Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows security center errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 combafix

combafix

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 31 August 2012 - 10:32 AM

Hello, since Windows Security Center crashed and gave me errors like "no antivirus detected in your system" I run ComboFix and it fixed up, can you help me read the log?
I know that I shouldn't had to run Combofix but I ever used it in various computers without problems and all other problems detected no viruses.

Thank you

ComboFix 12-08-28.03 - user 29/08/2012  10:45:58.2.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.39.1040.18.2815.1714 [GMT 2:00]
Eseguito da: c:\users\user\Desktop\remover.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-07-28 al 2012-08-29  )))))))))))))))))))))))))))))))))))
.
.
2012-08-21 16:40 . 2012-08-29 08:51	--------	d-----w-	c:\users\user\AppData\Local\temp
2012-08-20 17:15 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADB4B259-FDF6-473D-B975-573E2C9B3683}\mpengine.dll
2012-08-20 17:12 . 2012-07-04 21:14	41984	----a-w-	c:\windows\system32\browcli.dll
2012-08-20 17:12 . 2012-07-04 21:14	102912	----a-w-	c:\windows\system32\browser.dll
2012-08-20 17:12 . 2012-05-14 04:33	769024	----a-w-	c:\windows\system32\localspl.dll
2012-08-20 17:12 . 2012-07-18 17:47	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-08-08 08:46 . 2012-08-08 08:46	--------	d-----w-	c:\users\user\AppData\Roaming\PeerNetworking
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 14:52 . 2011-12-18 20:14	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-08-21 14:52 . 2011-12-18 20:14	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-03 11:46 . 2011-02-09 20:31	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-06 05:05 . 2012-07-12 22:07	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-12 22:07	1236992	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-12 22:07	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-19 10:54	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:54	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:54	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:54	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 10:54	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 10:54	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 10:54	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 10:54	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 10:54	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 22:11	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 22:11	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 22:11	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 22:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 22:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-12 22:07	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-12 22:07	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-12 22:07	369336	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-12 22:07	225280	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-12 22:07	219136	----a-w-	c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2011-02-05 19:36	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-21 348664]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [x]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard; [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [x]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 16:44]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 16:44]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115117626-48906792-1780863170-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05 20:23]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115117626-48906792-1780863170-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05 20:23]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-08-29  10:53:15
ComboFix-quarantined-files.txt  2012-08-29 08:53
.
Pre-Run: 44.916.477.952 byte disponibili
Post-Run: 44.741.685.248 byte disponibili
.
- - End Of File - - 7E9F657BF8EF7F5F40A64CB0CB71CF5C


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:40 AM

Posted 03 September 2012 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Please let me know of the issues you are having with this computer.

#3 combafix

combafix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 September 2012 - 12:28 PM

hello, here I attached the 2 logs, do you know where aswMBR.exe saved the updated virus database I let it download?

thanks

Attached Files


Edited by combafix, 05 September 2012 - 12:33 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:40 AM

Posted 05 September 2012 - 12:53 PM

The files have been saved on your Desktop as:

19:22:44.275 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
19:22:44.291 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

The logs are clean so no need to attach the MBR.DAT file.

What are the current issues with this computer?

#5 combafix

combafix
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 06 September 2012 - 04:48 AM

actally it seems it has no visible issues but aswMBR.exe asked me if I wanted to download the latest Avast virus database and it downloaded about 64 Mb, where have it saved them?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:40 AM

Posted 06 September 2012 - 07:22 AM

Run ComboFix again.
The new files created will be in that section.

((((((((((((((((((((((((( Files Creati Da 2012-07-28 al 2012-08-29 )))))))))))))))))))))))))))))))))))

They may have been deleted after the scan.

Do not install or run any of them. You already have Avira and you should not be running two Anti virus software in real time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users