must have malware or virus on computer. goes to blue screen & has drop down adds

J

Janice Graham

Member
Joined
Oct 14, 2013
Posts
5
must have malware or virus on computer. goes to blue screen & has drop down adds

Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
4 DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Island Winds at 13:48:52 on 2013-10-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.859 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Point of Sale\MRCASH.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
uWindow Title = Internet Explorer, optimized for Bing and MSN
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - c:\documents and settings\island winds\local settings\application data\arcadecandy\candyEX.dll
BHO: Fast Free Converter 4.1: {C3E50543-BC36-4C80-8070-38A97E02DEB2} - c:\program files\fast free converter\fastfreeconverter\FastFreeConverter.dll
BHO: {c4b22c87-45ef-4f43-89f2-40db2078864e} - <orphaned>
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll
BHO: {da71fd14-5f7b-46ae-b8b1-44074a38f331} - <orphaned>
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.1.12\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{6474ACE7-023F-4491-AF0E-8871D0ED03A0} : DHCPNameServer = 10.0.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\fast free converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2013-9-17 297440]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-9-17 1759584]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.107.0\SeaPort.EXE [2013-8-30 240288]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2013-9-17 57440]
S0 cerc6;cerc6; [x]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.107.0\BBSvc.EXE [2013-8-30 193696]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2013-9-17 360529]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\wn111v2.sys --> c:\windows\system32\drivers\WN111v2.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-10-09 14:01:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 14:01:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-07 12:14:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-10-07 12:14:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-10-02 15:03:51 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-26 00:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec
2013-09-11 02:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 02:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 14:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 14:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 14:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 14:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-08-01 20:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-07-19 05:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 13:49:17.90 ===============

ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
AVG PC Tuneup 2011
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Have you run Malwarebytes or ESET online scanner yet? can you post a pic of the BSOD?


MRCASH.exe looks suspicious, though I could'nt find anything specific on google...
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

No, not yet. I do not know what a BSOD is.
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Sorry, "Blue Screen of Death" == BSOD

You can try this:

Restart your PC, BEFORE windows starts to load, hit F8 repeatedly...you should get a menu...choose "Safe mode with networking"

Login to your PC, open a web browser, and and grab this file:

Thank you for downloading Malwarebytes Anti-Malware from CNET Download.com

It's a free maleware scanner, install, update and do a full scan.
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

ahhh, do not have a blue screen right now but when I do I will post a picture of it.. Thanks
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Hi, Janice Graham. Welcome to Sysnative Forums.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

--> Please only follow the instructions of members of the Sysnative Security Analysts group. <--

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

With your reply, please also include a copy of the attach.txt log.

Thanks!
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Deek said:
Sorry, "Blue Screen of Death" == BSOD

You can try this:

Restart your PC, BEFORE windows starts to load, hit F8 repeatedly...you should get a menu...choose "Safe mode with networking"

Login to your PC, open a web browser, and and grab this file:

Thank you for downloading Malwarebytes Anti-Malware from CNET Download.com

It's a free maleware scanner, install, update and do a full scan.
Click to expand...
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Thanks Deek ran the Malware found 19 errors and had them fixed. Hope this will do it! Thanks
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Hi, Janice.

Please provide a copy of the Malwarebytes log. The log is automatically saved by MBAM and is located in the Logs tab in MBAM.
 
Re: must have malware or virus on computer. goes to blue screen & has drop down add

No Problem Janice...Unfortunately, you are not done! Malwarbytes is just step one, if we can see the log we would know more, but with 19 items detected, there is a good chance that there are other bad things that should be dealt with...otherwise you might just get re-infected.

Combofix, as Corrine suggested, would be a good one.

Edit by Corrine: Let's go one step at a time. Additional suggestions removed.
 
Last edited by a moderator:
Re: must have malware or virus on computer. goes to blue screen & has drop down add

Hi, Janice.

In order to determine what additional steps are needed, please provide the requested copy of the Malwarebytes log. The log is located in the Logs tab in MBAM. Without the log, there is no way of knowing whether MBAM removed PUPs or trojan downloaders or something else entirely.

In addition, please also provide a copy of the Attach.txt log that was created with the DDS scan.

Thank you.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top