Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help, csrsc, linvdqay [Solved]


  • This topic is locked This topic is locked

#31
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I installed .net 3.5 since fixit requires 2.0 as stated in its installation. It gave me link to 2.0, but it said on webpage that i should install 3.5, so i did that.

After running fixit, it seems to have fixed 2 things, but failed on repairing one.

http://i.imgur.com/Uh0nZqp.png?1

After that i tried to download windows updates but failed.

Edited by fartuditu, 16 November 2013 - 03:30 PM.

  • 0

Advertisements


#32
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I noticed i didn't install updates for .net 3.5, so i updated it as stated on this page:

http://www.microsoft...s.aspx?id=25150

I restarted pc and run fixit, this time with svchost on, and same thing happened. I tried to get solution via fixit later on, but couldn't.

Also this might be insignificant, but i have some services disabled from while ago, so i'll list them as maybe enabling some might be part of the solution.

http://i.imgur.com/zM2W1GX.png
  • 0

#33
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Could you please run the attached batch file. It should generate a log file for you to post.

Then please run FSS again.

Does windows updates throw an error code?

Attached Files


  • 0

#34
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry, i don't understand which batch file. Can you please explain where to find it?

So far i didn't get windows reports, but i just set error report service on automatic, so i might get those in the future. I seem to have disabled that service some time ago, sorry about that.


edit: i was quick to post - i see batch file now. I'll run it and FSS afterwards, thanks.

Edited by fartuditu, 16 November 2013 - 05:29 PM.

  • 0

#35
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I noticed these while file was running:

mshtml.dll had no entry point

LoadLibrary("wucltux.dll") failed - the specified module could not be found.
LoadLibrary("muweb.dll") failed - the specified module could not be found.
LoadLibrary("wuwebv.dll") failed - the specified module could not be found.

After i ran batch file and FSS, i tried to update windows, but it's the same as before, and no error code appears.

Here are the logs:





The @%SystemRoot%\system32\qmgr.dll,-1000 service is stopping.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was stopped successfully.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The @%SystemRoot%\system32\qmgr.dll,-1000 service is starting.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was started successfully.

The Automatic Updates service is starting.
The Automatic Updates service was started successfully.











Farbar Service Scanner Version: 10-11-2013
Ran by Sisavac (administrator) on 17-11-2013 at 00:37:02
Running from "C:\Documents and Settings\Sisavac\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#36
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I noticed stopping automatic updates under services.msc would make cpu usage go back to normal. I searched a little, but didn't find much. Perhaps 2 following links might help:

http://download.wsusoffline.net/
http://www.microsoft...s.aspx?id=41074
  • 0

#37
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Today when i started pc, i had tray icon, offering me to install windows updates. I thought that was great, but then like web page, it offered express and custom install, so i picked express and svchost started consuming all processor. I'll leave it like this for an hour if needed, but as i read on internet, it shouldn't consume all cpu longer than some 10 minutes.


edit: Seems it's working after all!

http://i.imgur.com/02vqE8q.png

Edited by fartuditu, 17 November 2013 - 04:24 AM.

  • 0

#38
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It seems to have finished, but basically did nothing as far as i can see. Btw i'm pretty sure i have original windows, i remember activating it when i installed it, and not registering it.

Here's the WindowsUpdare.log:


https://www.dropbox....wsUpdate.log?m=


I got bunch of update logs in WINDOWS folder in c, and all look like this one:










[KB2757638.log]
1.203: ================================================================================
1.203: 2013/11/17 11:20:38.171 (local)
1.203: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.218: Hotfix started with following command line: /si /ParentInfo:e57c3c05328c2244bd3aa3d213e3101e
1.218: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.359: ---- Old Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.359: ---- New Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.375: SetProductTypes: InfProductBuildType=BuildType.IP
1.390: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.406: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2757638$
1.406: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.421: ref tag c:\windows\system32\sp4.cab does not exist
1.421: ref tag c:\windows\system32\sp3.cab does not exist
1.421: ref tag c:\windows\system32\sp2.cab does not exist
1.421: ref tag c:\windows\system32\sp1.cab does not exist
1.421: ref tag c:\windows\system32\driver.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext1.cab does not exist
1.421: ref tag c:\windows\system32\wms4.cab does not exist
1.421: ref tag c:\windows\system32\wms41.cab does not exist
1.421: ref tag c:\windows\system32\ims.cab does not exist
1.421: ref tag c:\windows\system32\ims1.cab does not exist
1.421: ref tag c:\windows\system32\ins.cab does not exist
1.421: ref tag c:\windows\system32\ins1.cab does not exist
1.421: Starting AnalyzeComponents
1.421: AnalyzePhaseZero used 0 ticks
1.421: No c:\windows\INF\updtblk.inf file.
1.421: OEM file scan used 0 ticks
1.578: AnalyzePhaseOne: used 157 ticks
1.578: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.578: AnalyzeComponents: Hotpatching is disabled.
1.578: FindFirstFile c:\windows\$hf_mig$\*.*
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.609: AnalyzeForBranching used 31 ticks.
1.609: AnalyzePhaseTwo used 0 ticks
1.609: AnalyzePhaseThree used 0 ticks
1.625: AnalyzePhaseFive used 16 ticks
1.625: AnalyzePhaseSix used 0 ticks
1.625: AnalyzeComponents used 204 ticks
1.625: Downloading 2 files
1.625: bPatchMode = TRUE
1.625: Inventory complete: ReturnStatus=0, 219 ticks
1.625: Num Ticks for invent : 219
1.640: [dumpDownloadTask] Update.exe posting request file to download a total of 492647 bytes (492647 bytes in patches and 0 bytes in fallbacks)
1.640: dumpDownloadTask returned 0xf200 (more files to download)
1.671: KB2757638 installation did not complete.
1.671: Update.exe extended error code = 0xf200
1.172: ================================================================================
1.172: 2013/11/17 11:35:43.812 (local)
1.172: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.172: Hotfix started with following command line: /si /ParentInfo:c924ac2596bc0146bc988bb781e01838
1.172: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: ---- Old Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: ---- New Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: SetProductTypes: InfProductBuildType=BuildType.IP
1.313: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.344: Express: 492,647 bytes were downloaded.
1.579: [PatchFilesFromResponseBlob] returning STATUS_READY_TO_INSTALL
1.610: KB2757638 installation did not complete.
1.610: Update.exe extended error code = 0xf201
  • 0

#39
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
When i tried to turn off computer, it gave me an option to install updates, so i allowed him. It tried to install 143 updates i think. I think though nothing happened. Here's the windows update log again.

https://www.dropbox....wsUpdate.log?m=


After updates were downloaded yesterday, i had no problem with 100% cpu.
  • 0

#40
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
So, it seems to have downloaded but not installed? Strange, as the logs are showing a BITS error.

I think we need to try the big hammer:

Download ComboFix from one of the following locations:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy

    Posted Image

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

Advertisements


#41
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I don't know how to check if updates are installed. I just guessed form looking at log. I ran ComboFix and didn't notice anything unusual during its run. Here's the log:










ComboFix 13-11-18.01 - Sisavac 11/18/2013 17:32:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.644 [GMT 1:00]
Running from: c:\documents and settings\Sisavac\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASC3360PR
.
.
((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-13 19:11 . 2013-11-13 19:11 -------- d-----w- C:\_OTL
2013-11-12 21:06 . 2013-11-12 21:06 171344 ----a-w- C:\kidokiller.exe
2013-11-12 14:48 . 2008-08-14 16:35 -------- d-----w- C:\Sality_RegKeys
2013-11-12 14:31 . 2010-11-12 09:13 171344 ----a-w- C:\SalityKiller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 14:47 . 2013-11-12 14:47 6396 ----a-w- C:\sality_regkeys.zip
2013-11-12 14:31 . 2013-11-12 14:31 164134 ----a-w- C:\salitykiller.zip
2013-10-13 07:25 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2006-02-28 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2006-02-28 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-08-29 01:31 . 2006-02-28 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-12 1982312]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sisavac^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Sisavac\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5406:TCP"= 5406:TCP:gcpfvbh
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/9/2013 2:33 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/9/2013 2:33 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/9/2013 2:33 PM 22856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kongregate.com/games/nexoncls/cloudstone
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{CB12A8FE-078E-4D2A-99AD-120274A5ADA9}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-22 13:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-16 21:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WININET.dll
c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2013-11-18 17:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-18 16:43
ComboFix2.txt 2013-11-10 00:34
.
Pre-Run: 13,294,624,768 bytes free
Post-Run: 14,372,974,592 bytes free
.
- - End Of File - - 8635ED319B75380A9EFC4657AF891365
8F558EB6672622401DA993E1E865C861
  • 0

#42
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Did you try again after ComboFix?

When you visit the update website, does it still find updates for your computer?
  • 0

#43
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I went to update page now, and had to install activex i think, after which i was redirected here:

http://i.imgur.com/zeBsoW3.png

I didn't donload Security Essentials though. I went again to update page and got this:

http://i.imgur.com/evncZVH.png

So i let it download and install 4 updates and reboot. I guess Automatic updates did the job after all? Thanks for all the help about removing viruses and helping me get sp3 along with updates. What should i do next?
  • 0

#44
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
It looks like it went through. Now if you go to the website, it should say "up to date."

You should really consider getting an anti-virus to protect your computer. I would recommend Microsoft Security Essentials, since it is light-weight and you are concerned about resources. I notice that you have MBAM, and it is a good program too, but it is not a anti-virus.

Let's run an online scan to check for anything that may have been missed, then we can clean up.


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • ESET log
  • Any outstanding problems?

  • 0

#45
fartuditu

fartuditu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I got distracted by the end of scanning process, so i failed to save log. I'll start the scan tomorrow morning, and will post, but from what i've sen, it detected nothing. I downloaded Security Essentials, and will install it and run after tomorrow's eset scan. I didn't notice any sort of problems. Here's the log from SecurityCheck:







Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Java SE Development Kit 7 Update 45
Adobe Flash Player 11.9.900.117
Mozilla Firefox 24.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP