TechSpot

Can't access search pages like Google and Yahoo seach

Inactive
By djones123
Mar 16, 2012
  1. Hi,

    Recently i had an issue with accessing interner search pages like google and yahoo search. Other pages work fine.

    I have looked for a Host fine and it looks fine with no suspicious entry.

    I have tried spybot and malware but they didn't find anything.

    I have tried to flush dns but same results.

    Note: My laptop is on network, if i connect to wireless router in my office then everything works fine.

    This morning i uninstalled and reinstalled my network adapter and bingo everything started working but after restarting my laptop i am back to the same problem.

    I have also checked the firewall and it is not blocking anything.

    Can i post the highjack log here? If yes then can i remove the lines in the log file where it is showing my company's name?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help you but we don't use HijackThis to screen for malware, so I don't need it now.

    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ===================================
    Please note: if you change anything on a log entry and it happens to be an infected file, the scanners may not read or remove the file. While I respect your right to privacy, you have posted on an internet forum that is open, as in not a secure site.

    If there are some personal entries of concern, I can delete them for you when we finish.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. djones123

    djones123 TS Rookie Topic Starter

    Log file enteries

    Hi,

    Thanks for your reply.

    I have got all the log files and wondering if i can remove or amend mine and my company's name from the log file?

    Thanks
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please note: if a file or folder has malware on/in it and the entry has been changed, the scanner may not find or remove it. I can delete the name when we finish if you like.

    Keep in mind that you have chosen to post on an internet computer forum, which is not a secured site. It's not likely that anyone else but me will look at the log entries, but if there is enough personal information you don't want displayed, there is always the Geek Squad and the $$$ that it will cost.
  5. djones123

    djones123 TS Rookie Topic Starter

    Antivirus

    Hi,

    Thanks for your reply.

    I am using eTrust Antivirus and do i need to uninstall it before i run the other softwares for log files?
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Not for these scans. But when I have you run Combofix, I will give you instructions to uninstall eTrust and a choice of a temporary AV. Both AVG and the CA programs don't have any way to disable completely for some scans.
  7. djones123

    djones123 TS Rookie Topic Starter

    log files

    Mbam-log

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    adminbu :: ASSET584 [administrator]

    Protection: Enabled

    23/03/2012 09:17:42
    mbam-log-2012-03-23 (09-17-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 360504
    Time elapsed: 23 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    -------------------------------------------------


    gmer.log file


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-23 09:42:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.3.16
    Running: 8z29k7n3.exe; Driver: C:\DOCUME~1\ADMINB~1.UKO\LOCALS~1\Temp\ffdirpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
    AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:488] 8A1C739F
    Thread System [4:840] 89A380F4

    ---- EOF - GMER 1.0.15 ----


    ---------------------------------------------------------------------


    dds.txt


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by adminbu at 9:42:46 on 2012-03-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.486 [GMT 0:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\oracle\product\10.2.0\client_2\bin\omtsreco.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.yahoo.com/
    uWindow Title = Microsoft Internet Explorer provided by XYZ Services
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
    uInternet Settings,ProxyOverride = <local>
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
    mRun: [WinVNC] "c:\program files\realvnc\winvnc\WinVNC.exe" -servicehelper
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103794754379
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.2745486111
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {E876D003-BCDE-11D3-9131-000094B61529} - hxxps://eroom.fulcrumpharma.com/eRoomSetup/client.cab
    TCP: DhcpNameServer = 192.168.5.7 192.168.5.100
    TCP: Interfaces\{32EB674A-79FE-4970-97E8-00966F166333} : DhcpNameServer = 192.168.5.7 192.168.5.100
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: igfxcui - igfxsrvc.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\adminbu.ukXYZcro\application data\mozilla\firefox\profiles\am7pwmcw.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Alert Notification Server;Alert Notification Server;c:\program files\ca\sharedcomponents\alert\alert.exe [2005-4-6 192574]
    R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]
    R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]
    R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-7 50176]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-19 652360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-19 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-23 40776]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
    .
    =============== Created Last 30 ================
    .
    2012-03-23 09:36:21 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\local settings\application data\Google
    2012-03-23 09:17:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-03-19 13:45:46 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\IECompatCache
    2012-03-19 12:34:43 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\local settings\application data\Mozilla
    2012-03-19 12:19:57 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\application data\Malwarebytes
    2012-03-19 12:13:12 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\PrivacIE
    2012-03-19 12:07:54 -------- d-----w- c:\windows\SxsCaPendDel
    2012-03-19 11:55:10 -------- d-----w- C:\efa378f162d4ef2a5d6fe9cbe0c03737
    2012-03-19 11:54:50 -------- d-----w- C:\44f349dfaff1e380d8ee85e82a
    2012-03-19 10:11:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-19 10:11:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-19 10:11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-16 14:37:56 -------- d-----w- c:\program files\Scriptocean
    2012-03-16 09:22:39 -------- d-----w- c:\program files\Trend Micro
    2012-03-15 16:08:33 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\IETldCache
    2012-03-14 14:56:47 -------- d-----w- C:\dump
    2012-03-08 10:13:24 -------- d-----w- C:\backup
    2012-03-07 11:52:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-03-07 11:52:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-03-07 10:35:16 -------- d-----w- c:\windows\pss
    2012-03-07 10:32:31 -------- d-----w- c:\program files\common files\Quest Shared
    2012-03-07 10:31:10 -------- d-sh--w- c:\documents and settings\all users\application data\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
    2012-03-07 10:30:59 -------- d-----w- c:\documents and settings\all users\application data\Quest Software
    2012-03-07 10:30:58 -------- d-----w- c:\program files\Quest Software
    2012-03-06 09:25:50 -------- d-----w- C:\back up
    2012-02-29 18:05:53 -------- d-----w- c:\program files\Microsoft Device Emulator
    2012-02-29 18:05:44 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
    2012-02-29 17:46:31 -------- d-----w- c:\documents and settings\all users\application data\PreEmptive Solutions
    2012-02-29 17:46:30 -------- d-----w- c:\program files\common files\Merge Modules
    2012-02-29 17:46:30 -------- d-----w- c:\program files\common files\Business Objects
    2012-02-29 17:46:30 -------- d-----w- c:\program files\CE Remote Tools
    2012-02-29 15:59:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2012-02-29 14:16:59 -------- d-----w- C:\VC#
    2012-02-29 14:16:58 -------- d-----w- C:\Vb
    2012-02-29 13:56:03 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2012-02-29 13:56:02 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2012-02-29 13:55:23 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2012-02-29 13:54:43 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2012-02-29 13:52:49 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2012-02-29 13:52:47 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2012-02-29 13:50:44 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2012-02-29 13:50:43 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-29 13:50:43 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-29 13:49:22 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2012-02-29 12:18:31 -------- d-----w- c:\windows\system32\XPSViewer
    2012-02-29 12:16:06 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2012-02-29 12:15:48 14048 ------w- c:\windows\system32\spmsg2.dll
    .
    ==================== Find3M ====================
    .
    2012-03-02 11:38:29 402704 ----a-w- c:\windows\system32\cdonts.dll
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 9:43:55.21 ===============



    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2003 13:50:11
    System Uptime: 21/03/2012 15:23:55 (42 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0X1078
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2394/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 16.192 GiB free.
    D: is CDROM ()
    S: is NetworkDisk (NTFS) - 408 GiB total, 97.798 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1516: 15/02/2012 12:43:13 - System Checkpoint
    RP1517: 16/02/2012 14:16:10 - System Checkpoint
    RP1518: 29/02/2012 12:15:48 - Installed %1 %2.
    RP1519: 29/02/2012 12:16:00 - Printer Driver Microsoft XPS Document Writer Installed
    RP1520: 29/02/2012 12:39:00 - Installed %1 %2.
    RP1521: 29/02/2012 12:39:19 - Printer Driver Microsoft XPS Document Writer Installed
    RP1522: 29/02/2012 14:19:30 - Software Distribution Service 3.0
    RP1523: 01/03/2012 17:02:53 - System Checkpoint
    RP1524: 03/03/2012 09:06:15 - System Checkpoint
    RP1525: 05/03/2012 09:03:17 - System Checkpoint
    RP1526: 06/03/2012 11:48:43 - System Checkpoint
    RP1527: 07/03/2012 12:34:59 - System Checkpoint
    RP1528: 08/03/2012 16:57:44 - System Checkpoint
    RP1529: 09/03/2012 19:49:33 - System Checkpoint
    RP1530: 10/03/2012 20:01:57 - System Checkpoint
    RP1531: 11/03/2012 23:48:27 - System Checkpoint
    RP1532: 13/03/2012 03:34:02 - System Checkpoint
    RP1533: 14/03/2012 07:33:56 - System Checkpoint
    RP1534: 15/03/2012 11:48:04 - System Checkpoint
    RP1535: 16/03/2012 09:22:38 - Installed HiJackThis
    RP1536: 17/03/2012 13:12:49 - System Checkpoint
    RP1537: 18/03/2012 13:27:18 - System Checkpoint
    RP1538: 19/03/2012 11:53:36 - Software Distribution Service 3.0
    RP1539: 20/03/2012 13:03:01 - System Checkpoint
    RP1540: 21/03/2012 15:52:33 - System Checkpoint
    RP1541: 22/03/2012 16:15:50 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Reader 7.0.8
    Avery Wizard 2.5
    CA eTrust Antivirus
    Compatibility Pack for the 2007 Office system
    Dell Solution Center
    DesignPro 5.0 Limited Edition
    eRoom 7
    Google Toolbar for Internet Explorer
    Help and Support Customization
    HiJackThis
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Intel (R) Pro Alerting Agent
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    Internet Explorer Q903235
    Java 2 Runtime Environment, SE v1.4.2
    Jaws PDF Creator
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Compact Framework 1.0 SP3 Developer
    Microsoft .NET Compact Framework 2.0
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft Data Access Components KB870669
    Microsoft Device Emulator version 1.0 - ENU
    Microsoft Document Explorer 2005
    Microsoft Office XP Professional
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Professional Edition - ENU
    Microsoft Visual Web Developer 2005 Express Edition - ENU
    Microsoft Windows Journal Viewer
    Mozilla Firefox 10.0.2 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    OMCI
    Oracle Data Provider for .NET Help
    Oracle Developer Tools for Visual Studio .NET Help
    Quest Installer
    Quest Software Toad Data Modeler
    Quest SQL Optimizer for Oracle Trial
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 8 (KB911565)
    Security Update for Windows Media Player 8 (KB917734)
    Security Update for Windows Media Player 9 Series (KB969878)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Spybot - Search & Destroy
    Toad for Oracle 11 Trial
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VNC 3.3.7
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/03/2012 15:27:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
    21/03/2012 15:27:08, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/03/2012 15:27:08, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
    20/03/2012 14:38:32, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user ASSET584\IWAM_ASSET584 SID (S-1-5-21-2018342339-2642335498-3619954525-1012). This security permission can be modified using the Component Services administrative tool.
    20/03/2012 09:17:02, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
    19/03/2012 17:02:33, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
    19/03/2012 17:02:33, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.
    19/03/2012 17:02:07, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The redirector is in use and cannot be unloaded.
    19/03/2012 11:15:40, error: System Error [1003] - Error code 100000d1, parameter1 76456606, parameter2 00000005, parameter3 00000001, parameter4 f74a25f7.
    .
    ==== End Of File ===========================
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, let's go ahead with the following:

    I'd like you to run Combofix- but it won't run with the CA Security (or AVG). You will need to temporarily uninstall CA Security as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the CA program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    ================================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave both logs in your next reply.
    =============================
  9. djones123

    djones123 TS Rookie Topic Starter

    log file

    Eset Log file:

    C:\Documents and Settings\u.rehm\Local Settings\Temporary Internet Files\Content.IE5\01Q7G52F\SoftonicDownloader_for_microsoft-visual-web-developer-2005-express-edition[1].exe a variant of Win32/SoftonicDownloader.D application
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    My apology- it appears I didn't have my head on straight!

    After running the AppRemover, please proceed with Combofix:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    Regarding the Eset entry for Softtonic Downloader:
    Downloads hosted at Softonic can be preceded by a customized installer called "Softonic Downloader" which shows "commercial offers, such as the Softonic Toolbar."Downloads not hosted by Softonic are not accompanied by the Softonic Downloader.

    CNet has something similar. My thought is that you shouldn't have to include that little extra process in order to download a program! Always try to download from the manufacturer's site-if it's a clean site itself.
    --------------------------------------------
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\u.rehm\Local Settings\Temporary Internet Files\Content.IE5\01Q7G52F\SoftonicDownloader_for_microsoft-visual-web-developer-2005-express-edition[1].exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.