1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved AVG Antivirus - Sotware Restriction Policy

Discussion in 'Malware and Virus Removal Archive' started by Dazzaboy, 2014/11/18.

  1. 2014/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  2. 2014/11/23
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
    Ran by DAZ at 2014-11-23 21:07:07 Run:1
    Running from C:\Documents and Settings\DAZ\Desktop
    Loaded Profiles: DAZ & UpdatusUser (Available profiles: DAZ & UpdatusUser)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: [S-1-5-21-448539723-746137067-839522115-1005] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
    Toolbar: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
    R3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 IntelIde; No ImagePath
    R4 IOMap; \??\C:\WINDOWS\system32\drivers\IOMap.sys [X]
    U3 TlntSvr; No ImagePath
    S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U3 mbr; \??\C:\DOCUME~1\DAZ\LOCALS~1\Temp\mbr.sys [X]

    *****************

    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    Error setting Default URLSearchHook.
    HKU\S-1-5-21-448539723-746137067-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
    "HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key not found.
    "HKLM\Software\MozillaPlugins\@viewpoint.com/VMP" => Key not found.
    vToolbarUpdater18.1.9 => Service not found.
    catchme => Service deleted successfully.
    IntelIde => Service deleted successfully.
    IOMap => Unable to stop service
    IOMap => Error deleting Service
    TlntSvr => Service deleted successfully.
    wanatw => Service deleted successfully.
    mbr => Service not found.

    ==== End of Fixlog ====
     

  3. to hide this advert.

  4. 2014/11/23
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Just so you no, I just tried my AVG and it worked, Loaded up fine, The only real issue i have no is that program, "AdwCleaner" Wiped out my settings and im now unable to monitor my cpu, Fan speed, Temp...etc etc, Now im thinking a simple reinstall would fix this what do you think, BTW There is a smile on my face atm, Im happy again, However soon as AVG Started it detected that "FRST" As a threat lol
     
  5. 2014/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, reinstall whatever got broken.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG]
    • Download Sophos Free Virus Removal Tool and save it to your desktop
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  6. 2014/11/23
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Secuirty Checkup as follows:


    Results of screen317's Security Check version 0.99.90
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG 2015
    iolo technologies' System Mechanic
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.0
    Adobe Reader 10.1.11 Adobe Reader out of Date!
    Google Chrome (38.0.2125.111)
    Google Chrome (39.0.2171.65)
    Google Chrome (chrome.exe..)
    Google Chrome (debug.log..)
    Google Chrome (Dictionaries...)
    Google Chrome (master_preferences...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgemc.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 1%
    ````````````````````End of Log``````````````````````


    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


    FSS Results as follows:

    Farbar Service Scanner Version: 21-07-2014
    Ran by DAZ (administrator) on 23-11-2014 at 21:25:56
    Running from "C:\Documents and Settings\DAZ\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    Srservice Service is not running. Checking service configuration:
    The start type of Srservice service is OK.
    The ImagePath of Srservice service is OK.
    The ServiceDll of Srservice service is OK.

    sr Service is not running. Checking service configuration:
    The start type of sr service is set to Disabled. The default start type is Boot.
    The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys ".


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x080000000500000001000000020000000300000004000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Ran, Temp File cleaner

    Just waiting on Sophos Virus removal tool to scan and will post those logs too

    another result, My AI Suite, which monitors my computer, CPU...etc etc has started working after the reboot so my computer is now pretty much back to normal (Touch wood) And if you could give me some good free programs to use to stop this from happening again that would be great,
     
  7. 2014/11/24
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    OK, Left it running over night and disconnected the internet intill i beef up my internet security a little, The scan came back all clear, My Pc is running like it used to be, Everything seems to be ok, The only thing im worried about now really is how to prevent that from happening again, My pc has been running 24/7 for the last 2/3 yrs, It allways running really, Yes im running a out of date Operating system and ive had the scary messages from "Microsoft" about your pc will be at risk after "April" And maybe i should upgrade, What do you think? I cant seemed to update from Microsoft anymore, They dont help me, I used to have "Windows Defender" that doesnt work anymore. Im running what Windows Firewall, and Free AVG Antivirus with that program "SpywareBlaster" so i know my secuirty of my pc isnt very good specially if windows is out of date any recommendations or do u think this will just keep happening? Anyways thanks again mate, I havent deleted anything on my desktop yet but there is alot of files on there...

    Thanks again

    Darren
     
  8. 2014/11/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'll post some hints in a bit...
    We seems to have some issue with system restore.

    Go Start>Run and type:
    services.msc
    Click OK.

    Services window will open.
    Find "System Restore Filter Driver" service.
    Right click on it, click "Properties" and under "Startup type" select "Boot" from drop down menu.

    Restart computer and post fresh FSS log.
     
  9. 2014/11/25
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Sorry, I swear i thought i posted that

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
    Ran by DAZ at 2014-11-22 09:24:40
    Running from C:\Documents and Settings\DAZ\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-448539723-746137067-839522115-1004\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.11) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    AI Suite II (HKLM\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
    AMD Catalyst Install Manager (HKLM\...\{6983E808-40B5-7C92-7F8E-91AB7FF64BE0}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
    ASUS Boot Setting (HKLM\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
    ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
    ASUS Product Register Program (HKLM\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
    ASUS Update (HKLM\...\{F178DD09-E45A-4C29-979A-1EEAEFC35A5F}) (Version: - )
    AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
    CPUID ASUS CPU-Z 1.61 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61 - CPUID, Inc.)
    Disk Unlocker (HKLM\...\{7E4DADFE-F9E1-4494-B698-E3D7F90C74CC}) (Version: 2.1.3 - ASUS)
    FSAutoStart (HKLM\...\{666E0B91-3FD3-43B7-B6A2-EB9012758982}) (Version: 1.1.11 - Ken Salter)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    iolo technologies' System Mechanic (HKLM\...\iolo technologies' System Mechanic) (Version: - iolo technologies, LLC)
    iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
    K-Lite Mega Codec Pack 10.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Nero Burning ROM 2014 (HKLM\...\{972A1A15-5B3D-4096-BAE1-3F37974664A6}) (Version: 15.0.02100 - Nero AG)
    NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
    NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
    Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6699 - Realtek Semiconductor Corp.)
    SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-448539723-746137067-839522115-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-11-20 23:10 - 2014-11-20 23:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{DFABA57F-53B4-4C7E-893A-08FE3AD6616A}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-05-05 18:11 - 2012-06-01 09:42 - 00920736 ____N () C:\Program Files\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2013-05-05 18:11 - 2014-11-20 23:19 - 00033792 _____ () C:\Program Files\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-05-05 18:11 - 2010-06-29 02:58 - 00104448 ____N () C:\Program Files\ASUS\AXSP\1.00.19\ATKEX.dll
    2013-05-05 18:13 - 2012-10-29 11:45 - 01405312 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
    2013-05-05 18:13 - 2012-10-25 13:16 - 05766344 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
    2013-05-05 18:13 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
    2013-05-05 18:14 - 2012-05-17 10:57 - 00043520 ____N () C:\Program Files\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    2013-05-05 18:14 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\TurboV EVO\pngio.dll
    2013-05-05 18:12 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files\ASUS\AI Suite II\AssistFunc.dll
    2013-05-05 18:12 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\pngio.dll
    2013-05-05 18:13 - 2011-09-26 18:36 - 00869376 _____ () C:\Program Files\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
    2013-05-05 18:12 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2013-05-05 18:13 - 2012-08-01 09:51 - 01040896 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
    2013-05-05 18:13 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files\ASUS\AI Suite II\MyLogo\MyLogo.dll
    2013-05-05 18:13 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files\ASUS\AI Suite II\Probe_II\ProbeII.dll
    2013-05-05 18:12 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\Sensor.dll
    2013-05-05 18:12 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2013-05-05 18:12 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files\ASUS\AI Suite II\Settings\Settings.dll
    2013-05-05 18:12 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files\ASUS\AI Suite II\Splitter\Splitter.dll
    2013-05-05 18:12 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2013-05-05 18:11 - 2010-08-23 02:17 - 00662016 ____R () C:\Program Files\ASUS\AAHM\1.00.20\aaHMLib.dll
    2013-05-05 18:12 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\ImageHelper.dll
    2013-05-05 18:12 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-448539723-746137067-839522115-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-448539723-746137067-839522115-1006 - Limited - Enabled)
    DAZ (S-1-5-21-448539723-746137067-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\DAZ
    Guest (S-1-5-21-448539723-746137067-839522115-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-448539723-746137067-839522115-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-448539723-746137067-839522115-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-448539723-746137067-839522115-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/20/2014 06:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/18/2014 06:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:51:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx86.msi'.

    Error: (11/18/2014 05:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:12:42 PM) (Source: MsiInstaller) (EventID: 1013) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25001: StandardAction(0xC00761A9): Installation cannot be done using this package, because a higher version of the product is already installed. Please either download and run the latest installation package or go to Start menu/Control Panel/Programs and Features (Add or Remove Programs) and run Change action on AVG product.

    Error: (11/17/2014 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (10/28/2014 05:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (10/28/2014 01:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The System Restore Service service terminated with the following error:
    %%2

    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
    %%2

    Error: (11/20/2014 11:19:33 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ASUS Com Service service failed to start due to the following error:
    %%1053

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the ASUS Com Service service to connect.

    Error: (11/18/2014 06:09:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (11/18/2014 06:08:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (11/18/2014 06:08:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).


    Microsoft Office Sessions:
    =========================
    Error: (11/20/2014 06:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/18/2014 06:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:51:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx86.msi'.(NULL)(NULL)(NULL)(NULL)

    Error: (11/18/2014 05:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:12:42 PM) (Source: MsiInstaller) (EventID: 1013) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25001: StandardAction(0xC00761A9): Installation cannot be done using this package, because a higher version of the product is already installed. Please either download and run the latest installation package or go to Start menu/Control Panel/Programs and Features (Add or Remove Programs) and run Change action on AVG product.(NULL)(NULL)(NULL)(NULL)

    Error: (11/17/2014 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

    Error: (10/28/2014 05:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (10/28/2014 01:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8320 Eight-Core Processor
    Percentage of memory in use: 27%
    Total physical RAM: 2989.18 MB
    Available physical RAM: 2160.13 MB
    Total Pagefile: 4875.91 MB
    Available Pagefile: 4176.69 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.72 MB

    ==================== Drives ================================

    Drive c: (Win-xp-Home) (Fixed) (Total:746.5 GB) (Free:360.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive e: (Backup-S-500G) (Fixed) (Total:465.75 GB) (Free:75.62 GB) NTFS
    Drive f: (Downloads-S-500G) (Fixed) (Total:465.75 GB) (Free:52.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6F22CB51)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: EFD6AD91)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 2048 GB) (Disk ID: ABF5ABF5)
    Partition 1: (Active) - (Size=746.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  10. 2014/11/25
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Just to give you a update, I downloaded "ZoneAlarm" as a free firewall, I didnt want to be on the internet without a backup Firewall other than windows, Trying to prevent this from happening again, I found the usefall, Thread on here "An ounce of prevention is worth a pound of cure" With links to recommended programs, Is it ok to install other programs too? I didnt wanna do to much since weve just past the fixing stage im just trying to prevent this from happening again,

    Thanks again

    Darren
     
  11. 2014/11/25
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    broni Something really strange is going on here you told me to download a fixlog, Run and click fix, I did all this it fixed my pc everything!!! I mean EVERYTHING is back to normal, However i replyed this to you and it seems my post or somthing was deleted and so was yours??? Please reply as im confused and dont no whats going on?
     
  12. 2014/11/25
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Ok just so you know a few posts wasnt showing earlyer? So i got mega confused hence the posts, OK, I did what you asked and all i can find close is "System Resore Service" and when i right click that and go into properties and under "Startup" all you get is, Auto, Manual & Disable???
     
  13. 2014/11/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure what's going on here but in any case I need fresh FSS (Farbar Service Scanner) log not FRST log.
    After completing action from my reply #27.
     
  14. 2014/11/26
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Farbar Service Scanner Version: 21-07-2014
    Ran by DAZ (administrator) on 26-11-2014 at 11:18:12
    Running from "C:\Documents and Settings\DAZ\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============
    Srservice Service is not running. Checking service configuration:
    The start type of Srservice service is OK.
    The ImagePath of Srservice service is OK.
    The ServiceDll of Srservice service is OK.

    sr Service is not running. Checking service configuration:
    The start type of sr service is set to Disabled. The default start type is Boot.
    The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys ".


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x090000000500000001000000020000000300000004000000080000005A0000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    There you go, Just so you know, My computer is running ok, Startup is really slow and when i "CTRL, ALT & Delete" Button it on startup as its showing my wallpaper but no taskbar no apps nothing it seems that "Mbamservice.exe" Is running useing alot of memory and slowing my pc down and even now i have it running useing 187,425k of memory followed by IEexplore.exe at 84,740 so nearly double, If this is normal thats fine but i wouldnt say i have the fastest of pc's and it seems to be draining alot from my computer is all, Hope this log helps Thanks Darren
     
  15. 2014/11/26
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    <a href='http://postimg.org/image/wyjexqgd9/' target='_blank'><img src='http://s30.postimg.org/wyjexqgd9/System_Services.jpg' border='0' alt= "System Services" /></a>


    http://s30.postimg.org/qkubuhbhd/System_Services.jpg

    Could you please look at the following picture that will be give you a idea on the "Fix" Issues you gave me from post #27
     
  16. 2014/11/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  17. 2014/11/27
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Done everything you asked, Log as follows

    Farbar Service Scanner Version: 21-07-2014
    Ran by DAZ (administrator) on 27-11-2014 at 09:37:01
    Running from "C:\Documents and Settings\DAZ\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is set to Disabled. The default start type is Auto.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x090000000500000001000000020000000300000004000000080000005A0000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  18. 2014/11/27
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    OK, Just so you know i thought ill check "System Restore" And it let me in there and ive managed to create a new system restore point, Hope thats what you wanted to archive, Called it after the fix, Having a few issues with my pc at startup, Very slow and it seems to be that mbamservice.exe takeing large amount of memory at startup, But if i remmeber rightly this program is on a trail program and will stop anyways soon wasnt it??? Anyways pc little slow on startup, Everything seems to be running ok, I want to download a few programs from that "An ounce of prevention is worth a pound of cure" Like Adaware, Spybot...etc etc is that ok to go ahead with this? Any other recommendations you recommend
     
  19. 2014/11/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news about system restore :)

    We need to fix one more thing.

    Go Start>Run and type:
    services.msc
    Click OK.

    Services window will open.
    Find "DNS Client" service.
    Right click on it, click "Properties" and under "Startup type" select "Automatic" from drop down menu.

    Restart computer and post fresh FSS log.
     
  20. 2014/11/28
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Done as you requested, Sorry on late reply had to work some **** shifts!!! lol

    Computer seems to be running fine, Startup still slow as that mbar programs seems to drain alot of memory as it runs, However its flashing up with its going to exspire soon so is it worth unistalling??? I havent had time yet to download spybot or adaware or anyother program on that list on here.

    Farbar Service Scanner Version: 21-07-2014
    Ran by DAZ (administrator) on 28-11-2014 at 22:45:58
    Running from "C:\Documents and Settings\DAZ\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x090000000500000001000000020000000300000004000000080000005A0000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    Thanks for replying, Darren
     
  21. 2014/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    You can certainly uninstall MBAM and install free version which doesn't run in real time.

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.