Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible malware infection


  • This topic is locked This topic is locked
58 replies to this topic

#1 dalr21

dalr21

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 17 January 2013 - 11:15 AM

microsoft security essential detected pws;win32/zbot and removed. i have done a full scan using MSE found nothing and malwarebytes found nothing. last scan was with avast full scan after reboot detected win32;malware-gen had infected three files had been put in virus chest. Is there a possibilty i could have a rootkit or other malware that the av can't detect.

Any help would be appriciated.

Edited by dalr21, 17 January 2013 - 07:39 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 18 January 2013 - 11:05 AM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well


NEXT

Running GMER on 32 and 64 bit Systems
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 12:44 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by michelle mc at 17:33:42 on 2013-01-18
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1012.171 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\ASUS\InstantOn for EPC\InsOnSrv.exe
C:\windows\system32\AsusService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\ASUS\InstantOn for EPC\InsOnWMI.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Asus\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files\ASUS\CapsHook\CapsHook.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HotkeyMon] AsusSender.exe c:\program files\asus\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\asus\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\asus\she\SuperHybridEngine.exe
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [CapsHook] AsusSender.exe c:\program files\asus\capshook\CapsHook.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [VAWinAgent] c:\expressgateutil\VAWinAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\asusvi~1.lnk - c:\program files\asus\asusvibe\AsusVibeLauncher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9DC00363-9C14-40FC-9C36-523B2FD95E30} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{AF902989-D589-437C-94CF-E8019E39B09F} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-5-4 11832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-17 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-17 361032]
R2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\asus\instanton for epc\InsOnSrv.exe [2011-12-1 92800]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2012-5-4 224680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-17 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-17 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-17 44808]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-3-26 91464]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-3-15 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-3-15 419328]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-15 278528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-3-15 91760]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-9-28 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-11 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-2-11 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-18 16:23:26 -------- d-----w- c:\users\michelle mc\appdata\roaming\f-secure
2013-01-18 16:22:39 -------- d-----w- c:\programdata\F-Secure
2013-01-18 14:02:28 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6d7aa583-524d-4f5b-8c89-293d25f75d37}\mpengine.dll
2013-01-17 13:17:19 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-17 13:17:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-17 13:17:16 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-17 13:15:58 41224 ----a-w- c:\windows\avastSS.scr
2013-01-17 13:15:13 -------- d-----w- c:\programdata\AVAST Software
2013-01-17 13:15:13 -------- d-----w- c:\program files\AVAST Software
2013-01-17 12:26:21 -------- d-----r- c:\program files\Skype
2013-01-17 12:01:15 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-16 15:50:07 -------- d-----w- c:\users\michelle mc\appdata\local\Microsoft_Corporation
2013-01-16 11:41:05 -------- d-----w- c:\programdata\524A
2013-01-15 23:17:16 0 ----a-w- c:\windows\system32\sho93BD.tmp
2013-01-15 20:12:59 -------- d-----w- c:\users\michelle mc\appdata\local\{F2D39E9E-2DFB-4D41-98C3-6B26274F5791}
2013-01-15 07:00:48 -------- d-----w- c:\users\michelle mc\appdata\roaming\Malwarebytes
2013-01-15 06:59:22 -------- d-----w- c:\programdata\Malwarebytes
2013-01-15 06:58:24 -------- d-----w- c:\users\michelle mc\appdata\local\Programs
2013-01-15 02:37:19 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-15 02:37:19 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-15 02:37:18 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-15 02:37:18 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-13 13:27:13 -------- d-----w- c:\users\michelle mc\appdata\roaming\Igehe
2013-01-13 13:27:13 -------- d-----w- c:\users\michelle mc\appdata\roaming\Gidy
2013-01-12 21:24:45 0 ----a-w- c:\windows\system32\sho20BA.tmp
2013-01-12 18:35:20 0 ----a-w- c:\windows\system32\sho1814.tmp
2013-01-12 14:51:50 0 ----a-w- c:\windows\system32\sho6B80.tmp
2013-01-10 18:01:26 0 ----a-w- c:\windows\system32\sho2F80.tmp
2013-01-09 18:31:19 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 18:31:14 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:23:42 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 18:19:33 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-09 18:17:25 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 18:16:38 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-06 19:48:57 0 ----a-w- c:\windows\system32\shoA7C.tmp
2013-01-06 15:07:39 0 ----a-w- c:\windows\system32\sho9608.tmp
2013-01-06 00:12:19 0 ----a-w- c:\windows\system32\sho6483.tmp
2013-01-03 17:34:31 -------- d-----w- c:\users\michelle mc\appdata\roaming\MusicNet
2013-01-03 17:34:10 -------- d-----w- c:\users\michelle mc\appdata\local\iMesh
2013-01-03 17:28:34 -------- d-----w- c:\programdata\iMesh
2013-01-03 17:28:34 -------- d-----w- c:\program files\iMesh Applications
2013-01-03 17:27:34 -------- dc-h--w- c:\programdata\{EC76B119-3D47-4A2C-8BDC-5CCE7F3C15AB}
2013-01-03 17:26:41 -------- d-----w- c:\users\michelle mc\appdata\local\PackageAware
2013-01-03 15:05:18 0 ----a-w- c:\windows\system32\shoBE9F.tmp
2013-01-01 23:32:35 0 ----a-w- c:\windows\system32\sho32FD.tmp
2013-01-01 19:31:47 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-01 19:31:46 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-01 19:31:21 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-01 09:23:25 0 ----a-w- c:\windows\system32\shoA544.tmp
2012-12-31 18:33:33 0 ----a-w- c:\windows\system32\shoC02.tmp
2012-12-31 01:06:20 0 ----a-w- c:\windows\system32\shoF6D1.tmp
2012-12-30 19:01:58 0 ----a-w- c:\windows\system32\sho55F1.tmp
2012-12-30 02:01:26 0 ----a-w- c:\windows\system32\sho4C22.tmp
2012-12-29 17:28:05 0 ----a-w- c:\windows\system32\sho9F8B.tmp
2012-12-29 02:35:20 0 ----a-w- c:\windows\system32\sho904D.tmp
2012-12-28 18:04:46 -------- d-----w- c:\users\michelle mc\appdata\local\{0043A54F-9728-42E4-989D-17CCD14439B2}
2012-12-27 23:15:06 0 ----a-w- c:\windows\system32\shoD7F7.tmp
2012-12-27 21:59:23 0 ----a-w- c:\windows\system32\sho8418.tmp
2012-12-27 21:52:03 -------- d-----w- c:\users\michelle mc\appdata\local\ElevatedDiagnostics
2012-12-27 21:28:35 -------- d-----w- c:\users\michelle mc\appdata\local\Wajam
2012-12-26 18:31:58 0 ----a-w- c:\windows\system32\sho2EA2.tmp
2012-12-26 13:36:18 0 ----a-w- c:\windows\system32\sho51C8.tmp
2012-12-26 01:58:57 0 ----a-w- c:\windows\system32\sho4742.tmp
2012-12-25 13:21:15 0 ----a-w- c:\windows\system32\shoC39D.tmp
2012-12-24 02:44:07 0 ----a-w- c:\windows\system32\sho77F9.tmp
2012-12-22 14:18:02 0 ----a-w- c:\windows\system32\sho71E8.tmp
2012-12-21 19:36:27 0 ----a-w- c:\windows\system32\sho6AA.tmp
2012-12-21 19:35:29 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 19:35:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 16:06:59 0 ----a-w- c:\windows\system32\sho3314.tmp
.
==================== Find3M ====================
.
2012-12-19 12:40:58 0 ----a-w- c:\windows\system32\sho7D9A.tmp
2012-12-18 11:13:41 0 ----a-w- c:\windows\system32\shoE2A3.tmp
2012-12-17 19:59:31 0 ----a-w- c:\windows\system32\shoE73A.tmp
2012-12-15 14:48:07 0 ----a-w- c:\windows\system32\sho9A7C.tmp
2012-12-13 10:59:40 0 ----a-w- c:\windows\system32\shoFB8D.tmp
2012-12-12 12:58:10 0 ----a-w- c:\windows\system32\sho9A1.tmp
2012-12-11 17:56:40 0 ----a-w- c:\windows\system32\shoE7BF.tmp
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-20 23:30:40 0 ----a-w- c:\windows\system32\shoDFAB.tmp
2012-11-18 22:38:44 0 ----a-w- c:\windows\system32\shoD6A5.tmp
2012-11-16 12:38:31 0 ----a-w- c:\windows\system32\shoCAEF.tmp
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-11 13:44:36 0 ----a-w- c:\windows\system32\shoD1D.tmp
2012-11-09 23:26:19 0 ----a-w- c:\windows\system32\sho5258.tmp
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 03:05:41 0 ----a-w- c:\windows\system32\sho3039.tmp
2012-11-03 23:03:35 0 ----a-w- c:\windows\system32\sho47AC.tmp
2012-11-02 23:03:30 0 ----a-w- c:\windows\system32\shoC979.tmp
2012-11-02 19:08:18 0 ----a-w- c:\windows\system32\sho87E7.tmp
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-10-26 18:50:10 0 ----a-w- c:\windows\system32\shoF114.tmp
2012-10-23 17:32:37 0 ----a-w- c:\windows\system32\shoE88A.tmp
2012-10-23 11:31:50 0 ----a-w- c:\windows\system32\shoAD70.tmp
2012-10-23 08:50:41 0 ----a-w- c:\windows\system32\sho7168.tmp
2012-10-22 22:17:05 0 ----a-w- c:\windows\system32\shoB3F8.tmp
2012-10-21 11:48:06 0 ----a-w- c:\windows\system32\sho3554.tmp
.
============= FINISH: 17:35:39.91 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 28/09/2012 15:35:08
System Uptime: 18/01/2013 13:47:40 (4 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | X101CH
Processor: Intel® Atom™ CPU N2600 @ 1.60GHz | CPU 1 | 592/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 73.768 GiB free.
D: is FIXED (NTFS) - 183 GiB total, 139.067 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl91fe4770
Device ID: ROOT\LEGACY_MPKSL91FE4770\0000
Manufacturer:
Name: MpKsl91fe4770
PNP Device ID: ROOT\LEGACY_MPKSL91FE4770\0000
Service: MpKsl91fe4770
.
==== System Restore Points ===================
.
RP51: 13/01/2013 19:39:14 - Windows Backup
RP52: 13/01/2013 19:42:33 - Windows Update
RP54: 14/01/2013 22:46:21 - Removed MyDSC2
RP55: 15/01/2013 02:37:28 - Windows Update
RP56: 16/01/2013 20:58:16 - Language Pack Removal
RP57: 17/01/2013 13:14:37 - avast! Free Antivirus Setup
RP58: 18/01/2013 14:01:08 - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3 MUI
ASUS WebStorage
AsusScreensaver
ASUSUpdate for Eee PC
AsusVibe2.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
CapsHook
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance
D3DX10
E-Cam
Eee Docking 3.10.6
Eee Photo
ExpressGateCloud
FontResizer
Galerie de photos Windows Live
Hotkey Service
iMesh
InstantOn for EPC
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Java 7 Update 10
Junk Mail filter update
LiveUpdate
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
Paddy Power Poker
Qualcomm Atheros WiFi Driver Installation
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 6.1
Super Hybrid Engine
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZTE_1.2059.0.8
.
==== Event Viewer Messages From Past Week ========
.
18/01/2013 13:48:50, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
17/01/2013 01:49:37, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
17/01/2013 01:47:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x00000031, 0x00000000, 0x87c5a120, 0x00000003). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 011713-21028-01.
17/01/2013 00:02:01, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
15/01/2013 06:40:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x000000ff, 0x00000008, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 011513-23977-01.
15/01/2013 00:54:49, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO cdrom DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:49, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
15/01/2013 00:54:48, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15/01/2013 00:54:48, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
15/01/2013 00:54:48, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
15/01/2013 00:54:48, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/01/2013 23:13:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3834.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
14/01/2013 23:13:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
14/01/2013 23:09:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
14/01/2013 23:09:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/01/2013 23:09:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
14/01/2013 23:09:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/01/2013 23:09:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/01/2013 23:09:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/01/2013 23:09:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/01/2013 01:06:46, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
.
==== End Of File ===========================
thanks for helping me.

#4 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 01:55 PM

Tried running aswMBR four timmes.
1)double clicked on icon. UAC appeared a download from aswMBR click yes a black screen then appeared for aprox five minutes then back to desktop no programmes running. PC running ok.

2)double clicked aswMBR icon UAC appeared clicked yes aswMBR appeared started scan then encountered a problem blue screen came up for about five seconds all i could read was a problem has occuered shut down to prevent system damage.

3)started scan then stalled. the same for the fourth scan at the exact place as the third scan.

Going to run Gmer now.

#5 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 04:16 PM

NOTE: I had to download app from gmer.net. The links i tried brought me to I.E can't display this page. ran Gmer got BSOD with the same message as second aswMBR scan when system restarted i got a pop up from windows files that help discribe the problem c;\\windows\minidump\011813-20607-01.dmp c;\users\michelle mc\appdata\local\temp\wer-44382-0.sysdata.xml
Deleted app then downloaded again. Ran gmer in normal mode and worked.


GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-18 20:48:51
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST320LT0 rev.0001 298.09GB
Running: iyqn2yn2.exe; Driver: C:\Users\MICHEL~1\AppData\Local\Temp\kwlyifoc.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8A1424BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8AAA7C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8A142ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8A14DFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8A14DFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8A14E176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8A14DF16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8AAA7FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8A14DF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8A14311C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8A1432F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8A14E130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8A14393E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8A142508]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8AAA7CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8AAA63EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8A142556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8A147534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8A1443A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8A14DFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8A14E016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8A14E19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8A14DF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8A14E0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8A14DF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8A14E154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8AAA7E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8A144272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8A143F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8A1425A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8A1425F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8A1437BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8A1421FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8A1423AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8A142350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8A143AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8A143C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8A14241A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8AAA7EFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8A143636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8AAA641C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8A142640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8AAA7D96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8AAC0E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82081A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820BB4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 820C2500 4 Bytes [BA, 24, 14, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 820C2528 4 Bytes [22, 7C, AA, 8A] {AND BH, [EDX+EBP*4-0x76]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 820C2588 4 Bytes [D6, 2E, 14, 8A] {SALC ; ADC AL, 0x8a}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 820C25DC 8 Bytes [A8, DF, 14, 8A, F4, DF, 14, ...] {TEST AL, 0xdf; ADC AL, 0x8a; HLT ; FIST WORD [EDX+ECX*4]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 820C25E8 4 Bytes [76, E1, 14, 8A] {JBE 0xffffffe3; ADC AL, 0x8a}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82250C88 5 Bytes JMP 8AABDCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 822692B0 5 Bytes JMP 8AABF828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8227E3F7 4 Bytes CALL 8A144A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8229820E 4 Bytes CALL 8A144AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8232210E 7 Bytes JMP 8AAC0E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]

---- User code sections - GMER 2.0 ----

.text C:\windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[560] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\csrss.exe[568] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\services.exe[608] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text ...
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!SetUnhandledExceptionFilter 76EDF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\WLANExt.exe[1576] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1804] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1840] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text ...
.text C:\windows\system32\ctfmon.exe[2368] ntdll.dll!LdrUnloadDll 7700C86E 5 Bytes JMP 000B03FC
.text C:\windows\system32\ctfmon.exe[2368] ntdll.dll!LdrLoadDll 7701223E 5 Bytes JMP 000B01F8
.text C:\windows\system32\ctfmon.exe[2368] KERNEL32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\ctfmon.exe[2368] USER32.dll!UnhookWindowsHookEx 7624ADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\ctfmon.exe[2368] USER32.dll!UnhookWinEvent 7624B750 5 Bytes JMP 000C03FC
.text C:\windows\system32\ctfmon.exe[2368] USER32.dll!SetWindowsHookExW 7624E30C 5 Bytes JMP 000C0804
.text C:\windows\system32\ctfmon.exe[2368] USER32.dll!SetWinEventHook 762524DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\ctfmon.exe[2368] USER32.dll!SetWindowsHookExA 76276D0C 5 Bytes JMP 000C0600
.text C:\windows\system32\svchost.exe[2396] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\ExpressGateUtil\VAWinService.exe[2436] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2492] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2548] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2636] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text ...
.text C:\windows\system32\svchost.exe[4468] ntdll.dll!LdrUnloadDll 7700C86E 5 Bytes JMP 000703FC
.text C:\windows\system32\svchost.exe[4468] ntdll.dll!LdrLoadDll 7701223E 5 Bytes JMP 000701F8
.text C:\windows\system32\svchost.exe[4468] KERNEL32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[4468] USER32.dll!UnhookWindowsHookEx 7624ADF9 5 Bytes JMP 00110A08
.text C:\windows\system32\svchost.exe[4468] USER32.dll!UnhookWinEvent 7624B750 5 Bytes JMP 001103FC
.text C:\windows\system32\svchost.exe[4468] USER32.dll!SetWindowsHookExW 7624E30C 5 Bytes JMP 00110804
.text C:\windows\system32\svchost.exe[4468] USER32.dll!SetWinEventHook 762524DC 5 Bytes JMP 001101F8
.text C:\windows\system32\svchost.exe[4468] USER32.dll!SetWindowsHookExA 76276D0C 5 Bytes JMP 00110600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4728] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5068] kernel32.dll!GetBinaryTypeW + 70 76EF69F4 1 Byte [62]

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)

---- EOF - GMER 2.0 ----

I hope i explained it well enought as im a bit of a novice at this.

Edited by dalr21, 18 January 2013 - 04:23 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 18 January 2013 - 04:23 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 06:51 PM

after combofix completed and i opened a browers it gives me a pop up security alert. your about to leave a secured internet connection. do you want continue i reply no so. far in aprox 5mins it has happend three times.

ComboFix 13-01-17.04 - michelle mc 18/01/2013 23:14:41.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1012.335 [GMT 0:00]
Running from: c:\users\michelle mc\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2013-01-18 23:29 . 2013-01-18 23:30 -------- d-----w- c:\users\michelle mc\AppData\Local\temp
2013-01-18 23:29 . 2013-01-18 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 21:53 . 2013-01-18 21:53 -------- d-----w- c:\programdata\1F7B
2013-01-18 20:53 . 2013-01-18 20:53 0 ----a-w- c:\windows\system32\shoD430.tmp
2013-01-18 16:23 . 2013-01-18 16:23 -------- d-----w- c:\users\michelle mc\AppData\Roaming\f-secure
2013-01-18 16:22 . 2013-01-18 16:22 -------- d-----w- c:\programdata\F-Secure
2013-01-18 14:02 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D7AA583-524D-4F5B-8C89-293D25F75D37}\mpengine.dll
2013-01-17 13:17 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-17 13:17 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-17 13:17 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-17 13:17 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-17 13:17 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-17 13:17 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-17 13:15 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-17 13:15 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-17 13:15 . 2013-01-17 13:15 -------- d-----w- c:\programdata\AVAST Software
2013-01-17 13:15 . 2013-01-17 13:15 -------- d-----w- c:\program files\AVAST Software
2013-01-17 12:26 . 2013-01-17 13:25 -------- d-----w- c:\users\michelle mc\AppData\Roaming\Skype
2013-01-17 12:26 . 2013-01-17 12:26 -------- d-----w- c:\program files\Common Files\Skype
2013-01-17 12:26 . 2013-01-17 12:27 -------- d-----r- c:\program files\Skype
2013-01-17 12:26 . 2013-01-17 12:27 -------- d-----w- c:\programdata\Skype
2013-01-17 12:01 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-16 15:50 . 2013-01-16 15:50 -------- d-----w- c:\users\michelle mc\AppData\Local\Microsoft_Corporation
2013-01-15 23:17 . 2013-01-15 23:17 0 ----a-w- c:\windows\system32\sho93BD.tmp
2013-01-15 07:00 . 2013-01-15 07:00 -------- d-----w- c:\users\michelle mc\AppData\Roaming\Malwarebytes
2013-01-15 06:59 . 2013-01-15 06:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-15 06:58 . 2013-01-15 06:58 -------- d-----w- c:\users\michelle mc\AppData\Local\Programs
2013-01-15 02:37 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-15 02:37 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-15 02:37 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-15 02:37 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-13 13:27 . 2013-01-13 23:52 -------- d-----w- c:\users\michelle mc\AppData\Roaming\Gidy
2013-01-13 13:27 . 2013-01-13 21:56 -------- d-----w- c:\users\michelle mc\AppData\Roaming\Igehe
2013-01-12 21:24 . 2013-01-12 21:24 0 ----a-w- c:\windows\system32\sho20BA.tmp
2013-01-12 18:35 . 2013-01-12 18:35 0 ----a-w- c:\windows\system32\sho1814.tmp
2013-01-12 14:51 . 2013-01-12 14:51 0 ----a-w- c:\windows\system32\sho6B80.tmp
2013-01-10 18:01 . 2013-01-10 18:01 0 ----a-w- c:\windows\system32\sho2F80.tmp
2013-01-09 18:31 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 18:31 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:23 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 18:19 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-09 18:17 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 18:16 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-06 19:48 . 2013-01-06 19:48 0 ----a-w- c:\windows\system32\shoA7C.tmp
2013-01-06 15:07 . 2013-01-06 15:07 0 ----a-w- c:\windows\system32\sho9608.tmp
2013-01-06 00:12 . 2013-01-06 00:12 0 ----a-w- c:\windows\system32\sho6483.tmp
2013-01-03 17:34 . 2013-01-03 17:34 -------- d-----w- c:\users\michelle mc\AppData\Roaming\MusicNet
2013-01-03 17:34 . 2013-01-18 22:00 -------- d-----w- c:\users\michelle mc\AppData\Local\iMesh
2013-01-03 17:28 . 2013-01-03 17:28 -------- d-----w- c:\programdata\iMesh
2013-01-03 17:28 . 2013-01-03 17:28 -------- d-----w- c:\program files\iMesh Applications
2013-01-03 17:27 . 2013-01-03 17:34 -------- dc-h--w- c:\programdata\{EC76B119-3D47-4A2C-8BDC-5CCE7F3C15AB}
2013-01-03 17:26 . 2013-01-03 17:26 -------- d-----w- c:\users\michelle mc\AppData\Local\PackageAware
2013-01-03 15:05 . 2013-01-03 15:05 0 ----a-w- c:\windows\system32\shoBE9F.tmp
2013-01-01 23:32 . 2013-01-01 23:32 0 ----a-w- c:\windows\system32\sho32FD.tmp
2013-01-01 19:31 . 2013-01-01 19:30 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-01 19:31 . 2013-01-01 19:30 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-01 19:31 . 2013-01-01 19:30 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-01 19:30 . 2013-01-01 19:30 -------- d-----w- c:\program files\Java
2013-01-01 09:23 . 2013-01-01 09:23 0 ----a-w- c:\windows\system32\shoA544.tmp
2012-12-31 18:33 . 2012-12-31 18:33 0 ----a-w- c:\windows\system32\shoC02.tmp
2012-12-31 01:06 . 2012-12-31 01:06 0 ----a-w- c:\windows\system32\shoF6D1.tmp
2012-12-30 19:01 . 2012-12-30 19:01 0 ----a-w- c:\windows\system32\sho55F1.tmp
2012-12-30 02:01 . 2012-12-30 02:01 0 ----a-w- c:\windows\system32\sho4C22.tmp
2012-12-29 17:28 . 2012-12-29 17:28 0 ----a-w- c:\windows\system32\sho9F8B.tmp
2012-12-29 02:35 . 2012-12-29 02:35 0 ----a-w- c:\windows\system32\sho904D.tmp
2012-12-27 23:15 . 2012-12-27 23:15 0 ----a-w- c:\windows\system32\shoD7F7.tmp
2012-12-27 21:59 . 2012-12-27 21:59 0 ----a-w- c:\windows\system32\sho8418.tmp
2012-12-27 21:52 . 2013-01-14 00:33 -------- d-----w- c:\users\michelle mc\AppData\Local\ElevatedDiagnostics
2012-12-27 21:28 . 2012-12-27 21:28 -------- d-----w- c:\users\michelle mc\AppData\Local\Wajam
2012-12-26 18:31 . 2012-12-26 18:31 0 ----a-w- c:\windows\system32\sho2EA2.tmp
2012-12-26 13:36 . 2012-12-26 13:36 0 ----a-w- c:\windows\system32\sho51C8.tmp
2012-12-26 01:58 . 2012-12-26 01:58 0 ----a-w- c:\windows\system32\sho4742.tmp
2012-12-25 13:21 . 2012-12-25 13:21 0 ----a-w- c:\windows\system32\shoC39D.tmp
2012-12-24 02:44 . 2012-12-24 02:44 0 ----a-w- c:\windows\system32\sho77F9.tmp
2012-12-22 14:18 . 2012-12-22 14:18 0 ----a-w- c:\windows\system32\sho71E8.tmp
2012-12-21 19:36 . 2012-12-21 19:36 0 ----a-w- c:\windows\system32\sho6AA.tmp
2012-12-21 19:35 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 19:35 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-20 16:06 . 2012-12-20 16:06 0 ----a-w- c:\windows\system32\sho3314.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-19 12:40 . 2012-12-19 12:40 0 ----a-w- c:\windows\system32\sho7D9A.tmp
2012-12-18 11:13 . 2012-12-18 11:13 0 ----a-w- c:\windows\system32\shoE2A3.tmp
2012-12-17 19:59 . 2012-12-17 19:59 0 ----a-w- c:\windows\system32\shoE73A.tmp
2012-12-15 14:48 . 2012-12-15 14:48 0 ----a-w- c:\windows\system32\sho9A7C.tmp
2012-12-13 10:59 . 2012-12-13 10:59 0 ----a-w- c:\windows\system32\shoFB8D.tmp
2012-12-12 12:58 . 2012-12-12 12:58 0 ----a-w- c:\windows\system32\sho9A1.tmp
2012-12-11 17:56 . 2012-12-11 17:56 0 ----a-w- c:\windows\system32\shoE7BF.tmp
2012-12-11 13:32 . 2012-12-11 13:38 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28CBBA07-001D-4AB3-9407-90C6FED25A5D}\gapaengine.dll
2012-11-20 23:30 . 2012-11-20 23:30 0 ----a-w- c:\windows\system32\shoDFAB.tmp
2012-11-18 22:38 . 2012-11-18 22:38 0 ----a-w- c:\windows\system32\shoD6A5.tmp
2012-11-16 12:38 . 2012-11-16 12:38 0 ----a-w- c:\windows\system32\shoCAEF.tmp
2012-11-14 02:09 . 2012-12-13 10:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 10:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 10:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 10:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 10:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 10:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-11 13:44 . 2012-11-11 13:44 0 ----a-w- c:\windows\system32\shoD1D.tmp
2012-11-09 23:26 . 2012-11-09 23:26 0 ----a-w- c:\windows\system32\sho5258.tmp
2012-11-09 04:42 . 2012-12-12 12:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-07 03:05 . 2012-11-07 03:05 0 ----a-w- c:\windows\system32\sho3039.tmp
2012-11-03 23:03 . 2012-11-03 23:03 0 ----a-w- c:\windows\system32\sho47AC.tmp
2012-11-02 23:03 . 2012-11-02 23:03 0 ----a-w- c:\windows\system32\shoC979.tmp
2012-11-02 19:08 . 2012-11-02 19:08 0 ----a-w- c:\windows\system32\sho87E7.tmp
2012-11-02 05:11 . 2012-12-12 12:13 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-26 18:50 . 2012-10-26 18:50 0 ----a-w- c:\windows\system32\shoF114.tmp
2012-10-23 17:32 . 2012-10-23 17:32 0 ----a-w- c:\windows\system32\shoE88A.tmp
2012-10-23 17:09 . 2012-12-11 13:38 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 11:31 . 2012-10-23 11:31 0 ----a-w- c:\windows\system32\shoAD70.tmp
2012-10-23 08:50 . 2012-10-23 08:50 0 ----a-w- c:\windows\system32\sho7168.tmp
2012-10-22 22:17 . 2012-10-22 22:17 0 ----a-w- c:\windows\system32\shoB3F8.tmp
2012-10-21 11:48 . 2012-10-21 11:48 0 ----a-w- c:\windows\system32\sho3554.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2012-02-27 131]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"HotkeyMon"="AsusSender.exe" [2012-01-05 34728]
"HotkeyService"="AsusSender.exe" [2012-01-05 34728]
"SuperHybridEngine"="AsusSender.exe" [2012-01-05 34728]
"LiveUpdate"="AsusSender.exe" [2012-01-05 34728]
"CapsHook"="AsusSender.exe" [2012-01-05 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-07-14 417456]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-08-19 45448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-27 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-27 168960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-27 161280]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-09-28 11004520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-06-30 2274600]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2012-05-04 3331312]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2011-06-30 83240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2012-5-4 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl91fe4770;MpKsl91fe4770;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4E5C384-DD46-4807-A319-B37102D1DF6D}\MpKsl91fe4770.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files\ASUS\InstantOn for EPC\InsOnSrv.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [x]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [x]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-18 23:34:12
ComboFix-quarantined-files.txt 2013-01-18 23:34
.
Pre-Run: 78,862,864,384 bytes free
Post-Run: 79,574,679,552 bytes free
.
- - End Of File - - F932CC10F213B26B220D96ADE6AE4AA3

hope this helps.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 18 January 2013 - 07:08 PM

after combofix completed and i opened a browers it gives me a pop up security alert. your about to leave a secured internet connection. do you want continue i reply no so. far in aprox 5mins it has happend three times.

the security setting on your browser needs to be adjusted to "medium-high", then you wont get this security warning (it's ok to say yes to this)


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 09:16 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Starter x86
Ran by michelle mc on 19/01/2013 at 0:41:49.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\imweb.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\inbox.ibx404
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\inbox.jsserver
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\inbox.toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\inbox
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d3d233d5-9f6d-436c-b6c7-e63f77503b30}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d3d233d5-9f6d-436c-b6c7-e63f77503b30}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\michelle mc\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Program Files\imesh applications"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/01/2013 at 0:48:59.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.106 - Logfile created 01/19/2013 at 01:08:12
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : michelle mc - MICHELLEMC-PC
# Boot Mode : Normal
# Running from : C:\Users\michelle mc\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4342 octets] - [19/01/2013 01:08:12]

########## EOF - C:\AdwCleaner[S1].txt - [4402 octets] ##########

Tried eset scanner when pop up came up scrolled down it wouldn't show me the rest of info on the page so i could agree to t&c. Tried to maximise and same results. clicked icon on pop up to change the browser did so and cant get to the bottom of the page.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 18 January 2013 - 09:22 PM

try deleting your browser history and cookies and try again

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 09:39 PM

deleted history and cookies same results. sorry about this bleeping tiger.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 18 January 2013 - 09:59 PM

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

having two antivirus products installed can cause system slowdowns conflicts and crashes

you need to uninstall one of them

what happens exactly when you try and run ESET?

Do you only have IE installed?

how is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 18 January 2013 - 10:20 PM

When the eset pop up comes up i click on the side bar and scroll down when the bar gets to the bottom of the screen and i keep scrooling down i cant see it. i cant see the rest of the info at the bottom of the page. I only have I.E would you recommend using a different browser. Uninstalled MSE. the computer's working well but this is how it was working before. thanks for the info.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:01 AM

Posted 19 January 2013 - 04:52 AM

I'm unable to replicate what you are describing, but try this:

find the plus and minus keys on your keyboard (+,-), now when you are on the ESET page, hold down the Ctrl key and tap the minus key (-) a few times until the font reduces, you should now be able to see the whole page


(to make the font bigger again - hold down the Ctrl key and tap the plus sign (+) )


It's always good to have a second browser on standby in case the browser you are using becomes unusable for any reason (personally, I only use FireFox, but I still have IE available)


let me know if that does the trick.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 dalr21

dalr21
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:05:01 AM

Posted 19 January 2013 - 09:14 AM

Firefox did the trick bleeping tiger thanks. Did the scan with eset once finished it said no infected files although it didn't give me a log report.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users