Inactive Can't access search pages like Google and Yahoo seach

[djones123]

Hi,

Recently i had an issue with accessing interner search pages like google and yahoo search. Other pages work fine.

I have looked for a Host fine and it looks fine with no suspicious entry.

I have tried spybot and malware but they didn't find anything.

I have tried to flush dns but same results.

Note: My laptop is on network, if i connect to wireless router in my office then everything works fine.

This morning i uninstalled and reinstalled my network adapter and bingo everything started working but after restarting my laptop i am back to the same problem.

I have also checked the firewall and it is not blocking anything.

Can i post the highjack log here? If yes then can i remove the lines in the log file where it is showing my company's name?

 

[Bobbye]

Welcome to TechSpot! I'll be glad to help you but we don't use HijackThis to screen for malware, so I don't need it now.

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===================================
Please note: if you change anything on a log entry and it happens to be an infected file, the scanners may not read or remove the file. While I respect your right to privacy, you have posted on an internet forum that is open, as in not a secure site.

If there are some personal entries of concern, I can delete them for you when we finish.
=====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[djones123]

Log file enteries

Hi,

Thanks for your reply.

I have got all the log files and wondering if i can remove or amend mine and my company's name from the log file?

Thanks

 

[Bobbye]

Please note: if a file or folder has malware on/in it and the entry has been changed, the scanner may not find or remove it. I can delete the name when we finish if you like.

Keep in mind that you have chosen to post on an internet computer forum, which is not a secured site. It's not likely that anyone else but me will look at the log entries, but if there is enough personal information you don't want displayed, there is always the Geek Squad and the $$$ that it will cost.

 

[djones123]

Antivirus

Hi,

Thanks for your reply.

I am using eTrust Antivirus and do i need to uninstall it before i run the other softwares for log files?

 

[Bobbye]

Not for these scans. But when I have you run Combofix, I will give you instructions to uninstall eTrust and a choice of a temporary AV. Both AVG and the CA programs don't have any way to disable completely for some scans.

 

[djones123]

log files

Mbam-log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
adminbu :: ASSET584 [administrator]

Protection: Enabled

23/03/2012 09:17:42
mbam-log-2012-03-23 (09-17-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360504
Time elapsed: 23 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-------------------------------------------------


gmer.log file


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-23 09:42:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.3.16
Running: 8z29k7n3.exe; Driver: C:\DOCUME~1\ADMINB~1.UKO\LOCALS~1\Temp\ffdirpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
AttachedDevice \FileSystem\Fastfat \Fat ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/.Net/Computer Associates)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:488] 8A1C739F
Thread System [4:840] 89A380F4

---- EOF - GMER 1.0.15 ----


---------------------------------------------------------------------


dds.txt


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by adminbu at 9:42:46 on 2012-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.486 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\oracle\product\10.2.0\client_2\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\snmp.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.yahoo.com/
uWindow Title = Microsoft Internet Explorer provided by XYZ Services
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s
mRun: [WinVNC] "c:\program files\realvnc\winvnc\WinVNC.exe" -servicehelper
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103794754379
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.2745486111
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {E876D003-BCDE-11D3-9131-000094B61529} - hxxps://eroom.fulcrumpharma.com/eRoomSetup/client.cab
TCP: DhcpNameServer = 192.168.5.7 192.168.5.100
TCP: Interfaces\{32EB674A-79FE-4970-97E8-00966F166333} : DhcpNameServer = 192.168.5.7 192.168.5.100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\adminbu.ukXYZcro\application data\mozilla\firefox\profiles\am7pwmcw.default\
.
============= SERVICES / DRIVERS ===============
.
R2 Alert Notification Server;Alert Notification Server;c:\program files\ca\sharedcomponents\alert\alert.exe [2005-4-6 192574]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2003-2-10 114688]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-7 50176]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-19 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-19 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-23 40776]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2012-03-23 09:36:21 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\local settings\application data\Google
2012-03-23 09:17:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-19 13:45:46 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\IECompatCache
2012-03-19 12:34:43 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\local settings\application data\Mozilla
2012-03-19 12:19:57 -------- d-----w- c:\documents and settings\adminbu.ukXYZcro\application data\Malwarebytes
2012-03-19 12:13:12 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\PrivacIE
2012-03-19 12:07:54 -------- d-----w- c:\windows\SxsCaPendDel
2012-03-19 11:55:10 -------- d-----w- C:\efa378f162d4ef2a5d6fe9cbe0c03737
2012-03-19 11:54:50 -------- d-----w- C:\44f349dfaff1e380d8ee85e82a
2012-03-19 10:11:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-19 10:11:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 10:11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-16 14:37:56 -------- d-----w- c:\program files\Scriptocean
2012-03-16 09:22:39 -------- d-----w- c:\program files\Trend Micro
2012-03-15 16:08:33 -------- d-sh--w- c:\documents and settings\adminbu.ukXYZcro\IETldCache
2012-03-14 14:56:47 -------- d-----w- C:\dump
2012-03-08 10:13:24 -------- d-----w- C:\backup
2012-03-07 11:52:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-07 11:52:38 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-07 10:35:16 -------- d-----w- c:\windows\pss
2012-03-07 10:32:31 -------- d-----w- c:\program files\common files\Quest Shared
2012-03-07 10:31:10 -------- d-sh--w- c:\documents and settings\all users\application data\{08439167-4CA5-48E9-A810-A3A7C0B80B06}
2012-03-07 10:30:59 -------- d-----w- c:\documents and settings\all users\application data\Quest Software
2012-03-07 10:30:58 -------- d-----w- c:\program files\Quest Software
2012-03-06 09:25:50 -------- d-----w- C:\back up
2012-02-29 18:05:53 -------- d-----w- c:\program files\Microsoft Device Emulator
2012-02-29 18:05:44 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2012-02-29 17:46:31 -------- d-----w- c:\documents and settings\all users\application data\PreEmptive Solutions
2012-02-29 17:46:30 -------- d-----w- c:\program files\common files\Merge Modules
2012-02-29 17:46:30 -------- d-----w- c:\program files\common files\Business Objects
2012-02-29 17:46:30 -------- d-----w- c:\program files\CE Remote Tools
2012-02-29 15:59:44 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-02-29 14:16:59 -------- d-----w- C:\VC#
2012-02-29 14:16:58 -------- d-----w- C:\Vb
2012-02-29 13:56:03 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-02-29 13:56:02 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-29 13:55:23 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-02-29 13:54:43 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-29 13:52:49 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-29 13:52:47 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-02-29 13:50:44 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-29 13:50:43 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-29 13:50:43 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 13:49:22 45568 ------w- c:\windows\system32\dllcache\wab.exe
2012-02-29 12:18:31 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-29 12:16:06 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-29 12:15:48 14048 ------w- c:\windows\system32\spmsg2.dll
.
==================== Find3M ====================
.
2012-03-02 11:38:29 402704 ----a-w- c:\windows\system32\cdonts.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:43:55.21 ===============



attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2003 13:50:11
System Uptime: 21/03/2012 15:23:55 (42 hours ago)
.
Motherboard: Dell Computer Corp. | | 0X1078
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2394/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 16.192 GiB free.
D: is CDROM ()
S: is NetworkDisk (NTFS) - 408 GiB total, 97.798 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1516: 15/02/2012 12:43:13 - System Checkpoint
RP1517: 16/02/2012 14:16:10 - System Checkpoint
RP1518: 29/02/2012 12:15:48 - Installed %1 %2.
RP1519: 29/02/2012 12:16:00 - Printer Driver Microsoft XPS Document Writer Installed
RP1520: 29/02/2012 12:39:00 - Installed %1 %2.
RP1521: 29/02/2012 12:39:19 - Printer Driver Microsoft XPS Document Writer Installed
RP1522: 29/02/2012 14:19:30 - Software Distribution Service 3.0
RP1523: 01/03/2012 17:02:53 - System Checkpoint
RP1524: 03/03/2012 09:06:15 - System Checkpoint
RP1525: 05/03/2012 09:03:17 - System Checkpoint
RP1526: 06/03/2012 11:48:43 - System Checkpoint
RP1527: 07/03/2012 12:34:59 - System Checkpoint
RP1528: 08/03/2012 16:57:44 - System Checkpoint
RP1529: 09/03/2012 19:49:33 - System Checkpoint
RP1530: 10/03/2012 20:01:57 - System Checkpoint
RP1531: 11/03/2012 23:48:27 - System Checkpoint
RP1532: 13/03/2012 03:34:02 - System Checkpoint
RP1533: 14/03/2012 07:33:56 - System Checkpoint
RP1534: 15/03/2012 11:48:04 - System Checkpoint
RP1535: 16/03/2012 09:22:38 - Installed HiJackThis
RP1536: 17/03/2012 13:12:49 - System Checkpoint
RP1537: 18/03/2012 13:27:18 - System Checkpoint
RP1538: 19/03/2012 11:53:36 - Software Distribution Service 3.0
RP1539: 20/03/2012 13:03:01 - System Checkpoint
RP1540: 21/03/2012 15:52:33 - System Checkpoint
RP1541: 22/03/2012 16:15:50 - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Avery Wizard 2.5
CA eTrust Antivirus
Compatibility Pack for the 2007 Office system
Dell Solution Center
DesignPro 5.0 Limited Edition
eRoom 7
Google Toolbar for Internet Explorer
Help and Support Customization
HiJackThis
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel (R) Pro Alerting Agent
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Q903235
Java 2 Runtime Environment, SE v1.4.2
Jaws PDF Creator
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Data Access Components KB870669
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Office XP Professional
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Windows Journal Viewer
Mozilla Firefox 10.0.2 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
OMCI
Oracle Data Provider for .NET Help
Oracle Developer Tools for Visual Studio .NET Help
Quest Installer
Quest Software Toad Data Modeler
Quest SQL Optimizer for Oracle Trial
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Toad for Oracle 11 Trial
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VNC 3.3.7
WebFldrs XP
Windows Internet Explorer 8
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
21/03/2012 15:27:08, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
21/03/2012 15:27:08, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/03/2012 15:27:08, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
20/03/2012 14:38:32, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} to the user ASSET584\IWAM_ASSET584 SID (S-1-5-21-2018342339-2642335498-3619954525-1012). This security permission can be modified using the Component Services administrative tool.
20/03/2012 09:17:02, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
19/03/2012 17:02:33, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
19/03/2012 17:02:33, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.
19/03/2012 17:02:07, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The redirector is in use and cannot be unloaded.
19/03/2012 11:15:40, error: System Error [1003] - Error code 100000d1, parameter1 76456606, parameter2 00000005, parameter3 00000001, parameter4 f74a25f7.
.
==== End Of File ===========================

 

[Bobbye]

Okay, let's go ahead with the following:

I'd like you to run Combofix- but it won't run with the CA Security (or AVG). You will need to temporarily uninstall CA Security as follows:

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the CA program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Microsoft Security Essentials
Comodo AV
Avast! Free Antivirus
================================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Please leave both logs in your next reply.
=============================

 

[djones123]

log file

Eset Log file:

C:\Documents and Settings\u.rehm\Local Settings\Temporary Internet Files\Content.IE5\01Q7G52F\SoftonicDownloader_for_microsoft-visual-web-developer-2005-express-edition[1].exe a variant of Win32/SoftonicDownloader.D application

 

[Bobbye]

My apology- it appears I didn't have my head on straight!

After running the AppRemover, please proceed with Combofix:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
Regarding the Eset entry for Softtonic Downloader:
Downloads hosted at Softonic can be preceded by a customized installer called "Softonic Downloader" which shows "commercial offers, such as the Softonic Toolbar."Downloads not hosted by Softonic are not accompanied by the Softonic Downloader.

CNet has something similar. My thought is that you shouldn't have to include that little extra process in order to download a program! Always try to download from the manufacturer's site-if it's a clean site itself.
--------------------------------------------
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Documents and Settings\u.rehm\Local Settings\Temporary Internet Files\Content.IE5\01Q7G52F\SoftonicDownloader_for_microsoft-visual-web-developer-2005-express-edition[1].exe
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.