Jump to content

kalimba

Honorary Members
  • Posts

    83
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Haha, I'm still lurking around here and got the notification. Had to check in, that post was from 2009! Amazingly, I just replaced that computer two weeks ago. But the ISUSPM issue was very long behind me, thanks to all the help back then. -Kalimba
  2. Hey, thanks for the response - Well, it's not so critical now, because it no longer tries to install every time I restart my computer. However, it still will not remove from my "add remove programs." When I hit "remove", it tries to install from its beginning. It used to pull up a box that was like midway installation, both upon bootup and when I tried to remove. I'm sure the issue is that it only halfway installed. But is there an easy way to completely kill it? If not, I'll just live with it. Thanks !
  3. So I bought a garmin gps today, went to their site to update maps. The site is garmin.com/express The site tried to install its software on my computer - it started to hang, I checked the x button. It never finished, won't remove from my add/remove programs, and now every time I restart my computer its install box comes up, even though I put the exe file into the trash. Does anyone know how I can get it off? Even a system restore failed, and the install box came up again. And now I realize that I didn't even need it at all. Ugh. Thanks for any help with this. Here's the FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 Ran by HP_Administrator (administrator) on SCARLET on 17-09-2014 23:27:55 Running from C:\Documents and Settings\HP_Administrator.SCARLET\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Sonic Solutions) C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Hewlett-Packard Company) C:\hp\KBD\kbd.exe (Opera Software) C:\Program Files\Opera8a\opera.exe (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
  4. Good idea, daledoc. I just did what you suggested and solved the problem. They recommended using autorun and unchecking an extra AVG entry. It was actually listed there as a file not found. Maybe that's why the folder opened on boot. I'd never used autorun before. Anyway, it seems to be fine now. Thanks ! Kali
  5. I recently started using AVG 2013 Free on Win XP. Each time I start my computer, a Windows Explorer folder opens. Its destination is "C:\Documents and Settings\Myusername\Application Data\AVG". It has 2 folders inside of it. Is there any easy way I can not have that folder on my desktop every time I reboot? Thanks ! Kalimba
  6. Thanks for your reply. I'm not running any unusual software ... and I don't know what an S3 server is. I just looked in taskmanager processes and I don't see anything unusual. I've gotten that pop-up 3 times in the last 2 days - I'll keep an eye on it. Any other ideas would be welcome.
  7. This has happened a couple of times in the last few days. I'm not even using the computer, but my browser is open. Usually to my email, but also to boston.com I get a popup message saying Successfully blocked access to potentially malicious site 72.21.215.133 It appears that IP belongs to Amazon. Do you think it's a tracker or something?? Thanks !
  8. didn't know about the silent scan option. It was checked. Hopefully it will be fine now. when it's silent scan, does it still pop up virus information? Or do you have to go into the logs to see if there are problems? Thanks !
  9. Hi - I have paid malwarebytes - I've had it for a long time. I just had some work done on my computer recently and my tech person upgraded the version to 1.75. I have it set to scan every night at 10pm. At 10pm, I hear it churning, but I cannot watch the scan perform, nor does it pop up a log at the end. Though it creates a log and puts it in a folder. With my previous version, the daily scan opened a window and I saw the results. Is there a way I can get this version to do the same? I didn't see anything in the options. Thanks ! Kalimba
  10. Okay, I ran deldomains, and I deleted everything on adwcleaner. My mbytes has been scanning clean recently, but I just updated and it still scans clean. I engaged the forum because I knew I had stuff lurking, wanted to clean things up before I had real problems. Do you think it is worthwhile to use the hosts-anti PUP feature in AdwCleaner? Will it slow things up? Here's my mbytes log, and thank you very much. -Kalimba Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 913090905 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 9/9/2013 1:10:03 PM mbam-log-2013-09-09 (13-10-03).txt Scan type: Quick scan Objects scanned: 327335 Time elapsed: 19 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  11. Thank you for your reply. I didn't run DelDomains yet because I don't understand what it does. I ran AdwCleaner, and deleted all files connected to Sweetpacks, but now I see there were 2 remaining shared dll files that are connected to that. I don't recognize anything here, but let me know if it looks like I should keep anything here, or what I should definitely delete. I suspect I should get rid of the 2 crossrider entries. And the Ilivid entry. And probably all this stuff. I ran Malwarebytes, it came out clean, as it has lately. Mbytes routinely detects and removes PUP's. I didn't see any place to enable this, but it must be enabled. What follows is the AdwCleaner log. Thanks! # AdwCleaner v3.003 - Report created 09/09/2013 at 00:07:40 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 2 (32 bits) # Username : HP_Administrator - SCARLET # Running from : C:\Documents and Settings\HP_Administrator.SCARLET\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM Folder Deleted : C:\Program Files\SweetIM [x] Not Deleted : C:\DOCUME~1\HP_ADM~1.SCA\LOCALS~1\Temp\Searchqu.ini [x] Not Deleted : C:\DOCUME~1\HP_ADM~1.SCA\LOCALS~1\Temp\Searchqu.ini [x] Not Deleted : C:\DOCUME~1\HP_ADM~1.SCA\LOCALS~1\Temp\Searchqu.ini [x] Not Deleted : C:\DOCUME~1\HP_ADM~1.SCA\LOCALS~1\Temp\Searchqu.ini [x] Not Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** [x] Not Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] [x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578} [x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138- 9327-F3028FB1A578} [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} [x] Not Deleted : HKCU\Software\BI [x] Not Deleted : HKCU\Software\Cr_Installer [x] Not Deleted : HKCU\Software\Crossrider Key Deleted : HKCU\Software\XingHaoLyrics Key Deleted : HKCU\Software\YahooPartnerToolbar [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller [x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller ***** [ Browsers ] ***** -\\ Internet Explorer v6.0.2900.2180 [x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar] [x] Not Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant] [x] Not Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant] -\\ Mozilla Firefox v13.0 (en-US) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [3555 octets] - [08/09/2013 23:51:37] AdwCleaner[s0].txt - [3372 octets] - [09/09/2013 00:07:40] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3432 octets] ##########
  12. Here are the 3 logs that you requested. Thank you. My computer operates pretty well. However I sometimes get sweetpack PUP's in my scans, and also, beginning yesterday, one program wouldn't open so I updated Java. Now when I open another program, I get a notice that MSVCR100.dll is missing, though the program still opens after I click through that message. This is probably a different issue, but I thought I'd have an expert take a peek. My family shares my computer, so sometimes odd things occur. Thanks! -Kalimba DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.25.2 Run by HP_Administrator at 22:44:11 on 2013-09-07 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1162 [GMT -5:00] . AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\DISC\DISCover.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\DISC\DiscStreamHub.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Opera8a\opera.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PCDrProfiler] <no file> StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: trymedia.com Trusted Zone: trymedia.com TCP: NameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 TCP: Interfaces\{C3A6407E-9545-44C6-9E6F-1378418C0BAA} : DHCPNameServer = 208.59.247.45 208.59.247.46 AppInit_DLLs= SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\qualcomm\eudora\EuShlExt.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\hp_administrator.scarlet\application data\mozilla\firefox\profiles\4ckrprqb.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - boston.com FF - component: c:\program files\searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\opera8a\program\plugins\NPSWF32.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-2 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-2 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-2 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-2 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-20 304464] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-20 20952] R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-3-7 468768] S0 nuhyqke;nuhyqke;c:\windows\system32\drivers\rxjqu.sys --> c:\windows\system32\drivers\rxjqu.sys [?] . =============== Created Last 30 ================ . 2013-09-07 03:06:30 -------- d-----w- c:\documents and settings\hp_administrator.scarlet\local settings\application data\Sun 2013-09-07 02:58:31 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-09-07 02:58:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2013-09-07 02:58:16 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-09-07 02:58:15 789416 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-10 18:26:47 102400 ----a-w- c:\program files\Snippy.exe . ============= FINISH: 22:45:24.18 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/27/2009 2:25:54 AM System Uptime: 9/7/2013 12:26:34 PM (10 hours ago) . Motherboard: ASUSTek Computer INC. | | EMERY Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 271 GiB total, 95.537 GiB free. D: is FIXED (FAT32) - 9 GiB total, 0.378 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP777: 6/10/2013 8:05:24 AM - System Checkpoint RP778: 6/11/2013 10:27:18 PM - System Checkpoint RP779: 6/19/2013 6:20:02 PM - System Checkpoint RP780: 6/20/2013 11:59:41 PM - System Checkpoint RP781: 6/22/2013 7:21:57 AM - System Checkpoint RP782: 6/24/2013 4:53:49 PM - System Checkpoint RP783: 6/26/2013 12:24:54 AM - System Checkpoint RP784: 6/28/2013 12:00:20 AM - System Checkpoint RP785: 6/29/2013 3:24:33 PM - System Checkpoint RP786: 7/1/2013 1:28:06 PM - System Checkpoint RP787: 7/3/2013 8:43:58 PM - System Checkpoint RP788: 7/5/2013 3:43:02 PM - Removed Java 6 Update 24 RP789: 7/6/2013 9:35:11 PM - System Checkpoint RP790: 7/11/2013 10:33:18 PM - System Checkpoint RP791: 7/13/2013 12:19:37 PM - System Checkpoint RP792: 7/15/2013 2:41:59 AM - System Checkpoint RP793: 7/16/2013 10:50:19 PM - System Checkpoint RP794: 7/18/2013 1:12:25 PM - System Checkpoint RP795: 7/19/2013 1:31:39 PM - System Checkpoint RP796: 7/23/2013 4:58:49 AM - System Checkpoint RP797: 7/24/2013 8:41:47 AM - System Checkpoint RP798: 7/26/2013 3:04:44 AM - System Checkpoint RP799: 7/29/2013 11:55:39 PM - System Checkpoint RP800: 8/3/2013 10:45:41 AM - System Checkpoint RP801: 8/4/2013 12:23:59 PM - System Checkpoint RP802: 8/5/2013 6:04:39 PM - System Checkpoint RP803: 8/6/2013 7:02:25 PM - System Checkpoint RP804: 8/8/2013 1:56:55 PM - System Checkpoint RP805: 8/11/2013 5:45:02 PM - System Checkpoint RP806: 8/13/2013 12:17:06 PM - System Checkpoint RP807: 8/15/2013 12:37:24 AM - System Checkpoint RP808: 8/17/2013 4:23:15 PM - System Checkpoint RP809: 8/19/2013 3:53:22 AM - System Checkpoint RP810: 8/20/2013 3:58:39 PM - System Checkpoint RP811: 8/21/2013 6:22:24 PM - System Checkpoint RP812: 8/23/2013 6:58:34 PM - System Checkpoint RP813: 8/26/2013 10:02:41 AM - System Checkpoint RP814: 8/30/2013 3:38:58 AM - System Checkpoint RP815: 8/31/2013 12:52:30 PM - System Checkpoint RP816: 9/3/2013 6:17:59 PM - System Checkpoint RP817: 9/6/2013 9:19:18 PM - System Checkpoint RP818: 9/6/2013 9:58:10 PM - Installed Java 7 Update 25 . ==== Installed Programs ====================== . 7-Zip 9.20 AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader 9.3.3 Adobe Shockwave Player 11.6 AiO_Scan AiO_Scan_CDA AiOSoftware AiOSoftwareNPI AnswerWorks Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Avira AntiVir Personal - Free Antivirus Bonjour BufferChm Bundled software uninstaller CameraDrivers Comic Book Creator 2 Compatibility Pack for the 2007 Office system Corel Applications CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour Data Fax SoftModem with SmartCP Destinations DISCover DocProc DocumentViewer DocumentViewerQFolder EPSON Printer Software Fax Fax_CDA FullDPAppQFolder GemMaster Mystic GPL Ghostscript 8.60 GPL Ghostscript Fonts High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 10 (KB910393) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB906569) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Document Viewer 5.3 HP DVD Play 1.0 HP Imaging Device Functions 6.0 HP Multimedia Keyboard Software HP Photosmart 330,380,420,470,7800,8000,8200 Series HP Photosmart 5510d series Basic Device Software HP Photosmart 5510d series Help HP Photosmart Cameras 5.0 HP Photosmart for Media Center PC HP Photosmart Premier Software 6.0 HP PSC & OfficeJet 5.3.A HP PSC & OfficeJet 5.3.B HP Rhapsody HP Software Update HP Solution Center & Imaging Support Tools 5.3 HP Web Helper HPProductAssistant HpSdpAppCoreApp InstantShareDevices Intel Matrix Storage Manager Intel® PRO Network Connections Drivers Intel® Quick Resume Technology Drivers Intel® Viiv™ Software Internet Explorer Toolbar 4.7 by SweetPacks IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 5 Java 7 Update 25 Java Auto Updater Java 6 Update 29 Little Inferno Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Money 2006 Microsoft Office Professional Edition 2003 Microsoft Office Word Viewer 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Mozilla Firefox 13.0 (x86 en-US) MSXML 6.0 Parser (KB933579) muvee autoProducer 4.5 muvee autoProducer unPlugged 1.2 Netscape Browser (remove only) NewCopy NewCopy_CDA NVIDIA Drivers Opera 11.51 Opera 11.64 OptionalContentQFolder Organ Trail: Director's Cut Otto PanoStandAlone PC-Doctor 5 for Windows PDF Writer PhotoGallery Plants vs. Zombies Portal 2 PS2 PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime QuickTime Alternative 3.2.2 RandMap Readme RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.0 Remove IntelliMover Demo Roxio Easy Media Creator 7 Basic DVD Edition Scan ScannerCopy Scratch Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB912919) SkinsHP1 SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK SPORE™ SPORE™ Creepy & Cute Parts Pack SPORE™ Galactic Adventures Status Steam Super Crate Box Super Meat Boy swMSM Team Fortress 2 Terraria The Wonderful End of the World TrayApp Unload Update for Windows XP (KB898461) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) VLC media player 2.0.7 WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Hotfix - KB873339 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892050 Windows XP Hotfix - KB893066 Windows XP Media Center Edition 2005 KB908250 WinRAR 4.10 (32-bit) WordBiz version 1.8 XML Paper Specification Shared Components Pack 1.0 Zyzzyva . ==== Event Viewer Messages From Past Week ======== . 9/7/2013 7:39:06 AM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting. 9/7/2013 7:37:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.114 for the Network Card with network address 00C0A8B4A661 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 9/7/2013 2:10:13 PM, error: PlugPlayManager [12] - The device 'ASUS DVD-E616A' (IDE\CdRomASUS_DVD-E616A__________________________CP08____\5&38c4621f&0&0.1.0) disappeared from the system without first being prepared for removal. 9/6/2013 10:46:15 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting. 9/4/2013 7:26:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde ViaIde 9/4/2013 12:57:54 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting. 9/3/2013 9:59:28 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code. 9/3/2013 10:05:15 PM, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code. 9/3/2013 10:05:15 PM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.1.1 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients. 9/1/2013 11:04:45 AM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting. . ==== End Of File =========================== RogueKiller V8.6.9 [sep 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User : HP_Administrator [Admin rights] Mode : Scan -- Date : 09/07/2013 22:58:02 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND [HJ SECU] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[25] : NtClose @ 0x805BAEB4 -> HOOKED (Unknown @ 0xA731C9BC) [Address] SSDT[41] : NtCreateKey @ 0x80622048 -> HOOKED (Unknown @ 0xA731C976) [Address] SSDT[50] : NtCreateSection @ 0x805A9DEE -> HOOKED (Unknown @ 0xA731C9C6) [Address] SSDT[53] : NtCreateThread @ 0x805CF804 -> HOOKED (Unknown @ 0xA731C96C) [Address] SSDT[63] : NtDeleteKey @ 0x806224D8 -> HOOKED (Unknown @ 0xA731C97B) [Address] SSDT[65] : NtDeleteValueKey @ 0x806226A8 -> HOOKED (Unknown @ 0xA731C985) [Address] SSDT[68] : NtDuplicateObject @ 0x805BC890 -> HOOKED (Unknown @ 0xA731C9B7) [Address] SSDT[98] : NtLoadKey @ 0x80623D78 -> HOOKED (Unknown @ 0xA731C98A) [Address] SSDT[122] : NtOpenProcess @ 0x805C9C46 -> HOOKED (Unknown @ 0xA731C958) [Address] SSDT[128] : NtOpenThread @ 0x805C9ED2 -> HOOKED (Unknown @ 0xA731C95D) [Address] SSDT[193] : NtReplaceKey @ 0x80623C28 -> HOOKED (Unknown @ 0xA731C994) [Address] SSDT[204] : NtRestoreKey @ 0x80620450 -> HOOKED (Unknown @ 0xA731C98F) [Address] SSDT[213] : NtSetContextThread @ 0x805CFF26 -> HOOKED (Unknown @ 0xA731C9CB) [Address] SSDT[247] : NtSetValueKey @ 0x80620708 -> HOOKED (Unknown @ 0xA731C980) [Address] SSDT[257] : NtTerminateProcess @ 0x805D1170 -> HOOKED (Unknown @ 0xA731C967) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xA731C9D0) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xA731C9D5) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3000JS-60PDB0 +++++ --- User --- [MBR] 69d614a830facad8025b8bf631f750d4 [bSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 277395 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 568122660 | Size: 8762 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09072013_225802.txt >>
  13. My computer's basically okay but lately, every now and then my malwarebytes scan brings up 8 PUP that include sweetpacks. I have the paid malwarebytes always on, it's saved me many times. But just would like someone to take a look at this log and see if anything pops out. Somehow, this window doesn't let me paste in, so I'm attaching the file. hijackthis Sept 2013.txt Thanks ! Kalimba
  14. Hi all - Well, about 4-5 times recently, always after my roommate uses my xp computer, the bottom right taskbar has changed - all 3 network icons have big red x's on them - my wireless with the x, if I click on it, it says I'm not connected, even though I am, and also I lose audio and it says I have no mixer. If I reboot, all is fine again, or I can just go into services.msc and restart my audio, and ignore the x's on all my network icons since they don't seem to be accurate. My roommate says he's not doing anything unusual - looking at his gmail, google plus, soundcloud. It's never happened while I've been on the computer. Any idea what can be causing this? I have the paid MBAM protection and I really don't think I have malware or anything. But it's a very strange thing.
  15. I've been a paid user for a while - today, an old friend phoned me from minnesota. Mid conversation, he complained that his computer was so slow, and had been for a month. I walked him through downloading mbytes and running a quick scan. At the end of the scan, it found two problem objects. He followed the delete instructions and immediately his computer ran normally again ! He thinks I'm a genius, but I did pass all the credit onto malwarebytes. Even I was pretty surprised that his clean-up would be that easy. So, this is my second thank you post in a month, but thought I would pass it along ! It really made his day.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.