Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection preventing normal mode use


  • This topic is locked This topic is locked
11 replies to this topic

#1 dalek1999

dalek1999

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 06 April 2012 - 02:46 PM

XP Pro SP3 System Intel P4 using Avast AV and Commodo FW
When booted into Normal Mode desktop is displayed but most things just do not run or just hangs. i.e. click a desktop shortcut or run program from desktop or right click My Computer properties. Task manager shows task in list but nothing displays and machine just basically bogs down. No particular task in process list shows any excessive cpu usage. System has to be forcibly powered down to recover.
If system is booted into Safe Mode all apparently works OK.
Actions tried so far:-
Malwarebytes Scan - nothing found
Avast Quick Scan - nothing found
File asscociations fixed
CCleaner clean up
XP3 Pro SP3 Repair install performed
Dowmloaded suggested tools as per Preparation Guide.
DDS script will not run (even when script allowed by FW) - the usual command window is not displayed.
Not tried GMER yet - suspect it too will not run.
Running in Safe Mode for now!

BC AdBot (Login to Remove)

 


#2 dalek1999

dalek1999
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 07 April 2012 - 04:38 AM

Update to my original post:-

Defogger had been run.
Memory has been checked ok with MS and Memtest utils.
Disk drive has been checked ok
Device Manager list looks ok - nothing flagged.
Usual h/w checks performed - cables, dirt, cpu, northbridge, temps etc. -all ok.
MS System File Checker does not flag up any problems.

Eventually got DDS and GMER to run in Normal Mode by killing off both AV and FW apps.
Relevent DDS and GMER logs are now below and attached.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by jr at 21:00:21 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1600 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [TaskPlus] "c:\program files\task plus\taskplus0.exe"
mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe"
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\jr\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jr\startm~1\programs\startup\spamih~1.lnk - c:\program files\spamihilator\spamihilator.exe
StartupFolder: c:\docume~1\jr\startm~1\programs\startup\autoru~1\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258672241265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38011.1625
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: Interfaces\{CD4582A0-681A-42CC-A424-76DAABA1F01C} : NameServer = 8.8.8.8,8.8.4.4
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jr\application data\mozilla\firefox\profiles\vb9513gw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox
FF - plugin: c:\documents and settings\jr\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [2006-1-5 4224]
R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2007-2-25 10752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-21 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-21 337880]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 31704]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-21 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-21 44768]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1983232]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-2-14 2208]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S3 ATICDSDr;ATICDSDr; [x]
S3 cpuz129;cpuz129; [x]
S3 DAEMONIO;DAEMONIO;c:\windows\system32\drivers\DAEMONIO.SYS [2007-2-14 5152]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4d.tmp --> c:\windows\system32\4D.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 OCMaster;OCMaster; [x]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2007-2-14 13056]
S4 SpoolerNtmsSvc;Print Spooler SpoolerNtmsSvc; [x]
.
=============== Created Last 30 ================
.
2012-04-06 00:10:40 -------- d-----w- c:\program files\HitmanPro
2012-04-06 00:10:40 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-04-05 22:09:57 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2012-04-05 22:08:56 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-04-05 22:07:54 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2012-04-05 22:04:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-04-05 22:04:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-04-05 21:44:48 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-04-05 21:44:48 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-04-05 21:44:48 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-04-05 21:44:48 13312 ----a-w- c:\windows\system32\irclass.dll
2012-04-05 21:44:27 16535 ----a-r- c:\windows\SET136.tmp
2012-04-05 21:44:23 1088840 ----a-r- c:\windows\SET12A.tmp
2012-04-05 21:44:20 1296669 ----a-r- c:\windows\SET127.tmp
2012-04-04 19:58:12 -------- d-----w- c:\documents and settings\all users\application data\Seagate
2012-04-04 19:39:33 -------- d-----w- C:\XXcopy
2012-04-04 19:06:28 -------- d-----w- C:\pebuilder3110a
2012-03-22 00:23:43 -------- d-----w- c:\windows\xxclone.arc
2012-03-22 00:23:37 -------- d-----w- c:\program files\XXCLONE
2012-03-20 23:58:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-20 23:57:31 41184 ----a-w- c:\windows\avastSS.scr
2012-03-20 23:56:58 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-03-20 22:50:29 -------- d-----w- c:\program files\Pwrchute
2012-03-20 22:21:41 92672 ----a-w- c:\windows\system32\Xnmhb458.dll
2012-03-20 22:21:41 64512 ----a-w- c:\windows\system32\Xnmte458.dll
2012-03-20 22:21:41 360448 ----a-w- c:\windows\system32\Xnmba458.dll
2012-03-20 22:21:41 25600 ----a-w- c:\windows\system32\Xnmhn458.dll
2012-03-20 20:36:00 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-03-20 11:14:20 -------- d-----w- C:\Combo-Fix
2012-03-20 11:05:16 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-03-20 11:05:14 -------- d-----w- c:\program files\Prevx
2012-03-20 11:04:48 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2012-03-19 02:00:00 1314176 ----a-w- c:\windows\system32\xxclone.exe
2012-03-18 13:24:45 -------- d-----w- C:\New Folder
.
==================== Find3M ====================
.
2012-04-04 21:48:00 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-04-04 21:48:00 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-04 21:47:54 132224 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-04 21:47:52 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-03-11 21:13:45 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13:44 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13:43 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13:19 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- c:\windows\system32\guard32.dll
2012-01-31 12:44:05 237072 ----a-w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:02:28.17 ===============

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 12 April 2012 - 08:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#4 dalek1999

dalek1999
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 12 April 2012 - 10:08 AM

Nasdaq

Downloaded and run ComboxFix and Security Check Logs attached (too big for inline).

Since my original post I spent some time investigating problem myself. Avast AV itself seemed to be having problem (corrupt/infected) so I removed it and replaced with AVG free. I uninstalled Comodo FW and re-installed also. Cleaned out quite a lot of old drivers and services including Acronis True Image remnants which persisted in running. Since then system has run OK - not sure it is 100% clean though ;-

Dalek1999

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 12 April 2012 - 12:32 PM

The logs are not attached.

#6 dalek1999

dalek1999
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 12 April 2012 - 01:39 PM

Oops - tried again - had to zip the combofix log due to size limit - rar format not allowed apparently.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 13 April 2012 - 08:49 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
SpoolerNtmsSvc

ClearJavaCache::


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23


If you do not create Java applications then your do not need these as well. Remove them.
Java DB 10.5.3.0
Java™ SE Development Kit 6 Update 23

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#8 dalek1999

dalek1999
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 13 April 2012 - 05:30 PM

Ran ComboFix again. Log attached.

Updated JRE

Flash Player latest install for alternate browsers (Opera) always fails with Script error.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 14 April 2012 - 07:44 AM

Mozilla Thunderbird 2.0.0 Thunderbird out of Date!

Update your Thunderbird application. ( there may be a menu button to get the automatic up dates.
http://www.mozilla.org/en-US/thunderbird/

If still having a problem with flash remove it using the Add/Remove programs list and reinstall it.

#10 dalek1999

dalek1999
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 14 April 2012 - 10:02 AM

I have tried Thunderbird 3 and don't like it - it also screws up your existing 2.0 mail folders structure when you upgrade - known problem - have never found solution so reverted to 2.0 which works fine.

The Flash install is another problem I have seen before - I don't think removing old version is solution - I seem to remember had to do something with Opera script processing before to get round it. Will research later.

Thanks for your advice and help.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 14 April 2012 - 10:44 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 20 April 2012 - 09:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users