[oi2ks]

My son recently encountered a viruse which we cleaned up with Avast and MalwareBytes. The computer appears to be clean but it's not possible to access gmail. The error under chrome is:
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.

Error 107 (net::ERR_SSL_PROTOCOL_ERR): SSL protocol err

Other websites work fine although I haven't tried any that use SSL.

I have the Windows XP Install disc but I'm hoping I don't need to reinstall.

Thanks so much!
oi2ks
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Eric at 7:55:15.10 on Thu 03/31/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1289 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric.PHENOM-II\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\eric.phenom-ii\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_ActiveX.exe -update activex
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [GEST]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238949529640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.42.2.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 74.50.127.5 http://www.google.com
Hosts: 74.50.127.5 http://www.google.com.au
Hosts: 74.50.127.5 http://www.google.be
Hosts: 74.50.127.5 http://www.google.com.br
Hosts: 74.50.127.5 http://www.google.ca
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-24 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-24 192728]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-24 101976]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-24 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-24 301528]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslc18612d4;MpKslc18612d4;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{05e14cb6-30bc-4125-8c2f-b163a007af6f}\MpKslc18612d4.sys [2011-3-31 28752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-24 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-24 42184]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-4-5 68136]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-24 121000]
.
=============== Created Last 30 ================
.
2011-03-31 14:37:15 28752 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{05e14cb6-30bc-4125-8c2f-b163a007af6f}\MpKslc18612d4.sys
2011-03-30 21:40:38 6792528 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{05e14cb6-30bc-4125-8c2f-b163a007af6f}\mpengine.dll
2011-03-25 14:23:52 6792528 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-25 14:23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-25 14:21:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-25 01:23:53 -------- d-----w- C:\SwarmCache
2011-03-21 01:06:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-21 01:06:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-21 00:56:07 -------- d-----w- c:\program files\Gigabyte
2011-03-04 15:51:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\AVAST Software
2011-03-04 15:51:16 -------- d-----w- c:\program files\AVAST Software
.
==================== Find3M ====================
.
2011-03-31 14:37:21 16608 ----a-w- c:\windows\gdrv.sys
2011-02-24 05:04:15 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-24 05:04:15 234768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-22 04:26:33 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 7:56:15.84 ===============

 

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, avast! and Security Essentials. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

 

[oi2ks]

Thanks so much for your quick response. When the popups started fast and furious again last night, I decided to reinstall xp and clean things up that way. Please close this thread.

Thanks again,
oi2ks

 

[chemist]

Thanks for letting us know. :wave: