Jump to content

was redirected here


Recommended Posts

hi first of all!!

nice to meet you, hope ull think the same after this......

2)i dont know where to go with this question for help i dont understand the listing

sorry im slow..

3) dont know where to go to show my malware log - i think it needs to be seen!!!

4) have vundo trojans and stuff and think i need to do something about that?

dont know if we have a firewall cuz we cant get windows to turn on and dont know how to see if one is somewhere else

i did a hijack this log and its really weird - dont see one in there but dont know wht it would look like anyway

BIGGEST please direct me where to go to get started ?

for help that is - lol

thank you so much

here is my malware bytes log and my hjt log

mbam_log_2010_12_05__00_24_18_.txt

hijackthis.log

Link to post
Share on other sites

Hi PULLINGoutmyEYEBROWS and Welcome to Malwarebytes!

If you look at your MBAM report. You'll see "No action taken" you might have posted this before you "clicked Remove Selected" or you did not made sure that everything was checked, and click Remove Selected. Lets hope for the latter.. Make sure that everything is checked, and click Remove Selected and reboot your computer. Lets run it again:

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

hi

the quick scan showed nothing so i redid the full scan to show what was in it.

i did do what you told me to do with the instructions you gave me.

i noticed the 2 on bottom area said i didnt check them but everything was checked.

is trojan really gone?

here is log:::

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5262

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18975

07/12/2010 18:04:32

mbam-log-2010-12-07 (18-04-32).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 278847

Time elapsed: 1 hour(s), 4 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 34

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 7

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\boylepoker (Adware.Casino) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

c:\Poker\boylepoker\_setuppoker_14c9[1].exe (Adware.Casino) -> Quarantined and deleted successfully.

c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.

c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.

c:\Users\keith\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\KB437M2A\setuppoker_14c9[1].exe (Adware.Casino) -> Quarantined and deleted successfully.

c:\Users\keith\AppData\LocalLow\mywebsearch\bar\setups\my web search installer.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

i saved to desktop

closed the internet

uninstalled malware bytes (kept logfile though)

disabled avast antivirus and antispyware program

dbl clicked this combofix and it went into a small blue box and began the scan

i went to finish laundry while it was running.

i didnt see it go into anything or reboot but do have the logfile here.

we do not have the avast program icon anymore..but is on again..or the eircom icon.but we r connected.or some other icon things that were there b4?..we already didnt have the windows firewall for some reason-(why this whole scanning thing started)

did i miss something important??

should i redo and sit here to watch ?

im sorry i thought it would take awhile once it started to scan, i thought it was ok to get up..

here is logfile::

ComboFix 10-12-06.04 - keith 07/12/2010 19:39:34.1.2 - x86

Microsoft

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

here is eset log file:

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application

C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application

C:\Windows\System32\APISlice.dll probably a variant of Win32/DllInject.D application

here is log for security check:

Results of screen317's Security Check version 0.99.6

Windows Vista Service Pack 1 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

CCleaner

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.0.45.2

Adobe Reader X

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

Empowering Technology eSettings Service capuserv.exe

Windows Defender MSASCui.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

we still do not have windows firewall..if that is important yet?

although it seems ther are bigger problems right now? ha

just wanted to say thankyou again for continuing to help us !!

Link to post
Share on other sites

What happens when you turn on windows firewall?

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Services

    :Reg

    :Files
    C:\Program Files\Windows Live\Messenger\msimg32.dll
    C:\Program Files\Windows Live\Messenger\riched20.dll
    C:\Windows\System32\APISlice.dll


    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]


  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

hi!

hope ur day is going good!

the icon on the bottom says windows security alerts..when i go in the the fwall is off and will not allow us to turn on cuz security center is off

when try manually a msg says: not using recommended settings to protect your computer (this hhas a yellow triangle in front of this msg)

try updating and get the msg says: windows firewall settings cannot b displayed bcuz the associated service is not running. do u want to start the windows firewall service? i push yes and msg says:windows cannot start the windows firewall service. grrrrr nothing else to do from there back to beginning again.

we dont have another firewall ?

it says we have no antivirus or spyware but know we do cuz we have avast so we ignore that. windows defender is on as well.. but firewall is not on avast either.

2 questions also please/ do we uninstall the other prgrams we used here already?

and when we turn the computer on a white box with a light blue border pops up for just a second after desktop and all is loaded. is that just cuz we arent done yet?

im doing the next step now.

thankyou again for helping our mess!!!

Link to post
Share on other sites

hi this is the 2nd part of above post the log file:

All processes killed

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\msimg32.dll

C:\Program Files\Windows Live\Messenger\msimg32.dll moved successfully.

DllUnregisterServer procedure not found in C:\Program Files\Windows Live\Messenger\riched20.dll

C:\Program Files\Windows Live\Messenger\riched20.dll moved successfully.

DllUnregisterServer procedure not found in C:\Windows\System32\APISlice.dll

C:\Windows\System32\APISlice.dll moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

User: keith

->Temp folder emptied: 555608 bytes

->Java cache emptied: 6391550 bytes

->Google Chrome cache emptied: 11058816 bytes

->Flash cache emptied: 2015691 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 92032 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 12371189 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb

Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 12082010_171605

Files moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

hi .

was i supposed to turni off avast? cuz i forgot to

when the program went to reboot it had an error message

all i caught was:

application error box

couldnt complete ..click to cancel?

but it went straight into reboot

then when it came back and was preparinf a log report a box popped up for a second that said: my...property box

here is the log file:

ComboFix 10-12-06.04 - keith 08/12/2010 20:12:14.2.2 - x86

Microsoft

Link to post
Share on other sites

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C netsh winsock reset catalog

Now see if you firewall is turn on?

Link to post
Share on other sites

hi before i do the next thing i wanted to telll u

redid the combofix and this time turned off the avast first.

i did not get the error that combofix could not complete.

i included the new log file.

also where i have these posts saved in my favorites for malware bytes the icons have been changed to yahoo icons instead of malwarebytes icons.

should i still continue as u directed in the above post??

Link to post
Share on other sites

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH FIREWALL RESET

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C NETSH int ip reset c:\resetlog.txt

Click on START - RUN and copy / paste the entry below into the run line and click OK

CMD /C netsh winsock reset catalog

Next

You mention you removed Malwarebytes. Lets install it again and run a scan.

bf_new.gif Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

hi!

did the quick scan and here is the log included.

the quick scan never finds anything though its the full scan that finds the stuff- if that matters?

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5281

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18975

09/12/2010 16:11:26

mbam-log-2010-12-09 (16-11-26).txt

Scan type: Quick scan

Objects scanned: 139971

Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

oh anf the start run ..when i put in the stuff it pulls up tha black box for a sec and closes right back down on each items pasted....still no windows firewall allowed..

Link to post
Share on other sites

We need to look at some more information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

hi there!

here are the report logs you asked for

ps still no firewall listed at all when i did the instructions to find the one to turn off, it pulls up windows firewall but cant turn it on .

should we put one on ? zone alarm i have always used with my avast on my own pc..but WILL wait to see what YOU instruct cuz we dont want to mess up anything your working so hard to fix for us!!

DDS (Ver_10-12-05.01) - NTFSx86

Run by keith at 11:42:49.49 on 10/12/2010

Internet Explorer: 8.0.6001.18975

Microsoft

Link to post
Share on other sites

Zone alarm is a lot better than Windows firewall. Lets run this scan for now:

Please run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Link to post
Share on other sites

hi kenny,

it took a couple of times to get this program to go. said it was not responding ,but then it did after i disabled avast.

and should we be unistalling the programs as we use them afterwards? we havent .

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Online Validation Code: N/A, hr = 0xc004f012

Windows Product Key: *****-*****-XY9X3-JDXYP-6CJ97

Windows Product Key Hash: xFQJU8srKsovk6p1Lk1yW93in4E=

Windows Product ID: 89578-OEM-7332157-00211

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.0.6001.2.00010300.1.0.003

ID: {3EAE95D1-B9E1-4E78-8DA4-F8A2EB66F2E8}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows Vista Home Premium

Architecture: 0x00000000

Build lab: 6001.vistasp1_gdr.100608-0458

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: 6.0.6002.16398

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 102

Microsoft Office Home and Student 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{3EAE95D1-B9E1-4E78-8DA4-F8A2EB66F2E8}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6CJ97</PKey><PID>89578-OEM-7332157-00211</PID><PIDType>2</PIDType><SID>S-1-5-21-1971067569-1449298871-3863805054</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 7720Z </Model></SYSTEM><BIOS><Manufacturer>Acer</Manufacturer><Version>V1.17</Version><SMBIOSVersion major="2" minor="4"/><Date>20070914000000.000000+000</Date></BIOS><HWID>31313507018400FA</HWID><UserLCID>1809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.0.6001.18000

Name: Windows Vista, HomePremium edition

Description: Windows Operating System - Vista, OEM_SLP channel

Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 89578-00146-321-500211-02-1033-6000.0000-0232008

Installation ID: 161263322586096576416202932474196570908693445773302705

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474

Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475

Partial Product Key: 6CJ97

License Status: Licensed

Windows Activation Technologies-->

N/A

HWID Data-->

HWID Hash Current: OgAAAAEABgABAAIAAQABAAAAAgABAAEAJJSEhJguehyQFIIPQP9CuEaDjt1qOwrh8vSyS3ADrFYqhQ==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20000

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC ACRSYS ACRPRDCT

FACP ACRSYS ACRPRDCT

HPET ACRSYS ACRPRDCT

MCFG ACRSYS ACRPRDCT

SLIC ACRSYS ACRPRDCT

SSDT PmRef CpuPm

SSDT PmRef CpuPm

SSDT PmRef CpuPm

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.