[rdbadger]

I've never had that script thing pop up whilst using non infected computer....thought while i was connected to do another aswMBR scan with latest definitions - possibly no different to the last but I attached logs anyway!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-04 19:34:42
-----------------------------
19:34:42.562 OS Version: Windows 5.1.2600 Service Pack 3
19:34:42.562 Number of processors: 2 586 0x209
19:34:42.562 ComputerName: ROANNA-36A94C04 UserName: Roanna
19:34:43.390 Initialize success
19:36:00.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:36:00.703 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
19:36:00.734 Disk 0 MBR read successfully
19:36:00.734 Disk 0 MBR scan
19:36:00.734 Disk 0 Windows XP default MBR code
19:36:00.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
19:36:00.734 Disk 0 scanning sectors +156280320
19:36:00.828 Disk 0 scanning C:\WINDOWS\system32\drivers
19:36:17.031 Service scanning
19:36:44.343 Modules scanning
19:37:04.156 Disk 0 trace - called modules:
19:37:04.171 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:37:04.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823839c0]
19:37:04.171 3 CLASSPNP.SYS[f8582fd7] -> nt!IofCallDriver -> \Device\00000066[0x8235cf18]
19:37:04.171 5 ACPI.sys[f84f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8235e300]
19:37:04.187 Scan finished successfully
19:38:04.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roanna\Desktop\MBR.dat"
19:38:04.890 The log file has been saved successfully to "C:\Documents and Settings\Roanna\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 07:45:28
-----------------------------
07:45:28.515 OS Version: Windows 5.1.2600 Service Pack 3
07:45:28.515 Number of processors: 2 586 0x209
07:45:28.515 ComputerName: ROANNA-36A94C04 UserName: Roanna
07:45:30.218 Initialize success
07:51:19.781 AVAST engine defs: 12060602
07:52:13.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:52:13.781 Disk 0 Vendor: ST380215A 3.AAD Size: 76319MB BusType: 3
07:52:13.796 Disk 0 MBR read successfully
07:52:13.812 Disk 0 MBR scan
07:52:13.937 Disk 0 Windows XP default MBR code
07:52:13.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
07:52:13.984 Disk 0 scanning sectors +156280320
07:52:14.125 Disk 0 scanning C:\WINDOWS\system32\drivers
07:52:46.890 Service scanning
07:53:29.453 Modules scanning
07:53:49.937 Disk 0 trace - called modules:
07:53:49.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
07:53:49.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d4030]
07:53:49.968 3 CLASSPNP.SYS[f8582fd7] -> nt!IofCallDriver -> \Device\00000066[0x823d7a40]
07:53:49.984 5 ACPI.sys[f84f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823d7b58]
07:53:50.812 AVAST engine scan C:\WINDOWS
07:54:30.171 AVAST engine scan C:\WINDOWS\system32
08:08:28.765 AVAST engine scan C:\WINDOWS\system32\drivers
08:10:40.312 AVAST engine scan C:\Documents and Settings\Roanna
08:14:44.578 Disk 0 MBR has been saved successfully to "E:\MISS D\MBR.dat"
08:14:44.750 The log file has been saved successfully to "E:\MISS D\aswMBR.txt"

Attached Files

•  MBR.zip   499bytes   80 downloads

[Advertisements]

Can you provide me with screen shot of that payment pop-up?

For script issue you need to follow these below methods to troubleshoot this issue.

Method 1: Disable script debugging.

Method 2: Test a Web page from another user account, another browser, and another computer

Method 3: Verify that Active Scripting, ActiveX, and Java are not being blocked by Internet Explorer

Method 4: Remove all the temporary Internet-related files

To perform the above troubleshooting you need to follow this below provided Microsoft article.

How to troubleshoot script errors in Internet Explorer on Windows-based computers

http://support.micro....aspx/kb/308260

[Render]

Can you provide me with screen shot of that payment pop-up?

For script issue you need to follow these below methods to troubleshoot this issue.

Method 1: Disable script debugging.

Method 2: Test a Web page from another user account, another browser, and another computer

Method 3: Verify that Active Scripting, ActiveX, and Java are not being blocked by Internet Explorer

Method 4: Remove all the temporary Internet-related files

To perform the above troubleshooting you need to follow this below provided Microsoft article.

How to troubleshoot script errors in Internet Explorer on Windows-based computers

http://support.micro....aspx/kb/308260

[rdbadger]

yep - that is the second one of the three that I posted - the one in the middle - it says something like "if you were making a purchase you should click cancel. Otherwise click retry"

[rdbadger]

ok so just tried running eset on this non-infected computer - had similiar experience - no option to just "run add on", only option is to "install" and again there are two warning messages as I put in that first screen shot on the left!

[Render]

OK. And what happens if you click on those two pop ups Retry and on second one Cancel?

[rdbadger]

I hadn't tried retry just in case it was not legit!! I just cancelled as you can appreciate I am now a little warey of anything that looks suspicious!

[rdbadger]

attempted again, pressesd retry on the first, took me to a blank screen!

[Render]

Then click Cancel and on second one also Cancel.

[rdbadger]

6th time lucky! went to the website for a few alternative instructions in how to get it to run - now its running according to the pic

[rdbadger]

when I turned symantec back on to auto protect, this is what it registered

Attached Thumbnails

• 

[Render]

OK. Let me know the results when finished.

[rdbadger]

will do! it's at 30%

[rdbadger]

ESET online scanner
THREATS FOUND AND CLEANED
scanned files 109598
infected files 4
CLEANED FILES 4
tOTAL SCAN TIME 2:32
SCAN STATUS finished

[rdbadger]

does the eset have logs? couldn't find them? what's the next step for these?

[rdbadger]

Found where the log results were!

C:\Documents and Settings\Roanna\Local Settings\Temp\jar_cache6246749947616830150.tmp a variant of Java/Exploit.CVE-2012-0507.AN trojan deleted - quarantined
C:\Documents and Settings\Roanna\Local Settings\Temp\NERO14182\Toolbar.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
C:\Documents and Settings\Roanna\My Documents\windows ME stuff 2\windows ME computer\school related\Setup_FreeIpodConverter.exe Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\Roanna\My Documents\windows ME stuff 2\windows ME computer\school related\Setup_FreeVideoConverter.exe Win32/Toolbar.Widgi application deleted - quarantined