ChrisP123

Heres the log Results of screen317's Security Check version 0.99.50 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. F S e c u r e ECHO is off. I n t e r n e t ECHO is off. S e c u r i t y ECHO is off. T e c h n o l o g y ECHO is off. P r e v i e w ECHO is off. 9 . 0 1 ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 TuneUp Utilities 2012 TuneUp Utilities Language Pack (en-US) TuneUp Utilities Language Pack (en-GB) Java 6 Update 2 Java 6 Update 5 Java version out of Date! Adobe Reader 8 Adobe Reader out of Date! Adobe Reader X KB403742.. Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` TalkTalk Security Anti-Virus fsgk32st.exe TalkTalk Security Anti-Virus FSGK32.EXE TalkTalk Security Anti-Virus fssm32.exe TalkTalk Security Anti-Virus fsav32.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

I have downloaded, installed and run the latest version of MB. Log as follows: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-1644A988E1 [administrator] 11/09/2012 20:17:45 mbam-log-2012-09-11 (20-17-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1865722 Time elapsed: 2 hour(s), 49 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\User\Local Settings\temp\is1919606650\Giant-Savings.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. (end) Seems to be running ok now

I have used system re-store and internet is working again. I tried to run Malwarebytes to check all ok and get Run time error "383" 'Text' property is read-only. I also reinstalled my anti-virus and the internet stopped working again. I ran system restore again and the internet is working again but still get run time error when trying to run Malwarebytes

Yes do you want me to run it.

Repair windows works fine. When it finishes it re-boots windows. Windows closes down but when it re-starts its crashes out and stops. I have to press the start button to turn pc back on and then there is no internet connection again. Thanks

Still the same problem. It will not re-boot after scan has completed

Same again with this one. Runs ok but when it re-boots it crashes out. Everything else seems to be ok it just that I cant connect to internet. Thanks

Same again crashes on re-boot

Same thing happens with this one. Runs ok then crashes out during re-boot. When I start it again no connection

Hi everything seemed ok so I re-installed my virus protection software but now I can not access the internet. Windows said it was a winsock provider catalog error. It fixed it but then I had to re-boot. I then have the same problem again. It fixes it but then I have to reboot and it wont connect again. Can you help?

Hi sorry been away from my computer for a few days. I have run a quick scan posted below. All looks ok but pc is still slow. The latest scan took 6 hours but the one before took 14 hours so it is running quicker. I guess I just need to delete off some of the programs etc. Thanks for your help. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.02.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: USER-1644A988E1 [administrator] Protection: Enabled 02/09/2012 23:57:56 mbam-log-2012-09-02 (23-57-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 1860023 Time elapsed: 6 hour(s), 24 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hi I have run the scan. It took 15.5 hours. Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=26daf518296d0b4bb2ac51852d3d7652 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-28 11:34:45 # local_time=2012-08-29 12:34:45 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1026 16777214 0 2 91374165 91374165 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 0 7 91373700 91373700 0 0 # compatibility_mode=8192 67108863 100 0 41364 41364 0 0 # scanned=122127 # found=1 # cleaned=1 # scan_time=55807 C:\TDSSKiller_Quarantine\26.08.2012_17.06.10\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.TW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C DLL:pipe not connected. attempts=120

I did have F-Secure installed before a ran combofix. I couldn't get it to run but combo fix said it was running and would affect scan so I uninstalled it. Can't get mseinstall to work says it is not a valid win32 application Shall I re-install my old anti virus and run that? Thanks

Combofix log is as follows: ComboFix 12-08-25.04 - User 27/08/2012 19:17:43.7.1 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1503.1102 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt . FILE :: "c:\program files\GUT8.tmp" "c:\program files\GUTE.tmp" . . ((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 ))))))))))))))))))))))))))))))) . . 2012-08-26 16:57 . 2012-08-26 16:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-21 13:00 . 2012-08-21 18:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-13 22:32 . 2012-08-13 22:32 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-13 22:15 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-12 12:24 . 2012-08-12 12:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-29 19:52 . 2012-07-29 19:52 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-12 12:24 . 2011-07-14 18:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-29 19:46 . 2012-07-17 03:26 31584 ----a-w- c:\windows\system32\TURegOpt.exe 2012-04-04 16:01 . 2012-04-04 16:01 3993600 ----a-w- c:\program files\GUT8.tmp 2012-03-30 18:29 . 2012-03-30 18:29 3993600 ----a-w- c:\program files\GUTE.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 16:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] avgrsstx.dll [bU] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 23:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual PDF Printer] c:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe [bU] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "AutoStartNPSAgent"=c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe "Steam"="c:\program files\Steam\Steam.exe" -silent "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" "Conime"=%windir%\system32\conime.exe "SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent "MemoryCardManager"=c:\program files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup "EKIJ5000StatusMonitor"=c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe "TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2010 9.0.0.459\\English\\setup.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"= "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\PCM.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2011\\Autorun\\Exe\\Autorun.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9322:TCP"= 9322:TCP:EKDiscovery "5353:UDP"= 5353:UDP:Bonjour Port 5353 . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x] R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] R1 is-5I60Cdrv;is-5I60Cdrv;c:\windows\system32\DRIVERS\14093992.sys [x] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x] R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R2 bsaspi32;bsaspi32; [x] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x] R3 FXDRV;FXDRV;D:\Fxdrv.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x] R3 USBAV191;Instant VideoXpress;c:\windows\system32\DRIVERS\USBAV191.SYS [x] R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [x] . . Contents of the 'Scheduled Tasks' folder . 2012-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . 2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 09:19] . 2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 09:19] . 2012-08-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-04 16:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-27 20:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1004336348-1677128483-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABB1D293-9773-45CD-EEB3-03208CF394FB}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(172) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . Completion time: 2012-08-27 20:16:59 ComboFix-quarantined-files.txt 2012-08-27 19:16 ComboFix2.txt 2012-08-27 14:17 . Pre-Run: 36,795,039,744 bytes free Post-Run: 36,760,354,816 bytes free . - - End Of File - - 3B7748F2A1CE764E01E23EE6E530432F