Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sent here from Tech Dept

Started by shajoe44 , May 04 2014 05:40 PM

  • Please log in to reply

#46
shajoe44
Posted 08 May 2014 - 01:41 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

start up messages

Attached Thumbnails

  • latest.JPG
  • latest1.JPG
  • latest2.JPG

  • 0

Advertisements

#47
RKinner
Posted 08 May 2014 - 01:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Uninstall it then and that should be the last error we have showing.  Did you try a new user and see if it could download and install dropbox?


  • 0

#48
shajoe44
Posted 08 May 2014 - 01:49 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

yes  i created a new user and still cant open and install dropbox  same error message


  • 0

#49
RKinner
Posted 08 May 2014 - 01:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The Egis error is My Winlocker.  If you have uninstalled it then we can stop it with FRST.

 

The second is from ACER:  

Filename: LManager.exe Command: %ProgramFiles%\Launch Manager\LManager.exe

Description:

This file is installed with the software for Acer Multimedia Keyboards made by  
Dritek System Inc. and is part of the Launch Manager.  If it is disabled, the special features of the keyboard will not work.
File Location:

%ProgramFiles%\Launch Manager\LManager.exe

 

 

 

 

You might look and see if you can download it again from them.  Then uninstall it and reinstall.

 

When you ran the disk check did it take a while to complete?


  • 0

#50
shajoe44
Posted 08 May 2014 - 02:22 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

I have run so many things.....lol......I do know one thing the proram that said may take an hour only took a few seconds. The program I ran that had that long list of items checked took a good little while to run


  • 0

#51
RKinner
Posted 08 May 2014 - 02:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

It doesn't sound like check disk ran then.  It really should take an hour or more.  Try booting into Safe Mode with Command Prompt and then type:

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose the  Command prompt option.  You can try to login as Administrator.  On XP home there is no password by default.  If that doesn't work try your new login.)
 
chkdsk  /r

  • 0

#52
shajoe44
Posted 08 May 2014 - 06:45 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

running chkdisk now


  • 0

#53
shajoe44
Posted 08 May 2014 - 06:57 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

its finished


  • 0

#54
RKinner
Posted 08 May 2014 - 07:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run vew for system and applications


  • 0

#55
shajoe44
Posted 08 May 2014 - 07:49 PM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/05/2014 9:47:44 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2014 8:53:49 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Online Backup service failed to start due to the following error:  The system cannot find the path specified.  
 
Log: 'System' Date/Time: 08/05/2014 7:45:59 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 
 
Log: 'System' Date/Time: 08/05/2014 7:45:34 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm Fips intelppm IPSec MRxSmb mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT RasAcd Rdbss Tcpip 
 
Log: 'System' Date/Time: 08/05/2014 7:45:34 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.  
 
Log: 'System' Date/Time: 08/05/2014 7:45:34 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.  
 
Log: 'System' Date/Time: 08/05/2014 7:45:34 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.  
 
Log: 'System' Date/Time: 08/05/2014 7:45:34 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.  
 
Log: 'System' Date/Time: 08/05/2014 7:44:19 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 
 
Log: 'System' Date/Time: 08/05/2014 3:33:57 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Online Backup service failed to start due to the following error:  The system cannot find the path specified.  
 
Log: 'System' Date/Time: 07/05/2014 11:14:37 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Online Backup service failed to start due to the following error:  The system cannot find the path specified.  
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2014 7:40:10 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\MARYMOODY-PC on the network \Device\NetBT_Tcpip_{839A1957-E156-40E8-B812-9D68D5E08C5B}. The data is the error code. 
 
Log: 'System' Date/Time: 08/05/2014 3:07:08 PM
Type: warning Category: 0
Event: 8021 Source: BROWSER
The browser was unable to retrieve a list of servers from the browser master \\MARYMOODY-PC on the network \Device\NetBT_Tcpip_{839A1957-E156-40E8-B812-9D68D5E08C5B}. The data is the error code. 
 
Log: 'System' Date/Time: 08/05/2014 3:07:08 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0026C798E802.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 
 
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/05/2014 9:48:08 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/05/2014 9:39:03 PM
Type: error Category: 0
Event: 10005 Source: MsiInstaller
Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,  
 
Log: 'Application' Date/Time: 08/05/2014 6:39:02 PM
Type: error Category: 0
Event: 10005 Source: MsiInstaller
Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,  
 
Log: 'Application' Date/Time: 08/05/2014 5:39:03 PM
Type: error Category: 0
Event: 10005 Source: MsiInstaller
Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,  
 
Log: 'Application' Date/Time: 08/05/2014 4:39:03 PM
Type: error Category: 0
Event: 10005 Source: MsiInstaller
Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,  
 
Log: 'Application' Date/Time: 08/05/2014 3:39:02 PM
Type: error Category: 0
Event: 10005 Source: MsiInstaller
Product: Google Update Helper -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,  
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

Advertisements

#56
RKinner
Posted 08 May 2014 - 09:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I think most of the errors are from earlier when you were in safe mode but let's run ComboFix

 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  If it want to install the Recovery Console, let it.
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt or c:\combofix\combofix.txt I'll need to see that in your reply.

  • 0

#57
shajoe44
Posted 09 May 2014 - 06:34 AM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts
ComboFix 14-05-07.03 - Miriam Moody 05/09/2014   8:11.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1013.598 [GMT -4:00]
Running from: c:\documents and settings\Miriam Moody\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Services.reg
c:\windows\system32\Cache
c:\windows\system32\Cache\0fa282c9d529e4b9.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2ca6ac44e0e94169.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\31a291f8d165505f.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3d460de6a666895a.fb
c:\windows\system32\Cache\53ad2769732686cf.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7070d4472660108f.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a695873fec9e21ee.fb
c:\windows\system32\Cache\a8185f90e594b9d6.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b24e6240dbc05d02.fb
c:\windows\system32\Cache\b9a4af427c2f2ec6.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cb44d229b7a207c3.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d46a6a3836bb2904.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f28e19a5688e30de.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))
.
.
2014-05-08 23:43 . 2014-05-08 23:43 -------- d-----w- c:\documents and settings\Administrator
2014-05-08 03:20 . 2014-05-08 03:20 -------- d-----w- c:\program files\Speccy
2014-05-08 02:45 . 2014-05-08 02:45 -------- d-----w- c:\documents and settings\Jerry
2014-05-08 01:40 . 2014-05-08 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-05-08 01:19 . 2014-05-08 01:19 -------- d-----w- c:\program files\Tweaking.com
2014-05-06 20:21 . 2014-05-06 20:34 -------- d-----w- C:\06aa9c2b292a4c23214602f75af6d2
2014-05-05 02:11 . 2014-05-05 11:20 -------- d-----w- C:\FRST
2014-05-05 01:53 . 2014-05-05 01:53 -------- d-----w- c:\windows\ERUNT
2014-05-05 01:41 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-05 01:39 . 2014-05-05 01:42 -------- d-----w- C:\AdwCleaner
2014-05-02 15:06 . 2014-05-05 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\systemk
2014-05-01 12:57 . 2014-05-01 12:57 -------- d-----w- c:\windows\system32\NtmsData
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\program files\Auslogics
2014-04-26 18:02 . 2014-04-29 17:38 -------- d-----w- c:\documents and settings\Miriam Moody\usb_driver
2014-04-26 18:02 . 2014-04-29 17:38 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\Miriam Moody\Local Settings\Application Data\VS Revo Group
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-04-25 17:22 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\program files\VS Revo Group
2014-04-15 13:08 . 2014-04-15 13:08 -------- d-----w- c:\documents and settings\Miriam Moody\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 17:38 . 2010-10-15 17:30 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-14 02:36 . 2013-11-28 21:45 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-14 02:35 . 2013-11-28 21:45 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-14 02:35 . 2013-11-28 21:45 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-14 02:35 . 2013-11-28 21:45 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-14 02:35 . 2013-11-28 21:45 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-14 02:35 . 2013-11-28 21:45 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-14 02:35 . 2013-11-28 21:45 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-14 02:35 . 2013-11-28 21:45 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-28 21:45 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-28 3568312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Miriam Moody\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/28/2013 5:45 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/28/2013 5:45 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/28/2013 5:45 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/28/2013 5:45 PM 410784]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 5:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 5:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 5:04 AM 58800]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [11/28/2013 5:45 PM 67824]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 4:11 AM 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 5:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 4:56 AM 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 3:38 AM 61552]
S2 NOBU;Norton Online Backup;"c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE --> c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 4:30 AM 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [7/22/2010 4:31 AM 82384]
S3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [11/1/2013 4:34 PM 1987588]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 10:41 PM 305520]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/25/2014 1:22 PM 27064]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 6:48 PM 14624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-02 12:50 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-28 02:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1210k545l0414wu45w4882u238
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-SuiteTray - c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
AddRemove-M2698023 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
AddRemove-M2833941 - c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2840628v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2858302v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2861188 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2901110v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 08:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-05-09  08:24:40
ComboFix-quarantined-files.txt  2014-05-09 12:24
.
Pre-Run: 116,205,273,088 bytes free
Post-Run: 116,228,116,480 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6054EEF587ED22F6C8C6A62ACA7A8D62
A36C5E4F47E84449FF07ED3517B43A31

  • 0

#58
RKinner
Posted 09 May 2014 - 08:42 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
 
Copy the text between the lines of stars by highlighting and Ctrl + c.
 
******************************************
 
DirLook::
C:\Program Files\Common
%user%\library
 
Driver::
NOBU
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EgisUpdate"=-
 
******************************************
 
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
 
Pause your anti-virus.
 
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
 
It will probably reboot your PC.  Post the new log. 
 
Did you get any error popups on boot?
 
Ron

  • 0

#59
shajoe44
Posted 09 May 2014 - 09:13 AM

shajoe44

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 262 posts

got the following errors on reboot......hkcmd.exe...........laanotif.exe............mwlDaemon.exe..........LManager.exe............Rundll............

 

 

ComboFix 14-05-07.03 - Miriam Moody 05/09/2014  10:53:39.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1013.443 [GMT -4:00]
Running from: c:\documents and settings\Miriam Moody\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miriam Moody\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NOBU
-------\Service_NOBU
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-09 to 2014-05-09  )))))))))))))))))))))))))))))))
.
.
2014-05-08 23:43 . 2014-05-08 23:43 -------- d-----w- c:\documents and settings\Administrator
2014-05-08 03:20 . 2014-05-08 03:20 -------- d-----w- c:\program files\Speccy
2014-05-08 02:45 . 2014-05-08 02:45 -------- d-----w- c:\documents and settings\Jerry
2014-05-08 01:40 . 2014-05-08 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-05-08 01:19 . 2014-05-08 01:19 -------- d-----w- c:\program files\Tweaking.com
2014-05-06 20:21 . 2014-05-06 20:34 -------- d-----w- C:\06aa9c2b292a4c23214602f75af6d2
2014-05-05 02:11 . 2014-05-05 11:20 -------- d-----w- C:\FRST
2014-05-05 01:53 . 2014-05-05 01:53 -------- d-----w- c:\windows\ERUNT
2014-05-05 01:41 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-05 01:39 . 2014-05-05 01:42 -------- d-----w- C:\AdwCleaner
2014-05-02 15:06 . 2014-05-05 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\systemk
2014-05-01 12:57 . 2014-05-01 12:57 -------- d-----w- c:\windows\system32\NtmsData
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\program files\Auslogics
2014-04-26 18:02 . 2014-04-29 17:38 -------- d-----w- c:\documents and settings\Miriam Moody\usb_driver
2014-04-26 18:02 . 2014-04-29 17:38 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\Miriam Moody\Local Settings\Application Data\VS Revo Group
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-04-25 17:22 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\program files\VS Revo Group
2014-04-15 13:08 . 2014-04-15 13:08 -------- d-----w- c:\documents and settings\Miriam Moody\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 17:38 . 2010-10-15 17:30 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-14 02:36 . 2013-11-28 21:45 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-14 02:35 . 2013-11-28 21:45 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-14 02:35 . 2013-11-28 21:45 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-14 02:35 . 2013-11-28 21:45 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-14 02:35 . 2013-11-28 21:45 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-14 02:35 . 2013-11-28 21:45 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-14 02:35 . 2013-11-28 21:45 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-14 02:35 . 2013-11-28 21:45 43152 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-28 21:45 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-06-22 968272]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-28 3568312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Miriam Moody\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82384]
R3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [2013-11-01 1987588]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-06-28 14624]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-14 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-14 410784]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-02 17840]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-02 15280]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-02 58800]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-14 67824]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x86.sys [2010-05-20 61552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-02 12:50 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-28 02:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1210k545l0414wu45w4882u238
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.152.132.23 205.152.37.23
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 11:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2014-05-09  11:10:33 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-09 15:10
ComboFix2.txt  2014-05-09 12:24
.
Pre-Run: 116,294,643,712 bytes free
Post-Run: 116,201,140,224 bytes free
.
- - End Of File - - 82053F5CA9D58DDAF3DA4273CD16E646
A36C5E4F47E84449FF07ED3517B43A31

  • 0

#60
RKinner
Posted 09 May 2014 - 09:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

This is going to remove access to "my winlocker" and also kill off the special keys but I don't think either is working correctly.  Do we still get errors on boot?

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=-
"EgisUpdate"=-
"EgisTecPMMUpdate"=-
"mwlDaemon"=-
"LManager"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP