Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My email has been hacked, suspicious programs


  • Please log in to reply
5 replies to this topic

#1 jhong

jhong

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 14 December 2012 - 11:54 PM

Hi I need help. I think my computer is infected. While I am browsing the internet, there is this one suspicious site that just pops up anytime I visit any programs known as "servads". That is not the only problem, my email has been hacked recently and there are many suspicious programs that I do not recall downloading on my computer! My computer has been really slow lately and norton is going crazy but cannot get rid of these programs. Please help, I do not know where to turn to.

BC AdBot (Login to Remove)

 


#2 robocop321

robocop321

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:36 PM

Posted 15 December 2012 - 09:12 AM

Ill do my best to help you!

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices (do NOT change any settings here)
List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

#3 jhong

jhong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 16 December 2012 - 01:07 PM

aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-15 17:53:08
-----------------------------
17:53:08.810 OS Version: Windows 6.0.6002 Service Pack 2
17:53:08.810 Number of processors: 2 586 0xF0D
17:53:08.826 ComputerName: LUKE-PC UserName: Luke
17:53:38.013 Initialize success
17:54:34.396 AVAST engine defs: 12121502
17:54:40.901 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:54:40.901 Disk 0 Vendor: FUJITSU_MHZ2320BH_FFS_G2 00000089 Size: 305245MB BusType: 3
17:54:40.932 Disk 0 MBR read successfully
17:54:40.932 Disk 0 MBR scan
17:54:40.932 Disk 0 Windows VISTA default MBR code
17:54:40.948 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
17:54:40.964 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147548 MB offset 20973568
17:54:40.995 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147455 MB offset 323151872
17:54:41.010 Disk 0 scanning sectors +625139712
17:54:41.307 Disk 0 scanning C:\Windows\system32\drivers
17:55:01.883 Service scanning
17:55:36.952 Modules scanning
17:55:44.502 Disk 0 trace - called modules:
17:55:45.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
17:55:45.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e431e0]
17:55:45.064 3 CLASSPNP.SYS[8a1a88b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8425e390]
17:55:47.482 AVAST engine scan C:\Windows
17:55:49.978 AVAST engine scan C:\Windows\system32
17:59:33.822 AVAST engine scan C:\Windows\system32\drivers
17:59:50.296 AVAST engine scan C:\Users\Luke
18:05:46.662 File: C:\Users\Luke\AppData\Local\SavingsApp\RivalGaming\taltotaft.dll **INFECTED** Win32:Trojan-gen
18:05:48.628 File: C:\Users\Luke\AppData\Local\Temp\Addons\{04982401-92A3-17F6-F51D-DA81DF7B06F7}\bflix_extension.exe **INFECTED** Win32:BHO-AFE [Adw]
18:11:42.701 AVAST engine scan C:\ProgramData
18:16:06.762 Scan finished successfully
18:17:49.956 Disk 0 MBR has been saved successfully to "C:\Users\Luke\Desktop\Anti virus\MBR.dat"
18:17:49.956 The log file has been saved successfully to "C:\Users\Luke\Desktop\Anti virus\aswMBR ;og.txt"

FSS log


Farbar Service Scanner Version: 10-12-2012
Ran by Luke (administrator) on 15-12-2012 at 14:12:42
Running from "C:\Users\Luke\Desktop\Anti virus"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox log


MiniToolBox by Farbar Version: 25-11-2012
Ran by Luke (administrator) on 15-12-2012 at 14:13:52
Running from "C:\Users\Luke\Desktop\Anti virus"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
::1 localhost
173.212.255.178 embedded.garena.com
173.212.255.178 embedded.garenanow.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567V Gigabit Network Connection = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Luke-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82567V Gigabit Network Connection
Physical Address. . . . . . . . . : 00-13-77-B1-EC-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::690a:f95c:b17:eb53%12(Preferred)
IPv4 Address. . . . . . . . . . . : 67.82.124.82(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Saturday, December 15, 2012 8:51:13 AM
Lease Expires . . . . . . . . . . : Saturday, December 15, 2012 6:21:14 PM
Default Gateway . . . . . . . . . : 67.82.124.1
DHCP Server . . . . . . . . . . . : 167.206.195.4
DHCPv6 IAID . . . . . . . . . . . : 285217655
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0E-37-3C-00-21-5D-94-67-18
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-5D-94-67-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-22-69-E0-6D-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1DE3F3B5-FF65-46F9-8F12-4C23C5057B0E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{57E340BC-066E-4B6A-866E-77263C25B76E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4D8FD9EE-2BB6-4E8B-84EC-3AB276111CD9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4352:7c52::4352:7c52(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 2607:f8b0:4006:800::1001
74.125.226.193
74.125.226.201
74.125.226.194
74.125.226.197
74.125.226.196
74.125.226.206
74.125.226.198
74.125.226.199
74.125.226.200
74.125.226.195
74.125.226.192



Pinging google.com [74.125.226.230] with 32 bytes of data:

Reply from 74.125.226.230: bytes=32 time=10ms TTL=56

Reply from 74.125.226.230: bytes=32 time=10ms TTL=56



Ping statistics for 74.125.226.230:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 10ms, Average = 10ms

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=182ms TTL=50

Reply from 72.30.38.140: bytes=32 time=175ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 175ms, Maximum = 182ms, Average = 178ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 13 77 b1 ec cc ...... Intel® 82567V Gigabit Network Connection
10 ...00 21 5d 94 67 18 ...... Intel® WiFi Link 5100 AGN
9 ...00 22 69 e0 6d 19 ...... Bluetooth Device (Personal Area Network)
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{1DE3F3B5-FF65-46F9-8F12-4C23C5057B0E}
19 ...00 00 00 00 00 00 00 e0 isatap.{57E340BC-066E-4B6A-866E-77263C25B76E}
18 ...00 00 00 00 00 00 00 e0 isatap.{4D8FD9EE-2BB6-4E8B-84EC-3AB276111CD9}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
21 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
28 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.82.124.1 67.82.124.82 20
67.82.124.0 255.255.252.0 On-link 67.82.124.82 276
67.82.124.82 255.255.255.255 On-link 67.82.124.82 276
67.82.127.255 255.255.255.255 On-link 67.82.124.82 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 67.82.124.82 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 67.82.124.82 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
28 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
28 1025 2002::/16 On-link
28 281 2002:4352:7c52::4352:7c52/128
On-link
12 276 fe80::/64 On-link
12 276 fe80::690a:f95c:b17:eb53/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6380

Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6380

Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5319

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5319

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4305

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4305

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3291


System errors:
=============
Error: (12/12/2012 07:28:13 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/09/2012 09:32:49 AM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (12/08/2012 09:39:46 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/05/2012 03:04:11 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (12/02/2012 10:21:18 PM) (Source: Microsoft-Windows-TBS) (User: NT AUTHORITY)
Description: 0x8007001f

Error: (12/02/2012 09:45:58 AM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5
szkgfs

Error: (12/02/2012 09:45:58 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/02/2012 09:45:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 오전 9:44:00 on 2012-12-02 was unexpected.

Error: (12/01/2012 06:20:36 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00215D946718 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (12/01/2012 05:43:05 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00215D946718. The following error occurred:
%%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


Microsoft Office Sessions:
=========================
Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6380

Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6380

Error: (12/14/2012 08:55:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5319

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5319

Error: (12/14/2012 08:54:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4305

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4305

Error: (12/14/2012 08:54:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/14/2012 08:54:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3291


CodeIntegrity Errors:
===================================
Date: 2011-03-13 07:06:38.676
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-03-13 07:06:38.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-03-13 07:06:38.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-03-13 07:06:38.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-03-13 07:06:38.520
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Agere Systems HDA Modem
Anki
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.10.0.1129)
Bonjour (Version: 2.0.4.0)
Camtasia Studio 8 (Version: 8.0.0.878)
Counter-Strike
DealCabby (Version: 1.0921.1509)
Definition update for Microsoft Office 2010 (KB982726)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Free Audio CD Burner version 1.4.7
Free YouTube Download 3 version 3.0.10.722
Free YouTube to MP3 Converter version 3.10.5.722
GOM Player (Version: 2.1.28.5039)
Google Chrome (Version: 23.0.1271.97)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
HyperCam 3 (Version: 3.4.1205.23)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
InterActual Player
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MPEG2 Codec(libmpeg2/mad)
MplayerforWindows v2011-03-27 (Version: v2011-03-27)
Nexon Game Manager
Norton Security Scan (Version: 3.6.1.11)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings (Version: 1.0)
QuickTime (Version: 7.69.80.9)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06 (Version: 3.54.06)
RivalGaming
SavetheChildren Reminder by We-Care.com v4.0.19.4 (Version: 4.0.19.4)
SavingsApp (Version: 1.18.149.149)
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 7 (Version: 7.0.12979)
TheBflix (Version: )
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
USB2.0 UVC 1.3M WebCam
USB2.0 UVC WebCam (Version: 6.11.706.012)
Ventrilo Client (Version: 3.0.8)
Warcraft III
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Your Freedom 20111029-01
μTorrent (Version: 2.2.1)

========================= Devices: ================================

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3031.79 MB
Available physical RAM: 1947.58 MB
Total Pagefile: 6271.98 MB
Available Pagefile: 5028.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.92 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:144.09 GB) (Free:63.99 GB) NTFS
2 Drive d: () (Fixed) (Total:144 GB) (Free:142.43 GB) NTFS

========================= Users: ========================================

User accounts for \\LUKE-PC

Administrator Guest Luke


**** End of log ****

SecurityCheck log


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Luke Desktop Anti virus SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

And for Malwarebytes it did not find anything but servads still pops up while I'm browsing the web... :(

Edited by jhong, 16 December 2012 - 01:08 PM.


#4 mrredcon

mrredcon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 16 December 2012 - 02:43 PM

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Luke Desktop Anti virus SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

And for Malwarebytes it did not find anything but servads still pops up while I'm browsing the web... :(

Just noticing all the outdated programs. Most malware downloads target outdated programs and exploit em. Java and Adobe especially.
Also re-enable UAC unless you need to run combofix or something like that...

Edited by mrredcon, 16 December 2012 - 02:43 PM.


#5 jhong

jhong
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 16 December 2012 - 10:39 PM

what is uac?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:36 PM

Posted 17 December 2012 - 12:05 AM

Hello, please do these next and we will deal with the rest after.

User Account Control (UAC) is a technology and security infrastructure to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes it.

Your How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users