Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: BryWY on May 06, 2013, 08:47:50 PM
-
I keep getting the message pop up that says threat has been detected I have run superanti spyware malware bytes and avast boot scan still cannot get rid of annoying popup
-
Yes What is the detection & what operating sysyem are you using??. Any previous antivirus needs to be removed before avast is installed
-
Not knowing what the pop-up was make it a challenge to answer your question.
If possible please post a screenshot. To bring the pop-up back into view right click on the avast icon then click "show last pop-up message".
If you were visiting a website avast probably prevented an infection. Running a boot scan is a little overkill. All that you need to do is run
at the very least a quick scan and at the most a full scan.
If nothing showed up during any scan it means avast blocked an infection and you are good to go.
You can "pin" the pop-up by using the "pin" (top arrow). For more information click "more information" (bottom arrow).
-
How do I insert a picture
-
Windows xp pro sp 3
-
It keeps popping up even if I am not using my browser
-
How do I insert a picture
When you reply, use the Attachments and other options link.
-
see attached
-
It just keeps popping up along with malware bytes blocking ip address...it is very annoying....
-
You may want to start a thread in the viruses and worms section http://forum.avast.com/index.php?board=4.0
Please follow the instructions here http://forum.avast.com/index.php?topic=53253.msg451454#msg451454
Please be patient as they may be assisting others. :)
-
see attached
With svchost.exe connecting to the internet (other than for windows update) is somewhat suspicious and is usually an indication of an umber lying infection. You should foll the advice given in the link provided by Para-Noid.
-
My auto update cannot be turned on in security and it doesn't show up in policies either.....
-
My auto update cannot be turned on in security and it doesn't show up in policies either.....
It's under settings. Top right of the screen.
-
My auto update cannot be turned on in security and it doesn't show up in policies either.....
Are you talking about windows updates or avast ?
That said, I wouldn't waste time on this side issue the important issue is dealing with the underlying infection a.s.a.p.. It is now 10pm in the UK and most of the volunteer malware removal specialists are in the UK, European time zone.
So if you can get the information (logs of the analysis scans, etc.) then the sooner one of them can get on to it before they are in bed.
-
windows updates
-
Windows Updates being disabled can also be also a symptom of malware infection.
Like I said the sooner you get on with the analysis and attachment of the logs the sooner someone can help.
-
# AdwCleaner v2.300 - Logfile created 05/07/2013 at 14:19:44
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - JIM-1DFD1E839CB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\admin\My Documents\downloads\adwcleaner(1).exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\END
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Found : C:\Documents and Settings\admin\Application Data\Funmoods
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\jetpack
Folder Found : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\Smartbar
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\admin\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\admin\Start Menu\Programs\TornTV.com
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\TornTV.com
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291673
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-725345543-1844237615-2146664213-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6000.17128
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN74260036726628287&UM=2&ctid=CT3291673
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\idodiefq.default\prefs.js
Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3291673_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291673&CUI=UN33344691[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Search Spin V1 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291673");
Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.defaultthis.engineName", "Search Spin V1 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&CUI[...]
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&SearchSource=2&CU[...]
Found : user_pref("smartbar.machineId", "M1NINRO5KCAOTISAERTVKDHBFFPW3VE97OOE1KL6MJSBDHMVDRWZF3CG5QQC+LUVSF/[...]
-\\ Google Chrome v26.0.1410.64
File : C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.2068] : homepage = "hxxp://www.searchnu.com/102?appid=100",
*************************
AdwCleaner[R1].txt - [7982 octets] - [07/05/2013 14:19:44]
########## EOF - C:\AdwCleaner[R1].txt - [8042 octets] ##########
-
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 05/07/2013 15:04:15
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS\$NtUninstallKB14045$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS\$NtUninstallKB14045$\267270451\@ [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS\$NtUninstallKB14045$\267270451\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\76603ac3 [-] --> REMOVED
[Del.Parent][FILE] hycpmsei : C:\WINDOWS\$NtUninstallKB14045$\267270451\L\hycpmsei [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS\$NtUninstallKB14045$\267270451\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$\267270451 --> REMOVED
[Del.Parent][FILE] 3444094802 : C:\WINDOWS\$NtUninstallKB14045$\3444094802 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB14045$ --> REMOVED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600AAJS-00B4A0 +++++
--- User ---
[MBR] b8fbf1b647dd698ef66542620dfe45aa
[BSP] 9b0b75bdc055737b567ed4fdf9e0d6d0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 6b25f36d6c0add261e3e974ab1c93571
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 1910 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[4]_D_05072013_02d1504.txt >>
RKreport[1]_S_05062013_02d1556.txt ; RKreport[2]_SC_05062013_02d2204.txt ; RKreport[3]_S_05072013_02d1501.txt ; RKreport[4]_D_05072013_02d1504.txt
-
You had zero access and probably have lost some windows services in the process
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
I will have to attach it as it is over 10,000 characters...
-
A few minor elements to clear and a service to reset. How is the computer behaving
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN74260036726628287&UM=2&ctid=CT3291673
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291673&CUI=UN74260036726628287&UM=2
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&CUI=UN33344691625879292&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&SearchSource=2&CUI=UN33344691625879292&UM=2&q="
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Background Intelligent Transfer Service"
"DependOnService"=hex(7):52,00,70,00,63,00,73,00,73,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled."
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,\
67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0"="Root\\LEGACY_BITS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
So far so good Thanks for your assistance...
-
It seems to hang on shutting down processes ...waited over half hr
-
You need to post the otl log after having run the fix and rebooted as requested.
<snip>- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
This will help essexboy see if there is anything else required, over and above what you have said about slow shutdown.
It is now just after 1:05am in the UK so essexboy will be in bed, he should be back later today, so if the otl log is posted and waiting for him he can get on with it.
-
Could you reboot and then shutdown again and let me know if the problem persists
-
attached otl
-
extras.txt atttached
-
computer sems to hang when killing processes
-
OK it is probably MBAM blocking the fix.. Try this
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN74260036726628287&UM=2&ctid=CT3291673
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291673&CUI=UN74260036726628287&UM=2
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&CUI=UN33344691625879292&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3291673&SearchSource=2&CUI=UN33344691625879292&UM=2&q="
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-725345543-1844237615-2146664213-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Background Intelligent Transfer Service"
"DependOnService"=hex(7):52,00,70,00,63,00,73,00,73,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled."
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,\
67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0"="Root\\LEGACY_BITS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
otl text attached
-
That looks to have run OK, how is the computer behaving ?
-
saams to be running good thank you for your assistance
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave: