Author Topic: Microsoft Security Essentials ?  (Read 45762 times)

0 Members and 1 Guest are viewing this topic.

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Microsoft Security Essentials ?
« Reply #15 on: January 08, 2013, 09:04:34 PM »
Just a guess - Is your computer overheating while running the scan?
If Malwarebytes has found and deleted stuff then I'd say the system is infected.

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #16 on: January 08, 2013, 09:07:38 PM »
 Yoshi,no tower cool to the touch and no unusual noise
  Craigb,when say run the tools are you refereeing to additional tools within Malwarebytes Anti malware and post the logs here
,thanks for all your help folks

Yoshi2889

  • Guest
Re: Microsoft Security Essentials ?
« Reply #17 on: January 08, 2013, 09:09:19 PM »
Just a guess - Is your computer overheating while running the scan?
If Malwarebytes has found and deleted stuff then I'd say the system is infected.
Yeah, that's what I thought too, but generally when computers instantly shut down it's because of overheating.
* Yoshi2889 unfortunately has experience

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Microsoft Security Essentials ?
« Reply #18 on: January 08, 2013, 09:16:52 PM »
Craigb,when say run the tools are you refereeing to additional tools within Malwarebytes Anti malware and post the logs here
No don't use those additional tools in MBAM, run these tools for normal scans as there explained in the link and attach the logs with the " Attachments and other options " below where you write your posts, see pic

AdwCleaner
Malwarebytes
OTL
aswMBR
« Last Edit: January 08, 2013, 09:21:40 PM by craigb »

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #19 on: January 08, 2013, 11:00:42 PM »
AdwCleaner v2.105 - Logfile created 01/08/2013 at 14:58:12
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : user - CFK-AC3AF7CCCE7
# Boot Mode : Normal
# Running from : C:\Documents and Settings\user\My Documents\Downloads\adwcleaner (3).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\InstallCore

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\user Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [895 octets] - [08/01/2013 14:56:40]
AdwCleaner[R2].txt - [827 octets] - [08/01/2013 14:58:12]

########## EOF - C:\AdwCleaner[R2].txt - [886 octets] ##########

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #20 on: January 08, 2013, 11:29:13 PM »
 Ran the OTL scan,about ten minutes then black/screen/reboot tried to post the log but it exceeds the size limit here

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #21 on: January 08, 2013, 11:32:37 PM »
this is the part of the log

 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
"{E7DF4F40-A0CE-430E-8B3B-DB7C8DF1C1A2}" = ActivePerl 5.10.1 Build 1006
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"CCleaner" = CCleaner
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RegScrubXP_is1" = RegScrubXP 3.25
"ST4UNST #1" = FlashCard
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/25/2012 12:19:04 AM | Computer Name = CFK-AC3AF7CCCE7 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 23.0.1271.97, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/25/2012 12:38:53 AM | Computer Name = CFK-AC3AF7CCCE7 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 23.0.1271.97, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 12/28/2012 5:36:50 PM | Computer Name = CFK-AC3AF7CCCE7 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module shell32.dll, version 6.0.2900.6242, fault address 0x0002b2b4.
 
Error - 12/28/2012 5:37:02 PM | Computer Name = CFK-AC3AF7CCCE7 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
[ System Events ]
Error - 1/1/2013 12:40:47 PM | Computer Name = CFK-AC3AF7CCCE7 | Source = DCOM | ID = 10010
Description = The server {5C65F4B0-3651-4514-B207-D10CB699B14B} did not register
 with DCOM within the required timeout.
 
Error - 1/8/2013 12:52:46 PM | Computer Name = CFK-AC3AF7CCCE7 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3
 00000000, parameter4 804e7eed.
 
 
< End of report >

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Microsoft Security Essentials ?
« Reply #22 on: January 09, 2013, 06:15:19 AM »
Logs need to be attached, not copy an pasted.

Each tool should create a log on your desktop, when placing your post here use the additional options link below your post and browse for the required logs on your desktop and attach.

Run what tools you can and after being viewed by one of the malware guys they'll instruct you further.
« Last Edit: January 09, 2013, 06:17:17 AM by craigb »

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #23 on: January 09, 2013, 08:07:30 PM »
 Good afternoon, please forgive my inexperience , I ran another OTL scan and it was completed I hope the attached file is correct

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Microsoft Security Essentials ?
« Reply #24 on: January 09, 2013, 08:17:00 PM »
Look like you have had an infection

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\RunOnceEx: [TITLE] Installing Stuff File not found
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\wpa_activate.vbs ()
[2011/12/22 18:06:04 | 000,011,382 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\v1ji23o1bs3pin
[2011/12/22 18:06:04 | 000,011,382 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\v1ji23o1bs3pin

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #25 on: January 09, 2013, 10:34:35 PM »
OTL log,now I will continue with Combo fix

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #26 on: January 09, 2013, 11:48:27 PM »
Combo Fix log attached,for some reason the log is missing in my documents ? combo fix found Rootkit.zero access seemed to take a long time  but I hope it's gone ,I will run a full Avast scan later tonight to see if my problem is solved
 Can't thank you folks enough
Best Victor

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Microsoft Security Essentials ?
« Reply #27 on: January 10, 2013, 03:37:30 PM »
Could you attach the combofix log please, you appear to have forgotten it

Offline flyfsher

  • Jr. Member
  • **
  • Posts: 87
Re: Microsoft Security Essentials ?
« Reply #28 on: January 10, 2013, 04:03:14 PM »
see above pls,  I hit "save as" when I opened my doc,s to attach it's not there  I'm unable to run a quick Avast scan,same issue

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Microsoft Security Essentials ?
« Reply #29 on: January 10, 2013, 04:14:56 PM »
The log should be at C:\combofix.txt

So avast is still unable to complete a full scan..  Does it just freeze ?  If so what file does it freeze on