Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Log FIle Look OK [Solved]


  • This topic is locked This topic is locked
91 replies to this topic

#1 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 01 March 2014 - 09:10 AM

Thanks!

Attached Files


    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 03 March 2014 - 12:02 PM

Hi Lewg,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Let's get a better log:

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt and Attach.txt reports in your next reply

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 04 March 2014 - 06:38 AM

DDS (Ver_2012-11-20.01) - NTFS_x86

 

Internet Explorer: 8.0.6001.18702

 

Run by Lew at 18:31:26 on 2014-03-03

 

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.534 [GMT -5:00]

 

.

 

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

.

 

============== Running Processes ================

 

.

 

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

 

C:\WINDOWS\system32\spoolsv.exe

 

C:\Documents and Settings\Lew\My Documents\SASCORE.EXE

 

C:\Program Files\LSI SoftModem\agrsmsvc.exe

 

C:\WINDOWS\system32\nvsvc32.exe

 

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

 

C:\WINDOWS\System32\alg.exe

 

C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe

 

C:\WINDOWS\Explorer.EXE

 

C:\HP\KBD\KBD.EXE

 

C:\Program Files\AVAST Software\Avast\AvastUI.exe

 

C:\WINDOWS\system32\ctfmon.exe

 

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

 

C:\WINDOWS\system32\wscntfy.exe

 

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

 

C:\WINDOWS\system32\svchost.exe -k rpcss

 

C:\WINDOWS\System32\svchost.exe -k netsvcs

 

C:\WINDOWS\system32\svchost.exe -k NetworkService

 

C:\WINDOWS\system32\svchost.exe -k LocalService

 

C:\WINDOWS\system32\svchost.exe -k imgsvc

 

C:\WINDOWS\system32\svchost.exe -k netsvcs

 

.

 

============== Pseudo HJT Report ===============

 

.

 

uStart Page = hxxp://msn.com/

 

uInternet Connection Wizard,ShellNext = iexplore

 

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

 

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

 

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

 

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

 

BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll

 

BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll

 

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

 

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

 

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

 

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

 

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll

 

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

 

mRun: [KBD] c:\hp\kbd\KBD.EXE

 

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

 

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

 

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

 

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

 

StartupFolder: c:\docume~1\lew\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

 

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

 

uPolicies-Explorer: NoDrives = dword:0

 

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

 

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

 

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

 

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

 

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

 

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

 

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

 

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

 

.

 

INFO: HKCU has more than 50 listed domains.

 

If you wish to scan all of them, select the 'Force scan all domains' option.

 

.

 

.

 

INFO: HKLM has more than 50 listed domains.

 

   If you wish to scan all of them, select the 'Force scan all domains' option.

 

.

 

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

 

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347465718176

 

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347978180406

 

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

 

TCP: NameServer = 192.168.1.254

 

TCP: Interfaces\{2E5072BA-3DCD-43F1-A347-7B3E0450AF88} : DHCPNameServer = 192.168.1.254

 

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

 

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>

 

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

 

Hosts: 127.0.0.1 ads.mcafee.com

 

Hosts: 127.0.0.1 analytics.microsoft.com

 

Hosts: 127.0.0.1 metrics.bitdefender.com

 

Hosts: 127.0.0.1 metrics.mcafee.com

 

Hosts: 127.0.0.1  om.symantec.com

 

.

 

Note: multiple HOSTS entries found. Please refer to Attach.txt

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-10 49944]

 

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-10 180248]

 

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-10 775952]

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-10 410784]

 

R2 !SASCORE;SAS Core Service;c:\documents and settings\lew\my documents\SASCore.exe [2012-7-11 116608]

 

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-7-10 67824]

 

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-10 50344]

 

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-11-24 1103392]

 

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]

 

S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\lew\my documents\sasdifsv.sys --> c:\documents and settings\lew\my documents\SASDIFSV.SYS [?]

 

S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\lew\my documents\saskutil.sys --> c:\documents and settings\lew\my documents\SASKUTIL.SYS [?]

 

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]

 

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-24 168384]

 

S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-24 1369624]

 

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-12-29 11520]

 

S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

 

.

 

=============== Created Last 30 ================

 

.

 

2014-02-02 14:35:15 -------- d-----w- c:\documents and settings\lew\application data\eM Client

 

.

 

==================== Find3M  ====================

 

.

 

2014-02-20 22:28:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

 

2014-02-20 22:28:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

 

2014-02-07 21:36:14 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

 

2014-02-07 21:35:48 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

 

2014-02-07 21:35:47 43152 ----a-w- c:\windows\avastSS.scr

 

2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll

 

2014-02-05 23:26:43 43520 ------w- c:\windows\system32\licmgr10.dll

 

2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

 

2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll

 

2014-02-05 22:24:05 385024 ------w- c:\windows\system32\html.iec

 

2014-01-07 11:40:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

 

2014-01-07 11:40:49 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

 

2014-01-04 15:50:34 231048 ----a-w- c:\windows\system32\SigCheck.exe

 

2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll

 

2013-12-19 02:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

 

2013-12-19 01:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl

 

2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll

 

.

 

============= FINISH: 18:31:48.50 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2012 6:15:23 PM
System Uptime: 3/3/2014 8:38:08 AM (10 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NAGAMI2
Processor: AMD Athlon™ 64 Processor 3800+ | Socket 939 | 2405/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 452.399 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1  ads.mcafee.com
Hosts: 127.0.0.1  analytics.microsoft.com
Hosts: 127.0.0.1  metrics.bitdefender.com
Hosts: 127.0.0.1  metrics.mcafee.com
Hosts: 127.0.0.1  om.symantec.com
Hosts: 127.0.0.1  ox-d.majorgeeks.com
Hosts: 127.0.0.1  ads.bleepingcomputer.com
Hosts: 127.0.0.1  wdcs.trendmicro.com
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Apple Application Support
Apple Software Update
avast! Ad Blocker
avast! Free Antivirus
Bing Bar
Bing Rewards Client Installer
CCleaner
Chinese Traditional Fonts Support For Adobe Reader X
Compatibility Pack for the 2007 Office system
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
DIRECTV Player
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
Internet Explorer (Enable DEP)
iSEEK AnswerWorks English Runtime
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Quicken 2012
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SketchUp 8
Spell Checker For OE 2.1
Spotify
Spybot - Search & Destroy
TaxACT 2012 - 1040 Edition
TaxACT 2012 Georgia
TaxACT 2013 - 1040 Edition
TaxACT 2013 Georgia
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WD SES Driver Setup
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 11:17:43 AM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
3/1/2014 11:15:31 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
3/1/2014 10:17:03 AM, error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/26/2014 5:57:09 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
2/26/2014 5:57:09 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
2/26/2014 5:57:09 PM, error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 



#4 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 04 March 2014 - 06:41 AM

I forgot my Desktop is in diagonistic mode in MSCONFIG.  Sorry I forgot. If you like I can have it load windows in the Normal mode, and repost the two txt files again.



#5 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 04 March 2014 - 09:17 AM

No.  It's fine - at least for now.

 

I'm not seeing a problem.  What is the issue you are having?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#6 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 04 March 2014 - 12:53 PM

I can go to a web site and it will just lock up...



#7 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 04 March 2014 - 02:43 PM

Ok... let's try a little deeper scan.

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#8 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 05 March 2014 - 12:29 PM

ComboFix 14-03-05.01 - Lew 03/05/2014  13:17:43.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.530 [GMT -5:00]
Running from: c:\documents and settings\Lew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lew\Local Settings\Application Data\HTPA
c:\documents and settings\Lew\Local Settings\Application Data\HTPA\HTPA.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-05 to 2014-03-05  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-20 22:28 . 2012-09-12 18:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 22:28 . 2012-09-12 18:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-07 21:36 . 2013-07-10 14:57 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-07 21:35 . 2013-07-10 14:57 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-07 21:35 . 2013-07-10 14:57 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-07 21:35 . 2013-07-10 14:57 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-07 21:35 . 2013-07-10 14:57 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-07 21:35 . 2013-07-10 14:57 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-07 21:35 . 2013-07-10 14:56 43152 ----a-w- c:\windows\avastSS.scr
2014-02-05 23:26 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2014-01-07 11:40 . 2013-07-10 14:57 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 11:40 . 2013-07-10 14:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-04 15:50 . 2014-01-04 15:50 231048 ----a-w- c:\windows\system32\SigCheck.exe
2014-01-04 03:13 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-19 02:10 . 2014-01-15 22:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-19 01:46 . 2014-01-15 22:32 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-07 21:35 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-07 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
.
c:\documents and settings\Lew\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2013-7-7 46432]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-09 19:50 7311360 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-05-09 19:50 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-11-07 23:39 4752384 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-11-07 23:39 1140736 ----a-w- c:\documents and settings\Lew\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 19:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-07 17:55 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PCShowServer"="c:\documents and settings\Lew\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"RTHDCPL"=RTHDCPL.EXE
"nwiz"=nwiz.exe /install
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Lew\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [7/10/2013 9:57 AM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [7/10/2013 9:57 AM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/10/2013 9:57 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/10/2013 9:57 AM 410784]
R2 !SASCORE;SAS Core Service;c:\documents and settings\Lew\My Documents\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [7/10/2013 9:57 AM 67824]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/24/2012 2:32 PM 1103392]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 7:34 PM 247968]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\Lew\My Documents\SASDIFSV.SYS --> c:\documents and settings\Lew\My Documents\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\Lew\My Documents\SASKUTIL.SYS --> c:\documents and settings\Lew\My Documents\SASKUTIL.SYS [?]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 7:34 PM 193696]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/24/2012 2:32 PM 168384]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/24/2012 2:32 PM 1369624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/29/2012 11:50 AM 11520]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 10:04 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:28]
.
2014-03-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-05 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-04 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2014-03-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-10 21:35]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-10 14:57]
.
2014-03-05 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-05 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2014-03-05 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-24 19:07]
.
2014-03-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-11-24 19:07]
.
2014-03-05 c:\windows\Tasks\User_Feed_Synchronization-{90A41A15-AAF1-4707-8558-2318913D9F39}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-05 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-05  13:23:57
ComboFix-quarantined-files.txt  2014-03-05 18:23
.
Pre-Run: 485,749,944,320 bytes free
Post-Run: 486,028,414,976 bytes free
.
- - End Of File - - 7A099B41E98D505C0BA608460F71B000
8F558EB6672622401DA993E1E865C861
 



#9 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 05 March 2014 - 02:47 PM

Interesting.  You haven't done anything with your computer for the last month?  No new or modified files?  That's kind of amazing.

 

Let's try an online scan.  This takes a long time to run.  Hours even.

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#10 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 06 March 2014 - 09:05 AM

D/loaded Eset per your instructions, after it d/loaded the virus definations it automatically started to scan....With my virus software turned off, Eset did not create a log file....However it did not report any infections.  I might add I get this screen a lot when trying to access a web site.  

 

 The website cannot display the page
 HTTP 500 
   Most likely causes:
•The website is under maintenance.
•The website has a programming error.
 
   What you can try:
     Refresh the page.
 
     Go back to the previous page.
 
     More information

 


    Advertisements

Register to Remove


#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 06 March 2014 - 10:36 AM

That indicates a server side error.  In other words, the error is at the website... not on your computer.  That being said, some websites are not programmed per standards and it is possible to receive that message when there is really a different issue.  The most common one being that the website is looking for a specific cookie installed on your system and there is some problem with it.  The easiest solution to this is delete you browsers cache and clean out all the cookies.  When you do this... you will also delete the cookies that may contain access information to sites (your user name and/or password) so be sure you know your credentials.  What happens is that when you access a site, input your username and password, and then tell your browser to "remember me", then this information is stored in a cookie.   The next time you access that site from your computer, the cookie passes the username and password to the server so you don't have to physically enter them.

 

To do this in internet explorer:

 

Click on the little gear icon on the upper right of the page.

 

Select Safety then Delete Browsing history

 

Make sure Preserve Favorites website data is unchecked.

 

Check Temporary Internet files and Cookies and then click Delete.

 

Once finished you will get confirmation.

 

Then go ahead and try things and let me know how you get on.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#12 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 07 March 2014 - 01:33 PM

I don't see a little gear, however I went to internet options and did what you said exactly.....At first after I rebooted. It took for ever for my machine to open up windows xp.  The on a few trys to get mail on Yahoo. I would get the screen shot sent earlier.  I am not sure about what you said earlier about not making any changes to files, etc on my machine.  I am wondering if the HOST file list I am running to eliminate ads might be causing the problem getting the page where it says "Webpage cannot be displayed". 



#13 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 07 March 2014 - 07:20 PM

It looked like you are pretty much running the standard hosts list to me.  I guess you haven't told me what sites are blocked and perhaps you are trying to access a blocked site... but if you did you shouldn't get a HTTP 500 error.  That's a server side warning and if the site was blocked... you would not be able to access the server so the server would not be able to transmit the error to you.

 

If you would like... we can reset the hosts file.

 

Let me know.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#14 Lewg

Lewg

    Silver Member

  • Authentic Member
  • PipPipPip
  • 369 posts

Posted 09 March 2014 - 11:45 AM

I not only been getting the other window but also get this window occasionally. I went to the site below and followed the instructions.....Let's see how things go for a few days. I will stay in touch.....I tried to send you the Host file list with is only 526KB but WTT won't allow me to send it...

http://hackingethics...ort-in-windows/

#15 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 09 March 2014 - 07:03 PM

The link you posted doesn't "fix" anything.  It tells you how to disable the notification.  The notification pictured should only appear upon a reboot after windows shut down for some "catastrophic" error.  If you've been getting these, you will see that the warning tells you to check the error report to find out what the problem is. Your error log shows some "hiccups" with Super Antispyware, and a update time out for Spybot.  No catastrophic errors.

 

Nothing there will effect the server side error you reported, nor are impacted by the hosts file.

 

You can attach the hosts file as a .txt file.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users