Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Infection - Programmes Disabled


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Download it again.  Rename it to george.exe and try it again.


  • 0

Advertisements


#17
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts

Tried it.

Same deal.

I did a search , in case it was hiding somewhere.

But no luck.


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

  • 0

#19
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts

Speccy file attachemet


  • 0

#20
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts

sorry

here it is

Attached Files


  • 0

#21
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 85.16 0 K 28 K 0
services.exe 9.38 2,352 K 3,920 K 968 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
procexp.exe 3.91 16,016 K 8,376 K 696 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (A system-level error occurred while verifying trust) Sysinternals - www.sysinternals.com
SynTPEnh.exe 0.78 1,584 K 4,940 K 860 Synaptics TouchPad Enhancements Synaptics, Inc. (No signature was present in the subject) Synaptics, Inc.
mbbService.exe 0.78 2,620 K 4,776 K 4068
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
ZCfgSvc.exe 10,944 K 16,468 K 740 Intel® PROSet/Wireless Zero Config Service Intel® Corporation (No signature was present in the subject) Intel® Corporation
wuauclt.exe 6,588 K 7,632 K 3732
wmiprvse.exe 2,388 K 6,740 K 1504 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wmiprvse.exe 6,192 K 11,004 K 2208 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 6,980 K 3,308 K 924 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
UpdateChecker.exe 9,200 K 3,424 K 1584 (Verified) Cole Williams
unsecapp.exe 2,304 K 4,300 K 2772 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
unsecapp.exe 2,272 K 3,988 K 2872 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 0 K 256 K 4
svchost.exe 12,888 K 21,780 K 1308 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,220 K 4,952 K 1244 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,188 K 3,156 K 1612 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,212 K 3,072 K 1556 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,468 K 3,912 K 1164 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,240 K 3,488 K 468 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
spoolsv.exe 3,448 K 5,088 K 284 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 172 K 432 K 844 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sm56hlpr.exe 1,064 K 3,260 K 732 Motorola SM56 Win32 Utility Motorola Inc. (No signature was present in the subject) Motorola Inc.
S24EvMon.exe 10,556 K 15,520 K 1492 Intel® Wireless Management Service Intel® Corporation (No signature was present in the subject) Intel® Corporation
RTHDCPL.exe 20,648 K 21,700 K 880 Realtek HD Audio Control Panel Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
RegSrvc.exe 968 K 3,120 K 3208 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
NBService.exe 1,128 K 3,500 K 3088
MulMouse.exe 1,872 K 5,364 K 720 MulMouse MFC Application (No signature was present in the subject) 
msmsgs.exe 1,220 K 4,356 K 1424 Windows Messenger Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
mscorsvw.exe 488 K 1,796 K 1896 .NET Runtime Optimization Service Microsoft Corporation (A system-level error occurred while verifying trust) Microsoft Corporation
mDNSResponder.exe 996 K 3,068 K 1824 Bonjour Service Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.
MagicWl.exe 1,700 K 3,940 K 1128 MagicWheel MFC Application (No signature was present in the subject) 
lsass.exe 4,048 K 6,300 K 980 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
iTunesHelper.exe 10,092 K 14,068 K 816 iTunesHelper Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.
igfxpers.exe 724 K 2,916 K 1212 persistence Module Intel Corporation (No signature was present in the subject) Intel Corporation
iFrmewrk.exe 13,744 K 18,932 K 764 Intel® PROSet/Wireless Framework Intel® Corporation (A system-level error occurred while verifying trust) Intel® Corporation
hkcmd.exe 756 K 2,968 K 1200 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation
explorer.exe 10,824 K 18,164 K 1960 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
EvtEng.exe 14,020 K 17,612 K 1912 Intel® PROSet/Wireless Event Log Service Intel® Corporation (A system-level error occurred while verifying trust) Intel® Corporation
ehtray.exe 724 K 2,748 K 700 Media Center Tray Applet Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehSched.exe 756 K 2,768 K 1772 Media Center Scheduler Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ehRecvr.exe 2,460 K 4,604 K 1948 Media Center Receiver Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ctfmon.exe 936 K 3,684 K 1408 CTF Loader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,544 K 4,056 K 900 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
AvastSvc.exe 33,252 K 41,216 K 1756 avast! Service AVAST Software (A system-level error occurred while verifying trust) AVAST Software
AppleMobileDeviceService.exe 9,156 K 12,212 K 544 YSLoader.exe Apple Inc. (A system-level error occurred while verifying trust) Apple Inc.

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
 
Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exeand Save it then run it 
 
If it doesn't do it for you, reboot after it runs.
 
Run Process Explorer again and post the new log.
 
Right click on Comboffix.exe or george.exe and select Properties.  Is there a Shortcut Tab?  What does it say after Target:  If not, look under General tab and tell me what it says After Location.

  • 0

#23
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
i ran this in safe mode , as the programme would open and then close in normal reboot mode , or the computer would simply freeze.
Combofix worked well.I'll post the log report underneath this one.
There was no shortcut tab.
After target : c:documents and setting/asus/desktop
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 82.35 0 K 16 K 0
Interrupts 16.91 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 0.74 10,180 K 8,956 K 932 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
wmiprvse.exe 1,980 K 5,028 K 1092 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 3,260 K 2,320 K 240 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 0 K 208 K 4
svchost.exe 8,612 K 12,928 K 580 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,324 K 3,528 K 456 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,632 K 4,196 K 528 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 168 K 416 K 168 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe 1,652 K 3,788 K 284 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lsass.exe 2,132 K 1,236 K 296 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
explorer.exe 8,220 K 14,336 K 804 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,372 K 3,104 K 216 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

Edited by elielieli, 22 November 2015 - 03:24 PM.

  • 0

#24
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts

combofix log

 

ComboFix 15-11-17.01 - Asus 22/11/2015  20:50:25.3.2 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1015.643 [GMT 0:00]
Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-22 to 2015-11-22  )))))))))))))))))))))))))))))))
.
.
2015-11-22 15:25 . 2015-11-22 15:34 -------- d-----w- c:\program files\Speccy
2015-11-22 01:33 . 2015-11-22 01:33 -------- d-----w- C:\found.000
2015-11-21 22:26 . 2015-11-21 22:35 -------- d-----w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.ZZZ...ZZZZ
2015-11-21 22:23 . 2015-11-21 22:34 170200 ----a-w- c:\windows\system32\drivers\4E2249A6.sys
2015-11-21 19:25 . 2015-11-21 19:25 -------- d-----w- c:\program files\NirSoft
2015-11-19 12:07 . 2015-11-21 14:28 -------- d-----w- C:\FRST
2015-11-17 20:41 . 2015-11-17 22:19 -------- d-----w- c:\documents and settings\Asus\Local Settings\Application Data\MalwareProtectionLive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-22 20:10 . 2014-10-28 19:41 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-07 21:46 . 2014-12-15 13:03 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-11-07 21:46 . 2014-12-15 13:03 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-15 20:45 . 2014-12-15 13:03 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-10-15 20:45 . 2015-08-30 15:18 157888 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-10-15 20:45 . 2014-12-15 13:03 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-15 20:45 . 2014-12-15 13:03 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-15 20:45 . 2014-12-15 13:03 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-15 20:45 . 2014-12-15 13:03 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-10-15 20:45 . 2014-12-15 13:03 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-15 20:45 . 2015-10-15 20:46 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-15 20:45 . 2015-10-15 20:45 43112 ----a-w- c:\windows\avastSS.scr
2015-10-05 09:50 . 2014-10-28 19:40 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 09:50 . 2012-07-20 19:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\erdnt\cache\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2006-03-15 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\kernel32.dll
[-] 2014-03-12 . 4A45B692D2BAA74124DF57472D5EA2F1 . 993280 . . [5.1.2600.6532] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\$NtUninstallKB2922229$\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\erdnt\cache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-03-15 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\system32\mshtml.dll
[-] 2014-04-30 . 56B89EC7C5FF7FA1FCBF4142D166F9E0 . 3094528 . . [6.00.2900.6550] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2014-02-25 . A4F14DC9FEC425C91C5DEDABB87A0807 . 3094528 . . [6.00.2900.6525] . . c:\windows\$NtUninstallKB2964358$\mshtml.dll
[-] 2014-02-04 . 5F115F759EEEB0D2BC95379DBA3338DE . 3094528 . . [6.00.2900.6512] . . c:\windows\$NtUninstallKB2936068$\mshtml.dll
[-] 2014-02-04 . AACB479CC6882F853AEF88746B0FBDD4 . 3094528 . . [6.00.2900.6498] . . c:\windows\$NtUninstallKB2925418$\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll
[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll
[-] 2013-01-09 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
.
[-] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\system32\wininet.dll
[-] 2014-02-25 . 1C6D1B9371904CA97A4B49D88E98B615 . 668672 . . [6.00.2900.6525] . . c:\windows\system32\dllcache\wininet.dll
[-] 2014-02-04 . 54A41CA17593B92331C227CBA107EF43 . 668672 . . [6.00.2900.6512] . . c:\windows\$NtUninstallKB2936068$\wininet.dll
[-] 2014-02-04 . 08D149500622F63A4BFE08749D8BF73E . 668672 . . [6.00.2900.6498] . . c:\windows\$NtUninstallKB2925418$\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll
[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\erdnt\cache\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3GDR\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3QFE\wininet.dll
[-] 2012-02-28 . AC3E276FF2D3C4A89B85D2A8587EF9FA . 668672 . . [6.00.2900.6197] . . c:\windows\$hf_mig$\KB2675157\SP3QFE\wininet.dll
[-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3GDR\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3QFE\wininet.dll
[-] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2006-03-15 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\erdnt\cache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2006-03-15 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\erdnt\cache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2006-03-15 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[-] 2006-03-15 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\msctfime.ime
[-] 2006-03-15 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\erdnt\cache\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-03-15 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\erdnt\cache\iexplore.exe
[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2006-03-15 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\erdnt\cache\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-03-15 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[-] 2006-03-15 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-15 20:45 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"VersatoMs"="c:\program files\MagicMus\MulMouse.exe" [2004-06-17 282624]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-09-14 1045720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-07 6133520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\system32\C2MP\UpdateChecker.exe [2014-9-28 48744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-09-14 08:25 1045720 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
S0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [15/12/2014 13:03 49776]
S0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [15/12/2014 13:03 208664]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [15/12/2014 13:03 794952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [15/12/2014 13:03 435464]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [15/12/2014 13:03 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15/12/2014 13:03 76000]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [28/10/2014 19:40 1135416]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbService.exe [25/08/2012 11:09 232288]
S2 MUsbFltr;USB WTMouse Filter Service;c:\windows\system32\drivers\MUsbFltr.sys [22/03/2004 12:45 6528]
S2 OutfoxTvService;OutfoxTvService;c:\program files\OutfoxTV\OutfoxTvService.exe --> c:\program files\OutfoxTV\OutfoxTvService.exe [?]
S2 Skype C2C Service;Skype C2C Service;"c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" --> c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [?]
S2 SkypeUpdate;Skype Updater;"c:\program files\Skype\Updater\Updater.exe" --> c:\program files\Skype\Updater\Updater.exe [?]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [30/08/2015 15:18 157888]
S3 cpuz138;cpuz138;\??\c:\docume~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys --> c:\docume~1\Asus\LOCALS~1\Temp\cpuz138\cpuz138_x32.sys [?]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [19/04/2012 14:50 18560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/07/2012 19:09 23256]
S3 NETwLx32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [26/05/2012 09:07 6609920]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MUSBFLTR
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-22 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-15 20:45]
.
2012-10-16 c:\windows\Tasks\SwitchDowngrade.job
- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]
.
2012-08-16 c:\windows\Tasks\SwitchReminder.job
- c:\program files\NCH Software\Switch\switch.exe [2012-06-07 11:50]
.
2015-10-26 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2012-08-07 10:16]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.default-search.net?sid=476&aid=130&itype=n&ver=11471&tm=302&src=ds&p=
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\3uiblgot.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://dub121.mail.live.com/default.aspx?n=1088788631&fid=1#n=399048441&fid=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AmazonMP3DownloaderHelper - c:\documents and settings\Asus\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKLM-Run-DHAgent - c:\program files\DriverHound\DHAgent.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-11-22 21:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\01\1c\10\0c\10?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2015-11-22  21:10:27
ComboFix-quarantined-files.txt  2015-11-22 21:10
ComboFix2.txt  2012-07-21 11:21
ComboFix3.txt  2012-07-20 22:46
.
Pre-Run: 1,372,209,152 bytes free
Post-Run: 1,619,865,600 bytes free
.
- - End Of File - - 834A88C1E259D16F1A629D603071CECE
8F558EB6672622401DA993E1E865C861

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
 
Copy the text between the lines of stars by highlighting and Ctrl + c.
 
******************************************
 
DirLook::
C:\Program Files\Common
%user%\library
 
File::
c:\windows\system32\drivers\4E2249A6.sys
 
Folder::
c:\documents and settings\Asus\Local Settings\Application Data\MalwareProtectionLive
 
RootKit::
c:\windows\system32\drivers\4E2249A6.sys
 
 
******************************************
 
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
 
Pause your anti-virus.
 
Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
 
Post the new log.
 
 
 
See if you can get MalwareBytes to run:
 
 
Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
 
SAVE  Malwarebytes' Anti-Malware to your desktop.
 
    * Double-click mbam-setup.exe to start the program. 
    * follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
 
    * Be sure that everything is checked, and click Remove Selected.
 
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * The log can also be found here:
            C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    * Post that log back here.
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on My Computer and select Manage then Event Viewer
Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
The disk check will run and will probably take an hour or more to finish.
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 

  • 0

Advertisements


#26
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts

Im experiencing some problems carrying out your instructions.

Im using another laptop to write this , as  internet access on the asus is intermittent.

I used a thumbdrive to transfer the text  , only to find the text was somewhat different.

A continuous line of text and additional boxes interspersing the text.I cleaned it up so it resembled your original post

put it into run and received an error message.

Ive been restarting the computer over and over for the last 45 mins, because there are times when things start working, if you persevere.

Last night i was able access safe mode which i hadn't been able to before.Today it 'aint happening!

Its the same with programmes.Sometimes they open , others , not.


Edited by elielieli, 23 November 2015 - 08:04 AM.

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

I saw signs of a hard drive problem so see ifyou can do this part:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on My Computer and select Manage then Event Viewer
Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
The disk check will run and will probably take an hour or more to finish.
 
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 

  • 0

#28
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/11/2015 19:26:10
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\aswpatchmgt.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:10
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:10
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service. 
 
Log: 'System' Date/Time: 23/11/2015 19:26:10
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Telephony service terminated with the following error:  The specified module could not be found.  
 
Log: 'System' Date/Time: 23/11/2015 19:26:09
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\GrimeFighter2.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:09
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:08
Type: error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ System Application service, but this action failed with the following error:  An instance of the service is already running.  
 
Log: 'System' Date/Time: 23/11/2015 19:26:07
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service. 
 
Log: 'System' Date/Time: 23/11/2015 19:26:07
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:  The specified driver is invalid.  
 
Log: 'System' Date/Time: 23/11/2015 19:26:07
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP service failed to start due to the following error:  The specified driver is invalid.  
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\aswData.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresws2.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresws.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:05
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:04
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresstd.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:04
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:04
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\ahresmai.dll. Reference error message: The operation completed successfully. . 
 
Log: 'System' Date/Time: 23/11/2015 19:26:04
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Avast.VC110.CRT. Reference error message: Insufficient system resources exist to complete the requested service. . 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#29
elielieli

elielieli

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/11/2015 19:28:46
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 1984 
 
Log: 'Application' Date/Time: 23/11/2015 19:28:46
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 1984 
 
Log: 'Application' Date/Time: 23/11/2015 19:28:46
Type: error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second 
 
Log: 'Application' Date/Time: 23/11/2015 19:26:09
Type: error Category: 8
Event: 4689 Source: COM+
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\crm\recoveryclerk2.cpp(1783), hr = 800705aa: Recover
 
Log: 'Application' Date/Time: 23/11/2015 19:26:06
Type: error Category: 8
Event: 4689 Source: COM+
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector failed
 
Log: 'Application' Date/Time: 23/11/2015 19:26:02
Type: error Category: 8
Event: 4689 Source: COM+
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\crm\recoveryclerk2.cpp(1192), hr = 800705aa: InitNew
 
Log: 'Application' Date/Time: 23/11/2015 19:25:36
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. 
 
Log: 'Application' Date/Time: 23/11/2015 19:25:36
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. 
 
Log: 'Application' Date/Time: 23/11/2015 19:25:36
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration. 
 
Log: 'Application' Date/Time: 23/11/2015 19:25:36
Type: error Category: 0
Event: 1041 Source: Userenv
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration. 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/11/2015 19:26:08
Type: warning Category: 105
Event: 4444 Source: COM+
An empty CRM log file was detected. It has been re-initialized. If this warning appears when the CRM log file is being initially created then no further action is required.  Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Instance ID: {B0B9300D-EDEF-4559-970C-A655EBF2B1F6} Server Application Name: System Application Comsvcs.dll file version: ENU 2001.12.4414.702 shp

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Uninstall
 
Bonjour
 
Download OTL from
and Save it to your desktop.

Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
http.sys
/md5stop
 
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP