Solved Windows Startup/Internet Issues

Sophos Log:

2015-07-20 21:01:02.369 Sophos Virus Removal Tool version 2.5.4
2015-07-20 21:01:02.369 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-07-20 21:01:02.369 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-07-20 21:01:02.369 Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
2015-07-20 21:01:02.369 Checking for updates...
2015-07-20 21:01:05.788 Update progress: proxy server not available
2015-07-20 21:01:10.746 Option all = no
2015-07-20 21:01:10.746 Option recurse = yes
2015-07-20 21:01:10.746 Option archive = no
2015-07-20 21:01:10.746 Option service = yes
2015-07-20 21:01:10.746 Option confirm = yes
2015-07-20 21:01:10.746 Option sxl = yes
2015-07-20 21:01:10.746 Option max-data-age = 35
2015-07-20 21:01:10.746 Option EnableSafeClean = yes
2015-07-20 21:01:12.528 Option vdl-logging = yes
2015-07-20 21:01:12.543 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-07-20 21:01:12.543 Machine ID: 132032381cca4425a67c35bd97b23705
2015-07-20 21:01:12.543 Component SVRTcli.exe version 2.5.4
2015-07-20 21:01:12.543 Component control.dll version 2.5.4
2015-07-20 21:01:12.543 Component SVRTservice.exe version 2.5.4
2015-07-20 21:01:12.543 Component engine\osdp.dll version 1.44.1.2200
2015-07-20 21:01:12.543 Component engine\veex.dll version 3.60.0.2200
2015-07-20 21:01:12.543 Component engine\savi.dll version 8.1.7.2200
2015-07-20 21:01:12.543 Component rkdisk.dll version 1.5.30.0
2015-07-20 21:01:12.543 Version info: Product version 2.5.4
2015-07-20 21:01:12.543 Version info: Detection engine 3.60.0
2015-07-20 21:01:12.543 Version info: Detection data 5.16
2015-07-20 21:01:12.543 Version info: Build date 6/23/2015
2015-07-20 21:01:12.543 Version info: Data files added 332
2015-07-20 21:01:12.543 Version info: Last successful update (not yet updated)
2015-07-20 21:01:16.342 Downloading updates...
2015-07-20 21:01:16.344 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-07-20 21:01:16.344 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-07-20 21:01:16.344 Update progress: [I49502] Found supplement IDE517 LATEST
2015-07-20 21:01:16.344 Update progress: [I49502] Found supplement IDE518 LATEST
2015-07-20 21:01:16.344 Update progress: [I49502] Found supplement IDE519 LATEST
2015-07-20 21:01:16.344 Update progress: [I49502] Found supplement IDE520 LATEST
2015-07-20 21:01:16.344 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-07-20 21:01:16.344 Update progress: [I19463] Syncing product SAVIW32 56
2015-07-20 21:01:18.162 Update progress: [I19463] Syncing product IDE517 162
2015-07-20 21:01:18.771 Installing updates...
2015-07-20 21:01:19.395 Error level 1
2015-07-20 21:01:19.426 Update progress: [I19463] Syncing product IDE518 171
2015-07-20 21:01:19.426 Update progress: [I19463] Syncing product IDE519 3
2015-07-20 21:01:19.426 Update progress: [I19463] Syncing product IDE520 1
2015-07-20 21:01:54.671 Update successful
2015-07-20 21:02:10.807 Option all = no
2015-07-20 21:02:10.807 Option recurse = yes
2015-07-20 21:02:10.807 Option archive = no
2015-07-20 21:02:10.807 Option service = yes
2015-07-20 21:02:10.807 Option confirm = yes
2015-07-20 21:02:10.807 Option sxl = yes
2015-07-20 21:02:10.807 Option max-data-age = 35
2015-07-20 21:02:10.807 Option EnableSafeClean = yes
2015-07-20 21:02:10.854 Option vdl-logging = yes
2015-07-20 21:02:10.854 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-07-20 21:02:10.854 Machine ID: 132032381cca4425a67c35bd97b23705
2015-07-20 21:02:10.854 Component SVRTcli.exe version 2.5.4
2015-07-20 21:02:10.854 Component control.dll version 2.5.4
2015-07-20 21:02:10.854 Component SVRTservice.exe version 2.5.4
2015-07-20 21:02:10.854 Component engine\osdp.dll version 1.44.1.2200
2015-07-20 21:02:10.854 Component engine\veex.dll version 3.60.0.2200
2015-07-20 21:02:10.854 Component engine\savi.dll version 8.1.7.2200
2015-07-20 21:02:10.854 Component rkdisk.dll version 1.5.30.0
2015-07-20 21:02:10.854 Version info: Product version 2.5.4
2015-07-20 21:02:10.854 Version info: Detection engine 3.60.0
2015-07-20 21:02:10.854 Version info: Detection data 5.16G
2015-07-20 21:02:10.854 Version info: Build date 6/23/2015
2015-07-20 21:02:10.854 Version info: Data files added 332
2015-07-20 21:02:10.854 Version info: Last successful update 7/20/2015 5:01:54 PM

2015-07-20 21:58:06.242 Could not open C:\hiberfil.sys
2015-07-20 21:58:07.958 Could not open C:\pagefile.sys
2015-07-20 22:20:19.284 Could not open C:\System Volume Information\{0c65e88c-1f1a-11e5-9ca5-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.285 Could not open C:\System Volume Information\{0c65e898-1f1a-11e5-9ca5-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.285 Could not open C:\System Volume Information\{17227c8b-1f1e-11e5-90c9-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.286 Could not open C:\System Volume Information\{1c655a78-2d2b-11e5-a0ef-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.286 Could not open C:\System Volume Information\{1cfe2b90-2d35-11e5-9c47-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.287 Could not open C:\System Volume Information\{1cfe2c91-2d35-11e5-9c47-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.287 Could not open C:\System Volume Information\{25288377-1c2a-11e5-89ae-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.288 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.288 Could not open C:\System Volume Information\{3de16eca-22ab-11e5-aa6c-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.288 Could not open C:\System Volume Information\{3ebeb1dc-2d31-11e5-8767-de06b908e974}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.289 Could not open C:\System Volume Information\{4c3eb337-13e5-11e5-a88b-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.290 Could not open C:\System Volume Information\{4c3eb358-13e5-11e5-a88b-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.290 Could not open C:\System Volume Information\{68502294-2da5-11e5-8e58-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.291 Could not open C:\System Volume Information\{685023ed-2da5-11e5-8e58-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.291 Could not open C:\System Volume Information\{69ab1061-1e5a-11e5-a0c8-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.291 Could not open C:\System Volume Information\{6b901a8c-2bc7-11e5-b910-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.292 Could not open C:\System Volume Information\{706a8ed3-18db-11e5-b451-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.292 Could not open C:\System Volume Information\{72ff12fd-1f17-11e5-a8e9-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.293 Could not open C:\System Volume Information\{72ff1301-1f17-11e5-a8e9-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.293 Could not open C:\System Volume Information\{7f654ebf-2f21-11e5-ac7e-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.294 Could not open C:\System Volume Information\{893ded7d-1722-11e5-a8c3-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.294 Could not open C:\System Volume Information\{9921ca21-1588-11e5-85d7-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.295 Could not open C:\System Volume Information\{9921ca2f-1588-11e5-85d7-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.295 Could not open C:\System Volume Information\{a6488bc9-2ce6-11e5-8128-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.296 Could not open C:\System Volume Information\{abbbd7fb-2010-11e5-bbb0-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.296 Could not open C:\System Volume Information\{c59cbb10-1647-11e5-810a-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.297 Could not open C:\System Volume Information\{c812f28f-2257-11e5-a5e2-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.297 Could not open C:\System Volume Information\{c9e0b7d6-1d2f-11e5-9f94-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.298 Could not open C:\System Volume Information\{c9e0b801-1d2f-11e5-9f94-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.298 Could not open C:\System Volume Information\{dfc3fc31-2bc3-11e5-8182-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.299 Could not open C:\System Volume Information\{e2eaf6d7-2601-11e5-bec9-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:20:19.299 Could not open C:\System Volume Information\{ef683b05-2d27-11e5-863a-448a5b649753}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-07-20 22:21:13.191 Could not open C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-07-20 22:21:13.191 Could not open C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-07-20 22:21:13.281 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-07-20 22:21:13.292 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-07-20 22:21:16.691 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-07-20 22:21:17.191 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-07-20 22:21:17.705 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK (virus scan failed)
2015-07-20 22:21:17.712 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-07-20 22:21:18.065 Could not check C:\Users\Skullz\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\LOCK (virus scan failed)
2015-07-20 22:23:06.770 >>> Virus 'Exp/MS04-028' found in file C:\Users\Skullz\AppData\Roaming\Curse Client\Cache\Images\http---clientupdate-v6.cursecdn.com-Avatars-341-Elise-0.jpg
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:23:06.780 >>> Virus 'Exp/MS04-028' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file C:\Users\Skullz\Desktop\Games\Banner Saga\BS GAME\win32\steam_api.dll
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file C:\Users\Skullz\Desktop\Games\Banner Saga\BS GAME\win32\steam_api.dll
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file C:\Users\Skullz\Desktop\Games\Banner Saga\BS GAME\win32\steam_api.dll
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file C:\Users\Skullz\Desktop\Games\Banner Saga\BS GAME\win32\steam_api.dll
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-07-20 22:24:26.239 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-178659680-4241230823-3548333106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:24:26.249 >>> Virus 'Mal/Generic-S' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2015-07-20 22:31:16.283 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-07-20 22:31:16.284 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-07-20 22:31:20.561 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-07-20 22:31:20.564 Could not open C:\Windows\System32\config\RegBack\SAM
2015-07-20 22:31:20.566 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-07-20 22:31:20.569 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-07-20 22:31:20.571 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-07-20 22:47:09.356 The following items will be cleaned up:
2015-07-20 22:47:09.356 Exp/MS04-028
2015-07-20 22:47:09.356 Mal/Generic-S
 
Ran clean up and closed Sophos. Sophos found 2 problems and I posted log, but it's saying it's awaiting moderator approval.
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
  • Like
Reactions: greaseisgood
Broni, when I click the link to download DelFix it is telling me to log in and there is no download link. What should I do?
 
Thank you for uploading it for me there, Broni. I seem to be having an issue with Chrome blocking it however saying it "may harm my browsing experience"?

edit: Nevermind, I've got it. Had to disable an option in Chrome.
 
Last edited:
I've completed all of your instructions. Thank you so much for all of your help, Broni! My computer seems to be back to running as normal.

Just out of curiosity, can you tell me what precisely were the issues you found?
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle

Latest posts

Back