Recent Posts

Pages: 1 [2] 3 4 ... 10
11
AntiVirus Software / Re: SEP Port Scan Attack is logged
« Last post by whitescruffydog on July 27, 2015, 09:05:45 PM »
There's no discernible pattern that I can see.  It seems like for some period of time that it'll happen repeatedly every 11-15 minutes (but SEP blocks any attempts for ten minutes after each, so it could be occurring more but not logged) and then other times not really at all.  Though those lapses may be because the other computer isn't on; I can't remember exactly when it was on. 

Yes, the computer is a Dell.  It's an Inspiron 570. 
12
Spywarehammer won't let me upload combined or separate files. Says takes too long or too big.
13
You have bigtime problems. I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.
14
Hi,

Since running the scans in Safe Mode I have not had a problem with Shopping Deals appearing. I disabled all extensions in Chrome and also had no problems. Then I added each extension, one at a time, and had no problems after each one was enabled. I currently have CCleaner running and believe that Hitman2 is also running in the background. I will continue to run things as they are now and see what happens. Just in case, here is the rest of the Attach.txt file.

Thanks,
Vic

==== Event Viewer Messages From Past Week ========
.
7/25/2015 7:09:32 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7000]  - The Pml Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:08:17 PM, Error: Service Control Manager [7000]  - The Net Driver HPZ12 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:06:06 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/25/2015 7:05:22 PM, Error: Service Control Manager [7031]  - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/25/2015 7:05:21 PM, Error: Service Control Manager [7034]  - The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:21 PM, Error: Service Control Manager [7034]  - The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:21 PM, Error: Service Control Manager [7031]  - The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:21 PM, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell SupportAssist Agent service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7034]  - The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:20 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/25/2015 7:05:20 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/25/2015 7:05:19 PM, Error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:19 PM, Error: Service Control Manager [7031]  - The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Realtek Audio Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The AtherosSvc service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The ArcSoft Connect Daemon service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:05:18 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2015 7:04:54 PM, Error: Service Control Manager [7034]  - The Windows Event Log service terminated unexpectedly.  It has done this 3 time(s).
7/25/2015 7:04:54 PM, Error: Service Control Manager [7023]  - The Windows Event Log service terminated with the following error:  The authentication service is unknown.
7/25/2015 7:04:23 PM, Error: Service Control Manager [7001]  - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:04:19 PM, Error: Service Control Manager [7024]  - The Windows Mobile-based device connectivity service terminated with service-specific error %%-2147014789.
7/25/2015 7:04:19 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147012892
7/25/2015 7:04:19 PM, Error: Service Control Manager [7001]  - The Windows Mobile-2003-based device connectivity service depends on the Windows Mobile-based device connectivity service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:04:07 PM, Error: Service Control Manager [7034]  - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 7:04:05 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014789.
7/25/2015 7:04:05 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x8007277B.
7/25/2015 7:03:54 PM, Error: Service Control Manager [7024]  - The Network Location Awareness service terminated with service-specific error %%-1073741502.
7/25/2015 7:03:54 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:02:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
7/25/2015 7:02:54 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 7:02:05 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The service has not been started.
7/25/2015 7:01:58 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  A system call has failed.
7/25/2015 7:01:57 PM, Error: Service Control Manager [7023]  - The IKE and AuthIP IPsec Keying Modules service terminated with the following error:  A specified authentication package is unknown.
7/25/2015 7:01:57 PM, Error: Service Control Manager [7023]  - The DNS Client service terminated with the following error:  A system call has failed.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:01:54 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The operation completed successfully.
7/25/2015 7:01:24 PM, Error: Service Control Manager [7023]  - The IP Helper service terminated with the following error:  The service has not been started.
7/25/2015 7:01:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
7/25/2015 7:01:03 PM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:00:48 PM, Error: Service Control Manager [7023]  - The Diagnostics Tracking Service service terminated with the following error:  %%-2147467259
7/25/2015 7:00:45 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024882
7/25/2015 7:00:43 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Adobe Active File Monitor V4 service to connect.
7/25/2015 7:00:43 PM, Error: Service Control Manager [7000]  - The Adobe Active File Monitor V4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/25/2015 7:00:39 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error The parameter is incorrect..
7/25/2015 7:00:37 PM, Error: Service Control Manager [7022]  - The TCP/IP NetBIOS Helper service hung on starting.
7/25/2015 7:00:37 PM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The authentication service is unknown.
7/25/2015 7:00:35 PM, Error: Service Control Manager [7022]  - The DHCP Client service hung on starting.
7/25/2015 6:59:13 PM, Error: Service Control Manager [7023]  - The WLAN AutoConfig service terminated with the following error:  The authentication service is unknown.
7/25/2015 6:59:13 PM, Error: Microsoft-Windows-WLAN-AutoConfig [4002]  - WLAN AutoConfig service has failed to start. Error Code: 1747
7/25/2015 6:59:11 PM, Error: Service Control Manager [7022]  - The System Event Notification Service service hung on starting.
7/25/2015 6:55:53 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The system cannot find the path specified.
7/25/2015 6:55:24 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/25/2015 6:55:24 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/25/2015 6:55:21 PM, Error: Service Control Manager [7034]  - The Adobe Active File Monitor V4 service terminated unexpectedly.  It has done this 1 time(s).
7/25/2015 6:54:18 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Type with the following error:  Access is denied.
7/25/2015 2:53:16 PM, Error: Service Control Manager [7038]  - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/25/2015 2:53:16 PM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not start due to a logon failure.
7/25/2015 2:53:15 PM, Error: Service Control Manager [7038]  - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/25/2015 2:53:15 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not start due to a logon failure.
7/25/2015 2:48:30 PM, Error: volsnap [27]  - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
7/25/2015 2:47:51 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
7/25/2015 2:32:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SplashtopRemoteService service.
7/25/2015 2:31:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80066e6660, 0xfffff8000295e740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072515-147873-01.
7/25/2015 2:31:17 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/25/2015 1:46:22 PM, Error: Service Control Manager [7000]  - The Freemake Improver service failed to start due to the following error:  The system cannot find the file specified.
7/24/2015 6:43:29 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/24/2015 1:01:59 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
7/24/2015 1:01:29 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/22/2015 3:02:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - Intel(R) HD Graphics 4400.
7/22/2015 10:44:41 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/22/2015 10:43:04 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
7/22/2015 10:43:04 AM, Error: Service Control Manager [7000]  - The Dell SupportAssist Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/20/2015 3:06:05 PM, Error: Service Control Manager [7034]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).
7/20/2015 12:11:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
7/20/2015 1:07:06 PM, Error: Service Control Manager [7031]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7034]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).
7/19/2015 6:59:32 PM, Error: Service Control Manager [7034]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 3 time(s).
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/19/2015 6:59:32 PM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:58:44 PM, Error: Service Control Manager [7031]  - The Kaspersky Security Scan Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/19/2015 6:58:43 PM, Error: Service Control Manager [7031]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================
15
Post Here for Malware Removal ... / Re: [In Progress] Possible malware...?
« Last post by jj8219 on July 27, 2015, 11:33:48 AM »
Here is the new ESET SCAN and it some things:

C:\Users\Jake\AppData\Local\Temp\ApnStub.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK1998.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK1E2A.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK2673.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK3DDB.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK4450.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK44CC.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK473D.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK4866.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK5273.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK5CD.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6086.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6087.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK6642.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASK8D7.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKA0A8.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKAD7E.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKB72C.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\ASKEE26.tmp   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Users\Jake\AppData\Local\Temp\NEW7E06.tmp.exe   a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\faq_8A71AEBB623B46A0B934103F1A762800.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\FTsc_94F4507362A24B9B9BA6A29A1AFF037E.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut1_A47BC27445824FCF8A8FDFE7347B3885.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\MainExe64Shortcut_B53671B5D9A445549437680533116875.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
C:\Windows\Installer\{D1A4762A-11DF-4E7D-ADE7-C6D149BD8B37}\UninstallIcon.exe   a variant of Win32/SlowPCfighter.A potentially unwanted application   cleaned by deleting - quarantined
16
In Chrome (I am assuming you are using Chrome), go to the settings and then to the extensions and disable ALL the extensions, then restart Chrome and see if the ad issue is still there.

Also go to the control panel in Windows and then to internet options and to the connections tab and then click on the LAN settings Button. Now uncheck all the boxes in that tab. Then click apply then OK and then reboot the computer. Let me know if there is any change.
17
Hi,

I noticed that About Blank began appearing more and more, especially after McAfee Site Advisor warned me about the danger of a site I was being redirected to. I would select "back" and the about blank window would appear (so maybe this is not a virus). A few days ago I began getting scrolling ads at the top of my browser as well as more ads at the bottom of the screen, which I can close. Both groups of ads say they are sponsored by "Shopping Deals" which a Google search defined as a virus. There is nothing unusual in my system tray, but Dell Update appears every time I boot up. I can close it, but not remove it. I also ran Adwcleaner while in Safe Mode. Here is the log:

# AdwCleaner v4.208 - Logfile created 27/07/2015 at 10:06:00
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Vic - VIC-INSPIRON
# Running from : C:\Users\Vic\Downloads\adwcleaner_4.208 (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v44.0.2403.107

[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtA0D0DzyyEzy0EyC0EyBtN0D0Tzu0StCtDyEtCtN1L2XzutAtFyCtFtCtFtDtN1L1Czu1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2StCyByByBtB0C0D0EtGzz0E0D0DtGzy0ByE0AtGtD0C0B0FtGtCtAtAyC0Ezz0B0C0B0B0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyByEzyzy0EzyyDtGtC0AyBtCtGyE0EtCyBtGzytCzyyEtGyC0A0CzyyD0E0BtByB0A0D0C2Q&cr=510998737&ir=
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={C9D28F78-1275-4610-AFB5-3372E5C3A015}&mid=bbb7bce4c59047d0994fd1438bfbd91c-a67fe92e4fba80df639515abc46dac3b8ce40d37&lang=en&ds=AVG&pr=fr&d=2012-07-21 23:24:25&v=11.1.0.12&sap=dsp&q={searchTerms}
[C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [15027 bytes] - [19/07/2015 18:53:25]
AdwCleaner[R1].txt - [2280 bytes] - [20/07/2015 13:06:10]
AdwCleaner[R2].txt - [2398 bytes] - [25/07/2015 13:43:04]
AdwCleaner[R3].txt - [2516 bytes] - [25/07/2015 14:52:05]
AdwCleaner[R4].txt - [2495 bytes] - [25/07/2015 18:54:53]
AdwCleaner[R5].txt - [1472 bytes] - [25/07/2015 19:04:47]
AdwCleaner[R6].txt - [2731 bytes] - [27/07/2015 10:05:26]
AdwCleaner[S0].txt - [14164 bytes] - [19/07/2015 18:58:43]
AdwCleaner[S1].txt - [2356 bytes] - [20/07/2015 13:07:10]
AdwCleaner[S2].txt - [2474 bytes] - [25/07/2015 13:43:48]
AdwCleaner[S3].txt - [2592 bytes] - [25/07/2015 14:52:47]
AdwCleaner[S4].txt - [2569 bytes] - [25/07/2015 18:55:25]
AdwCleaner[S5].txt - [1538 bytes] - [25/07/2015 19:05:21]
AdwCleaner[S6].txt - [2666 bytes] - [27/07/2015 10:06:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2725  bytes] ##########

Here is the anti-Malware log:

Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Here is part of the Attach.txt file:

Time Zone Data Update Tool for Microsoft Office Outlook
Toy Golf
Tropical Poker Special Edition
Video Screen Trapper PRO
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Vocabulary Master
VUDU To Go
WebCam Live! Product Registration
WebIQ Client Software
WildTangent Games
Windows 7 USB/DVD Download Tool
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Mobile Device Center
WinZip 19.5
WordWeb
wwtbam
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Photos Easy Upload Tool 1v7
YanCEyWare Tangrams
Zinio Reader 4
18
Post Here for Malware Removal ... / Re: [In Progress] Possible malware...?
« Last post by PLATYPUSS on July 27, 2015, 08:16:32 AM »



Hello.

I would like you to check your proxy settings please:-

  • Press Start button. Then Control Panel -Internet Options
  • In the internet options box select the Connections tab
  • Next click on LAN settings
  • Make sure that the following are UNchecked:-
  • 1 Automatically Detect Settings
  • 2 Use Automatic configuartion Scripted
  • 3 Use Proxy Settings for LAN


Click Apply and then OK
Now Reboot & try to access the internet again



Providing that you can get back online we still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

   **Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

  • Go to Eset web page HEREto run an online scan from ESET.

       
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
       
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
       
  • When asked, allow the add/on to be installed
  • Click Start
       
  • Make sure that the option "Remove found threats"  is ticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
       
  • Click Scan
       
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
   
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

   
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
       
  • put a checkmark in "Uninstall application on close"
       
  • click onFinish
Close program
Copy and paste the report in your next reply please

platypuss



19
AntiVirus Software / Re: SEP Port Scan Attack is logged
« Last post by Hoov on July 27, 2015, 06:14:34 AM »
Are the times logged? See if there is a pattern to the time. For example does it happen every 4 hours, or at 10PM every day (just examples it could be different).

Would the computer that is doing the scanning happen to be a Dell?
20
AntiVirus Software / Re: SEP Port Scan Attack is logged
« Last post by whitescruffydog on July 26, 2015, 11:42:02 PM »
It took a while of clicking around, but I finally found where they're logged at.  Here's the information logged for one of them:

Somebody is scanning your computer.
Your computer's UDP ports:
57610, 63305, 60929, 63591 and 54718 have been scanned from 192.168.1.64.

Not all of them are the same, though. 

50742, 59334, 57803, 51522 and 51041 have been scanned from 192.168.1.64.
53520, 56842, 63159, 62732 and 62220 have been scanned from 192.168.1.64.
61519, 61820, 61228, 56827 and 51341 have been scanned from 192.168.1.64.
63344, 62668, 59755, 55761 and 57765 have been scanned from 192.168.1.64.
53154, 63017, 62593, 63006 and 62931 have been scanned from 192.168.1.64.

Those are just the ones from the past 24 hours; it can go back further if you want them. 

And oddly, according to the logs, it's only been going on for less than a week...  I could have sworn it's been happening for longer than that. 

As for the other question, I never configured any networks to be trusted, so I'm going to have to guess no.  I don't know how to check, though. 
Pages: 1 [2] 3 4 ... 10
Click Here