5E-7AE8F4F3449B}" = Wave Infrastructure Installer

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{1E789BEE-E1A0-45F1-B5ED-61A693AB1504}" = authorPOINT Lite

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications

"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{42C4AFF5-EFAA-433B-9DED-076FF8B0B833}" = Dassault Systemes Software Prerequisites x86

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus

"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader

"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF2CE2A4-6A99-4F97-AD7C-302002A67B38}" = Alltel Wi-Fi Connection Software

"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools

"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch

"{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}" = HDView for Firefox

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi

"123 Free Solitaire_is1" = 123 Free Solitaire 2008 v6.0

"7-Zip" = 7-Zip 4.57

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"All in 1 Media Codecs Pack_is1" = All in 1 Media Codecs Pack V3.3

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3

"Audacity_is1" = Audacity 1.2.6

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.40

"Expstudio Audio Editor FREE" = Expstudio Audio Editor FREE

"Flash Movie Player" = Flash Movie Player 1.5

"Free FLV Converter_is1" = Free FLV Converter V 6.8.0

"Free Online TV Player_is1" = Free Online TV Player

"Free Video Converter" = Free Video Converter

"gemshop" = Gem Shop

"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade

"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update

"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"livetvbar Toolbar" = livetvbar Toolbar

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)

"Musicnotes Player_is1" = Musicnotes Player V1.23.1

"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)

"NVIDIA Drivers" = NVIDIA Drivers

"PDF reDirect" = PDF reDirect (remove only)

"Pulse Master_is1" = Pulse Master 5.5

"QuickLink Mobile" = QuickLink Mobile

"QuicktimeAlt_is1" = QuickTime Alternative 1.90

"Quintessential Player" = Quintessential Player

"RealAlt_is1" = Real Alternative 1.9.0

"RealArcade" = RealArcade

"Uninstall Master_is1" = Uninstall Master v5.0.1.3

"Unlocker" = Unlocker 1.8.7

"Vocal Remover" = Vocal Remover

"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

"wordharmony" = Word Harmony

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2353270013-749069410-1218720731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

THANKS!

OTL.Txt

Link to post
Share on other sites

Live tv bar is history! outta here! so what do you mean by disabling SAV? permanently? Yes, the Nortons do cause all kinds of trouble. Do you recommend another software? Or is MBAM enough?

update: so i tried to uninstall tvfox tool bar and mbam blocked access to the ip. hmm, interesting. have to restart firefox and will also uninstall from control panel. is this the same as live tv bar?

Link to post
Share on other sites

I think it comes with live tv bar, yes.

If you are considering switching to another antivirus, I recommend you to run Nortons Removal tool and install one of the below listed free AV's.

See here for information on how to disable your Norton protection.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Link to post
Share on other sites

OK, so I should try disconnecting, disabling Norton and see if the apps still crash? I don't mind gettin rid of the Nortons at all! They've been a thorn in my side since the Win3.0 days when we all ran NU. Let me explain the behavior in case that helps. Because the crashes occur outside of Office, tho, I'm wondering if reinstalls/upgrades will really solve the problem. On Acrobat Reader I can open a file, but it crashes when I try to print; can type in an Acrobat form, can usually save a saveable pdf. On Office, Excel, Word, Wordpad all crash shortly after opening files or new docs. If they manage to stay open past the first 30 seconds, the print command will take em right out; sometimes app shuts down; sometimes process has to be ended in Task Mgr. Outlook when connected to the work server works ok, but I did not dare try to print. I seem to send and receive email and attachments and can save them. Is it safe to go ahead and uninstall, reinstall or upgrade the crashers? Or are there any other scans I can run?

Link to post
Share on other sites

Also, where did you get your training and do you have to have a background in IT? I would love to know why you recommended the specific scans, what they revealed or what you look for and the logic behind the process--not that you can necessarily explain it here, lol, but I am curious and could be interested in becoming a "Malware Warrior." I saw one of the "Malware University" sites but don't know if I have the background to apply. Plus, I could not devote a lot of time to helping others in forums if I did get the training.

Incidentally, I set up a clean, refurbished XP-SP2 pc for my mom 2 days ago, installed Norton 360, MBAM, Firefox, a printer driver from an OEM CD, then a certified copy of Office 03, followed by Windows Updates. She has a cable modem and as soon as MBAM activated, it blocked the very same site I began this thread with. She'd had a virus on her previous machine that I finally identified (based on behavioral symptoms that made Office apps stop working and kept rebooting her without warning) as maybe some variant of Conficker C. I downloaded and was running the removal tool but could not complete due to the reboots. Anyway, I was just wondering if this IP address that gets blocked is a sign of some specific malware or if it is perhaps associated with Firefox...

Link to post
Share on other sites

Hello,

If your mom is using a cable modem, she will need a firewall, since XP's firewall is not enough. Its quite normal to see IP blocks from MBAM if no firewall is on. Another alternative would be connecting through a router, which acts as a hardware firewall.

In case of conficker, it is very important to make sure all flashdrives and other removable storage is cleaned (best reformatted), otherwise you risk reinfecting a clean machine.

Also, where did you get your training and do you have to have a background in IT? I would love to know why you recommended the specific scans, what they revealed or what you look for and the logic behind the process--not that you can necessarily explain it here, lol, but I am curious and could be interested in becoming a "Malware Warrior." I saw one of the "Malware University" sites but don't know if I have the background to apply. Plus, I could not devote a lot of time to helping others in forums if I did get the training.
I did get my training at BleepingComputer, but I have no IT background. For more information, click the UNITE banner in my signature, where you can find a list of all UNITE malware removal schools.

If you want to apply you don't need an IT background, but quite some time and dedication is needed in order to finish the training.

As for your crashing applications, I have heard of similar issues where the wireless network adapter and printer didn't support eachother: everytime an attempt was made to print, the computer froze. Only if the Network adapter was turned off, printing went normal. Maybe that is something to try.

What you describe is sure not a malware problem, but it is worth a shot to get rid of Norton (you can always reinstall it afterwards if you want) and see if that changes things.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.