Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus Infection - Programmes Disabled

Started by elielieli , Nov 18 2015 05:37 AM

Please log in to reply

#16
RKinner

Posted 22 November 2015 - 06:40 AM

Malware Expert

Expert
24,623 posts

Download it again. Rename it to george.exe and try it again.

#17
elielieli

Posted 22 November 2015 - 07:24 AM

Member

Topic Starter
Member
176 posts

Tried it.

Same deal.

I did a search , in case it was hiding somewhere.

But no luck.

#18
RKinner

Posted 22 November 2015 - 09:02 AM

Malware Expert

Expert
24,623 posts

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it.

Close all browsers and open progrms before running Speccy. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Save the file and close notepad Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

#19
elielieli

Posted 22 November 2015 - 12:04 PM

Member

Topic Starter
Member
176 posts

Speccy file attachemet

#20
elielieli

Posted 22 November 2015 - 12:06 PM

Member

Topic Starter
Member
176 posts

sorry

here it is

Attached Files

ASUS-LAPTOP.txt 253.12KB 264 downloads

#21
elielieli

Posted 22 November 2015 - 12:26 PM

Member

Topic Starter
Member
176 posts

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 85.16 0 K 28 K 0

services.exe 9.38 2,352 K 3,920 K 968 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

procexp.exe 3.91 16,016 K 8,376 K 696 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (A system-level error occurred while verifying trust) Sysinternals - www.sysinternals.com

SynTPEnh.exe 0.78 1,584 K 4,940 K 860 Synaptics TouchPad Enhancements Synaptics, Inc. (No signature was present in the subject) Synaptics, Inc.

mbbService.exe 0.78 2,620 K 4,776 K 4068

Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs

ZCfgSvc.exe 10,944 K 16,468 K 740 Intel® PROSet/Wireless Zero Config Service Intel® Corporation (No signature was present in the subject) Intel® Corporation

wuauclt.exe 6,588 K 7,632 K 3732

wmiprvse.exe 2,388 K 6,740 K 1504 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

wmiprvse.exe 6,192 K 11,004 K 2208 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

winlogon.exe 6,980 K 3,308 K 924 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

UpdateChecker.exe 9,200 K 3,424 K 1584 (Verified) Cole Williams

unsecapp.exe 2,304 K 4,300 K 2772 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

unsecapp.exe 2,272 K 3,988 K 2872 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

System 0 K 256 K 4

svchost.exe 12,888 K 21,780 K 1308 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 2,220 K 4,952 K 1244 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,188 K 3,156 K 1612 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,212 K 3,072 K 1556 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,468 K 3,912 K 1164 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,240 K 3,488 K 468 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

spoolsv.exe 3,448 K 5,088 K 284 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

smss.exe 172 K 432 K 844 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

sm56hlpr.exe 1,064 K 3,260 K 732 Motorola SM56 Win32 Utility Motorola Inc. (No signature was present in the subject) Motorola Inc.

S24EvMon.exe 10,556 K 15,520 K 1492 Intel® Wireless Management Service Intel® Corporation (No signature was present in the subject) Intel® Corporation

RTHDCPL.exe 20,648 K 21,700 K 880 Realtek HD Audio Control Panel Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.

RegSrvc.exe 968 K 3,120 K 3208 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group

NBService.exe 1,128 K 3,500 K 3088

MulMouse.exe 1,872 K 5,364 K 720 MulMouse MFC Application (No signature was present in the subject)

msmsgs.exe 1,220 K 4,356 K 1424 Windows Messenger Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

mscorsvw.exe 488 K 1,796 K 1896 .NET Runtime Optimization Service Microsoft Corporation (A system-level error occurred while verifying trust) Microsoft Corporation

mDNSResponder.exe 996 K 3,068 K 1824 Bonjour Service Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.

MagicWl.exe 1,700 K 3,940 K 1128 MagicWheel MFC Application (No signature was present in the subject)

lsass.exe 4,048 K 6,300 K 980 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

iTunesHelper.exe 10,092 K 14,068 K 816 iTunesHelper Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.

igfxpers.exe 724 K 2,916 K 1212 persistence Module Intel Corporation (No signature was present in the subject) Intel Corporation

iFrmewrk.exe 13,744 K 18,932 K 764 Intel® PROSet/Wireless Framework Intel® Corporation (A system-level error occurred while verifying trust) Intel® Corporation

hkcmd.exe 756 K 2,968 K 1200 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation

explorer.exe 10,824 K 18,164 K 1960 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

EvtEng.exe 14,020 K 17,612 K 1912 Intel® PROSet/Wireless Event Log Service Intel® Corporation (A system-level error occurred while verifying trust) Intel® Corporation

ehtray.exe 724 K 2,748 K 700 Media Center Tray Applet Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

ehSched.exe 756 K 2,768 K 1772 Media Center Scheduler Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

ehRecvr.exe 2,460 K 4,604 K 1948 Media Center Receiver Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

ctfmon.exe 936 K 3,684 K 1408 CTF Loader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

csrss.exe 1,544 K 4,056 K 900 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

AvastSvc.exe 33,252 K 41,216 K 1756 avast! Service AVAST Software (A system-level error occurred while verifying trust) AVAST Software

AppleMobileDeviceService.exe 9,156 K 12,212 K 544 YSLoader.exe Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.

#22
RKinner

Posted 22 November 2015 - 02:12 PM

Malware Expert

Expert
24,623 posts

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exeand Save it then run it

If it doesn't do it for you, reboot after it runs.

Run Process Explorer again and post the new log.

Right click on Comboffix.exe or george.exe and select Properties. Is there a Shortcut Tab? What does it say after Target: If not, look under General tab and tell me what it says After Location.

#23
elielieli

Posted 22 November 2015 - 03:19 PM

Member

Topic Starter
Member
176 posts

i ran this in safe mode , as the programme would open and then close in normal reboot mode , or the computer would simply freeze.

Combofix worked well.I'll post the log report underneath this one.

There was no shortcut tab.

After target : c:documents and setting/asus/desktop

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 82.35 0 K 16 K 0

Interrupts 16.91 0 K 0 K n/a Hardware Interrupts and DPCs

procexp.exe 0.74 10,180 K 8,956 K 932 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

wmiprvse.exe 1,980 K 5,028 K 1092 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

winlogon.exe 3,260 K 2,320 K 240 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

System 0 K 208 K 4

svchost.exe 8,612 K 12,928 K 580 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,324 K 3,528 K 456 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,632 K 4,196 K 528 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

smss.exe 168 K 416 K 168 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

services.exe 1,652 K 3,788 K 284 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

lsass.exe 2,132 K 1,236 K 296 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

explorer.exe 8,220 K 14,336 K 804 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

csrss.exe 1,372 K 3,104 K 216 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

Edited by elielieli, 22 November 2015 - 03:24 PM.

#24
elielieli

Posted 22 November 2015 - 03:20 PM

Member

Topic Starter
Member
176 posts

combofix log

ComboFix 15-11-17.01 - Asus 22/11/2015 20:50:25.3.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.643 [GMT 0:00]

Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\Settings

c:\windows\system32\Settings\Settings.ini

((((((((((((((((((((((((( Files Created from 2015-10-22 to 2015-11-22 )))))))))))))))))))))))))))))))

2015-11-22 15:25 . 2015-11-22 15:34 -------- d-----w- c:\program files\Speccy

2015-11-22 01:33 . 2015-11-22 01:33 -------- d-----w- C:\found.000

2015-11-21 22:26 . 2015-11-21 22:35 -------- d-----w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.ZZZ...ZZZZ

2015-11-21 22:23 . 2015-11-21 22:34 170200 ----a-w- c:\windows\system32\drivers\4E2249A6.sys

2015-11-21 19:25 . 2015-11-21 19:25 -------- d-----w- c:\program files\NirSoft

2015-11-19 12:07 . 2015-11-21 14:28 -------- d-----w- C:\FRST

2015-11-17 20:41 . 2015-11-17 22:19 -------- d-----w- c:\documents and settings\Asus\Local Settings\Application Data\MalwareProtectionLive

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-11-22 20:10 . 2014-10-28 19:41 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-11-07 21:46 . 2014-12-15 13:03 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys

2015-11-07 21:46 . 2014-12-15 13:03 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys

2015-10-15 20:45 . 2014-12-15 13:03 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2015-10-15 20:45 . 2015-08-30 15:18 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys

2015-10-15 20:45 . 2014-12-15 13:03 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2015-10-15 20:45 . 2014-12-15 13:03 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2015-10-15 20:45 . 2014-12-15 13:03 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2015-10-15 20:45 . 2014-12-15 13:03 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2015-10-15 20:45 . 2014-12-15 13:03 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2015-10-15 20:45 . 2015-10-15 20:46 313472 ----a-w- c:\windows\system32\aswBoot.exe

2015-10-15 20:45 . 2015-10-15 20:45 43112 ----a-w- c:\windows\avastSS.scr

2015-10-05 09:50 . 2014-10-28 19:40 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2015-10-05 09:50 . 2012-07-20 19:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2006-03-15 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\kernel32.dll

[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\$NtUninstallKB2922229$\kernel32.dll

[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\erdnt\cache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2006-03-15 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\system32\mshtml.dll

[-] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2014-02-25 . A4F14DC9FEC425C91C5DEDABB87A0807 . 3094528 . . [6.00.2900.6525] . . c:\windows\$NtUninstallKB2964358$\mshtml.dll

[-] 2014-02-04 . 5F115F759EEEB0D2BC95379DBA3338DE . 3094528 . . [6.00.2900.6512] . . c:\windows\$NtUninstallKB2936068$\mshtml.dll

[-] 2014-02-04 . AACB479CC6882F853AEF88746B0FBDD4 . 3094528 . . [6.00.2900.6498] . . c:\windows\$NtUninstallKB2925418$\mshtml.dll

[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll

[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll

[-] 2013-01-09 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll

[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll

[-] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\system32\wininet.dll

[-] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\system32\dllcache\wininet.dll

[-] 2014-02-04 . 54A41CA17593B92331C227CBA107EF43 . 668672 . . [6.00.2900.6512] . . c:\windows\$NtUninstallKB2936068$\wininet.dll

[-] 2014-02-04 . 08D149500622F63A4BFE08749D8BF73E . 668672 . . [6.00.2900.6498] . . c:\windows\$NtUninstallKB2925418$\wininet.dll

[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll

[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll

[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll

[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll

[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll

[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll

[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\erdnt\cache\wininet.dll

[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll

[-] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3GDR\wininet.dll

[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll

[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3QFE\wininet.dll

[-] 2012-02-28 . AC3E276FF2D3C4A89B85D2A8587EF9FA . 668672 . . [6.00.2900.6197] . . c:\windows\$hf_mig$\KB2675157\SP3QFE\wininet.dll

[-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3GDR\wininet.dll

[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll

[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3QFE\wininet.dll

[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll

[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll

[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll

[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2006-03-15 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll

[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll

[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\erdnt\cache\ole32.dll

[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll

[-] 2006-03-15 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll

[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll

[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\erdnt\cache\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll

[-] 2006-03-15 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll

[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll

[-] 2006-03-15 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll

[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime

[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime

[-] 2006-03-15 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime

[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe

[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe

[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe

[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe

[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe

[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\erdnt\cache\ntkrnlpa.exe

[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe

[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe

[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2006-03-15 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\erdnt\cache\iexplore.exe

[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[-] 2006-03-15 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe

[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe

[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe

[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe

[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe

[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe

[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\erdnt\cache\ntoskrnl.exe

[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe

[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2006-03-15 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll

[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll

[-] 2006-03-15 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2015-10-15 20:45 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]

"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-09-14 1045720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-07 6133520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

CodecPackUpdateChecker.lnk - c:\windows\system32\C2MP\UpdateChecker.exe [2014-9-28 48744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2015-09-14 08:25 1045720 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [15/12/2014 13:03 49776]

S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [15/12/2014 13:03 208664]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [15/12/2014 13:03 794952]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [15/12/2014 13:03 435464]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [15/12/2014 13:03 24016]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15/12/2014 13:03 76000]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [28/10/2014 19:40 1135416]

S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbService.exe [25/08/2012 11:09 232288]

S2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [22/03/2004 12:45 6528]

S2 OutfoxTvService;OutfoxTvService;c:\program files\OutfoxTV\OutfoxTvService.exe --> c:\program files\OutfoxTV\OutfoxTvService.exe [?]

S2 Skype C2C Service;Skype C2C Service;"c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" --> c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [?]

S2 SkypeUpdate;Skype Updater;"c:\program files\Skype\Updater\Updater.exe" --> c:\program files\Skype\Updater\Updater.exe [?]

S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [30/08/2015 15:18 157888]

S3 cpuz138;cpuz138;\??\c:\docume~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys --> c:\docume~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys [?]

S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [19/04/2012 14:50 18560]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/07/2012 19:09 23256]

S3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [26/05/2012 09:07 6609920]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MUSBFLTR

Contents of the 'Scheduled Tasks' folder

2015-11-22 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-15 20:45]

2012-10-16 c:\windows\Tasks\SwitchDowngrade.job

- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]

2012-08-16 c:\windows\Tasks\SwitchReminder.job

- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]

2015-10-26 c:\windows\Tasks\switchShakeIcon.job

- c:\program files\NCH Swift Sound\Switch\switch.exe [2012-08-07 10:16]

------- Supplementary Scan -------

uStart Page = www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.default-search.net?sid=476&aid=130&itype=n&ver=11471&tm=302&src=ds&p=

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo!

FF - prefs.js: browser.startup.homepage - hxxps://dub121.mail.live.com/default.aspx?n=1088788631&fid=1#n=399048441&fid=1

FF - prefs.js: network.proxy.type - 0

- - - - ORPHANS REMOVED - - - -

Toolbar-10 - (no file)

HKCU-Run-AmazonMP3DownloaderHelper - c:\documents and settings\Asus\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe

HKLM-Run-DHAgent - c:\program files\DriverHound\DHAgent.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2015-11-22 21:02

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@DACL=(02 0010)

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@DACL=(02 0010)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@DACL=(02 0010)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\05\01\1c\10\0c\10?"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(240)

c:\windows\system32\netprovcredman.dll

Completion time: 2015-11-22 21:10:27

ComboFix-quarantined-files.txt 2015-11-22 21:10

ComboFix2.txt 2012-07-21 11:21

ComboFix3.txt 2012-07-20 22:46

Pre-Run: 1,372,209,152 bytes free

Post-Run: 1,619,865,600 bytes free

- - End Of File - - 834A88C1E259D16F1A629D603071CECE

8F558EB6672622401DA993E1E865C861

#25
RKinner

Posted 22 November 2015 - 08:28 PM

Malware Expert

Expert
24,623 posts

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::

C:\Program Files\Common

%user%\library

File::

c:\windows\system32\drivers\4E2249A6.sys

Folder::

c:\documents and settings\Asus\Local Settings\Application Data\MalwareProtectionLive

RootKit::

c:\windows\system32\drivers\4E2249A6.sys

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

See if you can get MalwareBytes to run:

Malwarebytes' Anti-Malware

:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

https://www.malwareb...nload/thankyou/

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.

* follow the prompts to install the program.

* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.

* The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

* Post that log back here.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

Right click on My Computer and select Manage then Event Viewer

Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

~~1. Please download the Event Viewer Tool by Vino Rosso~~

~~http://images.malwar...om/vino/VEW.exe~~

~~and save it to your Desktop:~~

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#26
elielieli

Posted 23 November 2015 - 08:04 AM

Member

Topic Starter
Member
176 posts

Im experiencing some problems carrying out your instructions.

Im using another laptop to write this , as internet access on the asus is intermittent.

I used a thumbdrive to transfer the text , only to find the text was somewhat different.

A continuous line of text and additional boxes interspersing the text.I cleaned it up so it resembled your original post

put it into run and received an error message.

Ive been restarting the computer over and over for the last 45 mins, because there are times when things start working, if you persevere.

Last night i was able access safe mode which i hadn't been able to before.Today it 'aint happening!

Its the same with programmes.Sometimes they open , others , not.

Edited by elielieli, 23 November 2015 - 08:04 AM.

#27
RKinner

Posted 23 November 2015 - 09:55 AM

Malware Expert

Expert
24,623 posts

I saw signs of a hard drive problem so see ifyou can do this part:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

Click Yes to schedule the disk check, but don't restart yet.

Right click on My Computer and select Manage then Event Viewer

Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#28
elielieli

Posted 23 November 2015 - 01:31 PM

Member

Topic Starter
Member
176 posts

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 23/11/2015 19:26:10

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\aswpatchmgt.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:10

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:10

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/11/2015 19:26:10

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The Telephony service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 23/11/2015 19:26:09

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\GrimeFighter2.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:09

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:08

Type: error Category: 0

Event: 7032 Source: Service Control Manager

The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ System Application service, but this action failed with the following error: An instance of the service is already running.

Log: 'System' Date/Time: 23/11/2015 19:26:07

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/11/2015 19:26:07

Type: error Category: 0

Event: 7001 Source: Service Control Manager

The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified driver is invalid.

Log: 'System' Date/Time: 23/11/2015 19:26:07

Type: error Category: 0

Event: 7000 Source: Service Control Manager

The HTTP service failed to start due to the following error: The specified driver is invalid.

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\aswData.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresws2.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresws.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:05

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:04

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresstd.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:04

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

Log: 'System' Date/Time: 23/11/2015 19:26:04

Type: error Category: 0

Event: 59 Source: SideBySide

Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresmai.dll. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 23/11/2015 19:26:04

Type: error Category: 0

Event: 59 Source: SideBySide

Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#29
elielieli

Posted 23 November 2015 - 01:37 PM

Member

Topic Starter
Member
176 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 23/11/2015 19:28:46

Type: error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledSPRetry 1984

Log: 'Application' Date/Time: 23/11/2015 19:28:46

Type: error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: m->NextScheduledEvent 1984

Log: 'Application' Date/Time: 23/11/2015 19:28:46

Type: error Category: 0

Event: 100 Source: Bonjour Service

Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 23/11/2015 19:26:09

Type: error Category: 8

Event: 4689 Source: COM+

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\crm\recoveryclerk2.cpp(1783), hr = 800705aa: Recover

Log: 'Application' Date/Time: 23/11/2015 19:26:06

Type: error Category: 8

Event: 4689 Source: COM+

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector failed

Log: 'Application' Date/Time: 23/11/2015 19:26:02

Type: error Category: 8

Event: 4689 Source: COM+

Log: 'Application' Date/Time: 23/11/2015 19:25:36

Type: error Category: 0

Event: 1041 Source: Userenv

Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 23/11/2015 19:25:36

Type: error Category: 0

Event: 1041 Source: Userenv

Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 23/11/2015 19:25:36

Type: error Category: 0

Event: 1041 Source: Userenv

Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Log: 'Application' Date/Time: 23/11/2015 19:25:36

Type: error Category: 0

Event: 1041 Source: Userenv

Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 23/11/2015 19:26:08

Type: warning Category: 105

Event: 4444 Source: COM+

An empty CRM log file was detected. It has been re-initialized. If this warning appears when the CRM log file is being initially created then no further action is required. Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance ID: {B0B9300D-EDEF-4559-970C-A655EBF2B1F6} Server Application Name: System Application Comsvcs.dll file version: ENU 2001.12.4414.702 shp

#30
RKinner

Posted 23 November 2015 - 02:40 PM

Malware Expert

Expert
24,623 posts

Uninstall

Bonjour

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

Copy the text in the code box by highlighting and Ctrl + c

 
/md5start
http.sys
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top

Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.