Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Protection Blocked.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Roached1

Roached1

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 22 October 2012 - 03:18 AM

Not sure what is happening.

First symptom: When I open another tab in explorer instead of it coming up as a blank page, it goes to a "search site" (knock off of Google) to a site called "Babylon Search"

Second symnptom: I use Microsoft Security Essentials. Somrething has locked it up and will not allow me to enable it. This has also caused Windows Security Center to throw up a warning that I am no longer protected with an antivirus protection program.

Third symtom: For some reason I have no clue about....I know am showing an extra drive Local Drive Q. I should only have C drive as far as I know.

I have posted and attached requested logs.

Thank you very much in advance for any help with this!




DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by Doody at 19:25:41 on 2012-10-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.369 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = :0
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{61F8CE2D-B9FB-4F94-80C6-97739D03D1F2} : DHCPNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - LocalServer32 - <no file>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-11-10 328536]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-10 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-9 257696]
S4 BBSvc;Bing Bar Update Service;"c:\program files\microsoft\bingbar\bbsvc.exe" --> c:\program files\microsoft\bingbar\BBSvc.EXE [?]
.
=============== Created Last 30 ================
.
2012-10-22 01:21:27 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{80dfc809-f5de-4dd9-b0b3-71da289d378f}\mpengine.dll
2012-10-22 01:10:24 -------- d-----w- C:\0d8cc6f73da5ca0198ca04be69b9
2012-10-19 09:00:18 -------- d-----w- C:\c42178cd521c21296a997e71ca
2012-10-18 09:47:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-18 09:47:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-18 09:01:21 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-18 09:01:21 6918632 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b56d8c1b-53f1-443c-b58c-17b1f15ff9c5}\mpengine.dll
2012-10-12 03:31:21 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-09-23 15:52:34 -------- d-----w- c:\program files\iPod
2012-09-23 15:52:28 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-23 15:46:43 18432 ----a-w- c:\windows\system32\drivers\netaapl.sys
2012-09-23 15:46:42 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-09-23 09:20:16 0 ----a-w- c:\windows\system32\sho71E.tmp
.
==================== Find3M ====================
.
2012-10-18 15:17:39 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-10-18 15:17:39 104 --sh--r- c:\windows\system32\64375F6A6B.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 15:57:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-23 15:57:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-23 15:57:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-21 19:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 19:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29:19 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-16 09:25:05 0 ----a-w- c:\windows\system32\sho767.tmp
.
============= FINISH: 19:26:54.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 AM

Posted 22 October 2012 - 03:26 PM

Good evening. :)

First symptom: When I open another tab in explorer instead of it coming up as a blank page, it goes to a "search site" (knock off of Google) to a site called "Babylon Search"

You have an application called Babylon toolbar on IE installed on your system - I would start by uninstalling this and seeing if it resolves the issue.

Third symtom: For some reason I have no clue about....I know am showing an extra drive Local Drive Q. I should only have C drive as far as I know.

I believe this is associated with Microsoft Office Home and Business 2010 - Microsoft App-V apparently.

Second symnptom: I use Microsoft Security Essentials. Somrething has locked it up and will not allow me to enable it. This has also caused Windows Security Center to throw up a warning that I am no longer protected with an antivirus protection program.

I would start by downloading a fresh copy of it's installation file, disconnect from the internet and uninstall/reinstall it and then update it and see if that solves the problem.

So long, and thanks for all the fish.

 

 


#3 Roached1

Roached1
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 22 October 2012 - 08:33 PM

Thanks for the help Noviciate.

I am trying to uninstall Microsoft Security Essentials and I am running into a Microsoft Security Client window reading:

"The feature you are trying to use is on a network resourse that is unavailable.

Asking me to "Use Source: c\1e84aa906d4fze7422e31f270506d9\x86\"

Not sure what to do here....I have never ran into this much trouble trying to uninstall programs from this thing ever before.

Once again...thaks for your time.

ps....I had the network disconnected as requested.

Thanks

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 AM

Posted 23 October 2012 - 02:00 PM

Good evening. :)

Try a little utility available here called Revo Uninstaller - you want the Freeware version. Install it, run it and try to uninstall MSE via that. If that fails, just run the new MSE installer and see how it goes - it may repair the original problem or failing that, it may enable you to uninstall it.

So long, and thanks for all the fish.

 

 


#5 Roached1

Roached1
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 24 October 2012 - 06:27 AM

Good morning Noviciate.

Security Essentials seems to be back up and running. At least no warnings are coming up anymore. I have one last question for you.

Is there a forum or a utility tool to help clean this PC up? After kids have downloaded various programs and I have removed them over time, I am certain that this thing has aquired files on here that are no longer needed and I am just wanting to free up some disk space that could be used.

Thanks for all of the help; and please feel free to close this posting!

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 AM

Posted 24 October 2012 - 02:38 PM

Good evening. :)

Security Essentials seems to be back up and running.

For my own knowledge, did you sort it with Revo or did you have you install "over the top" as it were? If someone else has the same problem in the future it may help to know how you resolved yours.

Is there a forum or a utility tool to help clean this PC up?

There are various utilities, some built into Windows and others that are third-party, that can clean up various aspects of your system. What you need to do is to avoid anything that offers to clean up the registry, because if something goes wrong your PC may become seriously borked.

Download TFC by OldTimer from here and save it to your Desktop.

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.
This tool won't identify files that have been left behind after the parent application has been uninstalled, but it will remove a lot of dross from your system.

Built into Windows is the Disk Cleanup Tool.

Other than that you can manually search through Program Files for leftover folders and manually delete them, just be sure that you no longer want them before you do so.

Finally, you might like to defragment your hard drive. A tutorial for disc defragmentation is available here. I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it here and download it here - it's free too!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three (all of which i've used at one time or another) :

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/tutorial60.html

So long, and thanks for all the fish.

 

 


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:36 AM

Posted 29 October 2012 - 06:08 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users