Previous Topic Next Topic

Windows Securty 2012 virus

Solved/Closed
Screwed - Jan 27, 2012 at 05:48 PM
 scrwed - Feb 11, 2012 at 04:49 PM
Hello,

I am getting prompts to update my windows security to 2012 and asking my credit card. after some research I have found this virus is a nasty one. But it seems to me I am the only one who cannot run Rkill even through .com .scr .pif .... It downloads then right when it is done the file is gone. Disappears.... I need help... bad. THANK YOU !!


Related:

66 responses

Answer 41 / 66
Screwed
Feb 3, 2012 at 04:22 PM
Now Firefox wont load pictures also... Is there an Anti-virus that is free?? Or do you have to pay for it to get one that is worth it??
0
Answer 42 / 66
Screwed
Feb 3, 2012 at 04:48 PM
Maybe there is a different Software for fixing MBR?
0
Answer 43 / 66
Screwed
Feb 4, 2012 at 09:50 AM
the instructions you gave are no longer here, i restarted to get into safe mode and now i lost that link to help run tdsskiller and aswmbr
0
Answer 44 / 66
Screwed
Feb 4, 2012 at 10:02 AM
OK followed instructions you gave, I found the link....
One problem though, While I have tdsskiller open, it looks just like your picture but do I quarantine the item it found? Or what happens??
0

Didn't find the answer you are looking for?

Ask a question
Answer 45 / 66
Screwed
Feb 4, 2012 at 10:13 AM
OK OK I hit the Cure button on tdsskiller and running scan on aswMBR now, waiting for that to finish then goin to reboot and post the logs.. Looks like there is a second partition infected, someone told me that is prolly what happened.. If you know how to get rid of these does that mean you also know how to write them?? haha What is the purpose of these infections?? Besides getting your CC... I mean what should I worry about???
0
Answer 46 / 66
Screwed
Feb 4, 2012 at 10:15 AM
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-04 10:59:45
-----------------------------
10:59:45.765 OS Version: Windows 5.1.2600 Service Pack 3
10:59:45.765 Number of processors: 1 586 0xA
10:59:45.781 ComputerName: MYCOMPUTER UserName:
10:59:46.421 Initialize success
11:01:17.250 AVAST engine defs: 12020400
11:03:33.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:03:33.828 Disk 0 Vendor: IC35L040AVER07-0 ER4OA46A Size: 38166MB BusType: 3
11:03:33.859 Disk 0 MBR read successfully
11:03:33.875 Disk 0 MBR scan
11:03:33.984 Disk 0 Windows XP default MBR code
11:03:34.000 Disk 0 MBR hidden
11:03:34.031 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 38154 MB offset 63
11:03:34.093 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 12 MB offset 78140160
11:03:34.109 Disk 0 Partition 2 **INFECTED** MBR:Alureon-K [Rtk]
11:03:34.171 Disk 0 scanning sectors +78165344
11:03:34.296 Disk 0 scanning C:\WINDOWS\system32\drivers
11:03:51.812 Service scanning
11:03:54.906 Modules scanning
11:04:10.937 Disk 0 trace - called modules:
11:04:10.953 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82f42fa9]<<
11:04:10.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f4fab8]
11:04:10.953 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe7030]
11:04:10.953 \Driver\atapi[0x82f50618] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82f42fa9
11:04:11.609 AVAST engine scan C:\WINDOWS
11:04:42.406 AVAST engine scan C:\WINDOWS\system32
11:09:09.625 AVAST engine scan C:\WINDOWS\system32\drivers
11:09:33.812 AVAST engine scan C:\Documents and Settings\Administrator
11:11:25.000 AVAST engine scan C:\Documents and Settings\All Users
11:11:43.250 File: C:\Documents and Settings\All Users\Application Data\xSCDz1GaKeILNY.exe **INFECTED** Win32:Crypt-LHP [Trj]
11:12:35.109 Scan finished successfully
11:14:28.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
11:14:28.953 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR.txt"
0
Screwed
Feb 4, 2012 at 10:16 AM
Got a WARNING when i went to FIXMBR.... I dont want to do anything until I know for sure thats what you want me to do... Sorry for being sketchy
0
Answer 47 / 66
Screwed
Feb 4, 2012 at 10:29 AM
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 92):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8C76000 \WINDOWS\system32\KDCOM.DLL
0xF8B86000 \WINDOWS\system32\BOOTVID.dll
0xF8727000 ACPI.sys
0xF8C78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8716000 pci.sys
0xF8776000 isapnp.sys
0xF8C7A000 intelide.sys
0xF89F6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8786000 MountMgr.sys
0xF86F7000 ftdisk.sys
0xF8C7C000 dmload.sys
0xF86D1000 dmio.sys
0xF89FE000 PartMgr.sys
0xF8796000 VolSnap.sys
0xF86B9000 atapi.sys
0xF87A6000 disk.sys
0xF87B6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8699000 fltmgr.sys
0xF8687000 sr.sys
0xF8670000 KSecDD.sys
0xF865D000 WudfPf.sys
0xF85D0000 Ntfs.sys
0xF85A3000 NDIS.sys
0xF8589000 Mup.sys
0xF87C6000 agp440.sys
0xF87E6000 \SystemRoot\system32\DRIVERS\dc21x4.sys
0xF8A26000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A36000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8806000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8816000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8535000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A5E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8836000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8C0E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF84D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8846000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8856000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8A7E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF84C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8866000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8A8E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8A9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8491000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8876000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8AAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8C82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8433000 \SystemRoot\system32\DRIVERS\update.sys
0xF8C32000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8886000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8AC6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8DFD000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8ADE000 \SystemRoot\System32\drivers\vga.sys
0xF83F7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF8C92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8AFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8C66000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF83C4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF836B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF8343000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8321000 \SystemRoot\System32\drivers\afd.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8256000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF81E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF851D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8B1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF850D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF88E6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF81A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C98000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8427000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8B46000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8EBE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBF012000 \SystemRoot\System32\ATMFD.DLL
0xF7E9A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF7CA6000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7B1A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 16):
0 System Idle Process
4 System
372 C:\WINDOWS\system32\smss.exe
420 csrss.exe
444 C:\WINDOWS\system32\winlogon.exe
488 C:\WINDOWS\system32\services.exe
500 C:\WINDOWS\system32\lsass.exe
656 C:\WINDOWS\system32\svchost.exe
740 svchost.exe
836 C:\WINDOWS\system32\svchost.exe
876 svchost.exe
976 svchost.exe
1416 <unknown>
1460 C:\WINDOWS\explorer.exe
1540 wmiprvse.exe
1672 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000'00007e00 (NTFS)

PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA46A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
0
Anonymous User
Feb 4, 2012 at 10:31 AM
That looks good.I also want to check at ASWMBR and TDSSkiller log.I do not need your MBRCHECK log.Do not repost it

Thanks
0
Answer 48 / 66
Screwed
Feb 4, 2012 at 10:31 AM
11:29:27.0109 0304 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:29:27.0390 0304 ============================================================
11:29:27.0390 0304 Current date / time: 2012/02/04 11:29:27.0390
11:29:27.0390 0304 SystemInfo:
11:29:27.0390 0304
11:29:27.0390 0304 OS Version: 5.1.2600 ServicePack: 3.0
11:29:27.0390 0304 Product type: Workstation
11:29:27.0390 0304 ComputerName: MYCOMPUTER
11:29:27.0390 0304 UserName: Administrator
11:29:27.0390 0304 Windows directory: C:\WINDOWS
11:29:27.0390 0304 System windows directory: C:\WINDOWS
11:29:27.0390 0304 Processor architecture: Intel x86
11:29:27.0390 0304 Number of processors: 1
11:29:27.0390 0304 Page size: 0x1000
11:29:27.0390 0304 Boot type: Safe boot with network
11:29:27.0390 0304 ============================================================
11:29:30.0140 0304 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:29:30.0140 0304 \Device\Harddisk0\DR0:
11:29:30.0140 0304 MBR used
11:29:30.0140 0304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:29:30.0359 0304 Initialize success
11:29:30.0359 0304 ============================================================
11:29:36.0281 0340 ============================================================
11:29:36.0281 0340 Scan started
11:29:36.0281 0340 Mode: Manual;
11:29:36.0281 0340 ============================================================
11:29:37.0359 0340 Abiosdsk - ok
11:29:37.0406 0340 abp480n5 - ok
11:29:37.0531 0340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:29:37.0531 0340 ACPI - ok
11:29:37.0703 0340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:29:37.0703 0340 ACPIEC - ok
11:29:37.0828 0340 adpu160m - ok
11:29:37.0921 0340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:29:37.0921 0340 aec - ok
11:29:38.0125 0340 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
11:29:38.0125 0340 AFD - ok
11:29:38.0250 0340 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:29:38.0250 0340 agp440 - ok
11:29:38.0312 0340 Aha154x - ok
11:29:38.0359 0340 aic78u2 - ok
11:29:38.0421 0340 aic78xx - ok
11:29:38.0484 0340 AliIde - ok
11:29:38.0546 0340 amsint - ok
11:29:38.0640 0340 asc - ok
11:29:38.0687 0340 asc3350p - ok
11:29:38.0734 0340 asc3550 - ok
11:29:38.0937 0340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:29:38.0937 0340 AsyncMac - ok
11:29:39.0000 0340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:29:39.0015 0340 atapi - ok
11:29:39.0109 0340 Atdisk - ok
11:29:39.0203 0340 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:29:39.0218 0340 ati2mtag - ok
11:29:39.0406 0340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:29:39.0406 0340 Atmarpc - ok
11:29:39.0562 0340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:29:39.0562 0340 audstub - ok
11:29:39.0703 0340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:29:39.0703 0340 Beep - ok
11:29:39.0953 0340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:29:39.0953 0340 cbidf2k - ok
11:29:40.0062 0340 cd20xrnt - ok
11:29:40.0156 0340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:29:40.0156 0340 Cdaudio - ok
11:29:40.0281 0340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:29:40.0296 0340 Cdfs - ok
11:29:40.0453 0340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:29:40.0453 0340 Cdrom - ok
11:29:40.0546 0340 Changer - ok
11:29:40.0765 0340 CmdIde - ok
11:29:40.0859 0340 Cpqarray - ok
11:29:40.0968 0340 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
11:29:40.0968 0340 ctljystk - ok
11:29:41.0078 0340 dac2w2k - ok
11:29:41.0140 0340 dac960nt - ok
11:29:41.0203 0340 DC21x4 (bb005cb49d0638039703ac4f67fe0a05) C:\WINDOWS\system32\DRIVERS\dc21x4.sys
11:29:41.0218 0340 DC21x4 - ok
11:29:41.0406 0340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:29:41.0406 0340 Disk - ok
11:29:41.0625 0340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:29:41.0640 0340 dmboot - ok
11:29:41.0796 0340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:29:41.0812 0340 dmio - ok
11:29:41.0953 0340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:29:41.0953 0340 dmload - ok
11:29:42.0140 0340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:29:42.0140 0340 DMusic - ok
11:29:42.0281 0340 dpti2o - ok
11:29:42.0375 0340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:29:42.0375 0340 drmkaud - ok
11:29:42.0546 0340 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
11:29:42.0546 0340 emu10k - ok
11:29:42.0687 0340 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
11:29:42.0687 0340 emu10k1 - ok
11:29:42.0906 0340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:29:42.0921 0340 Fastfat - ok
11:29:43.0093 0340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:29:43.0093 0340 Fdc - ok
11:29:43.0250 0340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:29:43.0250 0340 Fips - ok
11:29:43.0421 0340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:29:43.0421 0340 Flpydisk - ok
11:29:43.0546 0340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:29:43.0546 0340 FltMgr - ok
11:29:43.0703 0340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:29:43.0703 0340 Fs_Rec - ok
11:29:43.0734 0340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:29:43.0765 0340 Ftdisk - ok
11:29:43.0890 0340 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:29:43.0890 0340 gameenum - ok
11:29:44.0015 0340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:29:44.0015 0340 GEARAspiWDM - ok
11:29:44.0156 0340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:29:44.0156 0340 Gpc - ok
11:29:44.0359 0340 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
11:29:44.0375 0340 HCF_MSFT - ok
11:29:44.0578 0340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:29:44.0578 0340 hidusb - ok
11:29:44.0718 0340 hpn - ok
11:29:44.0812 0340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:29:44.0828 0340 HTTP - ok
11:29:44.0953 0340 i2omgmt - ok
11:29:45.0000 0340 i2omp - ok
11:29:45.0062 0340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:29:45.0062 0340 i8042prt - ok
11:29:45.0203 0340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:29:45.0203 0340 Imapi - ok
11:29:45.0328 0340 ini910u - ok
11:29:45.0406 0340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:29:45.0406 0340 IntelIde - ok
11:29:45.0593 0340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:29:45.0593 0340 Ip6Fw - ok
11:29:45.0734 0340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:29:45.0734 0340 IpFilterDriver - ok
11:29:45.0843 0340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:29:45.0859 0340 IpInIp - ok
11:29:45.0937 0340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:29:45.0937 0340 IpNat - ok
11:29:46.0140 0340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:29:46.0140 0340 IPSec - ok
11:29:46.0281 0340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:29:46.0281 0340 IRENUM - ok
11:29:46.0375 0340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:29:46.0375 0340 isapnp - ok
11:29:46.0515 0340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:29:46.0515 0340 Kbdclass - ok
11:29:46.0609 0340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:29:46.0625 0340 kmixer - ok
11:29:46.0781 0340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:29:46.0781 0340 KSecDD - ok
11:29:46.0921 0340 lbrtfdc - ok
11:29:47.0171 0340 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:29:47.0171 0340 MBAMProtector - ok
11:29:47.0390 0340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:29:47.0390 0340 mnmdd - ok
11:29:47.0546 0340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:29:47.0546 0340 Modem - ok
11:29:47.0687 0340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:29:47.0687 0340 Mouclass - ok
11:29:47.0765 0340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:29:47.0765 0340 mouhid - ok
11:29:47.0890 0340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:29:47.0906 0340 MountMgr - ok
11:29:47.0968 0340 mraid35x - ok
11:29:48.0046 0340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:29:48.0046 0340 MRxDAV - ok
11:29:48.0234 0340 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:29:48.0250 0340 MRxSmb - ok
11:29:48.0484 0340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:29:48.0484 0340 Msfs - ok
11:29:48.0656 0340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:29:48.0656 0340 MSKSSRV - ok
11:29:48.0781 0340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:29:48.0781 0340 MSPCLOCK - ok
11:29:48.0843 0340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:29:48.0843 0340 MSPQM - ok
11:29:48.0984 0340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:29:48.0984 0340 mssmbios - ok
11:29:49.0078 0340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:29:49.0093 0340 Mup - ok
11:29:49.0265 0340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:29:49.0265 0340 NDIS - ok
11:29:49.0390 0340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:29:49.0390 0340 NdisTapi - ok
11:29:49.0562 0340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:29:49.0562 0340 Ndisuio - ok
11:29:49.0718 0340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:29:49.0718 0340 NdisWan - ok
11:29:49.0843 0340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:29:49.0843 0340 NDProxy - ok
11:29:49.0937 0340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:29:49.0937 0340 NetBIOS - ok
11:29:50.0156 0340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:29:50.0156 0340 NetBT - ok
11:29:50.0437 0340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:29:50.0437 0340 Npfs - ok
11:29:50.0625 0340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:29:50.0625 0340 Ntfs - ok
11:29:50.0828 0340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:29:50.0828 0340 Null - ok
11:29:50.0984 0340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:29:50.0984 0340 NwlnkFlt - ok
11:29:51.0078 0340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:29:51.0093 0340 NwlnkFwd - ok
11:29:51.0343 0340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:29:51.0343 0340 Parport - ok
11:29:51.0484 0340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:29:51.0484 0340 PartMgr - ok
11:29:51.0625 0340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:29:51.0625 0340 ParVdm - ok
11:29:51.0703 0340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:29:51.0718 0340 PCI - ok
11:29:51.0812 0340 PCIDump - ok
11:29:51.0859 0340 PCIIde - ok
11:29:51.0984 0340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:29:51.0984 0340 Pcmcia - ok
11:29:52.0093 0340 PDCOMP - ok
11:29:52.0156 0340 PDFRAME - ok
11:29:52.0203 0340 PDRELI - ok
11:29:52.0281 0340 PDRFRAME - ok
11:29:52.0328 0340 perc2 - ok
11:29:52.0421 0340 perc2hib - ok
11:29:52.0593 0340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:29:52.0593 0340 PptpMiniport - ok
11:29:52.0703 0340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:29:52.0703 0340 Processor - ok
11:29:52.0796 0340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:29:52.0796 0340 PSched - ok
11:29:52.0953 0340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:29:52.0953 0340 Ptilink - ok
11:29:53.0031 0340 ql1080 - ok
11:29:53.0093 0340 Ql10wnt - ok
11:29:53.0156 0340 ql12160 - ok
11:29:53.0203 0340 ql1240 - ok
11:29:53.0281 0340 ql1280 - ok
11:29:53.0359 0340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:29:53.0359 0340 RasAcd - ok
11:29:53.0531 0340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:29:53.0531 0340 Rasl2tp - ok
11:29:53.0687 0340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:29:53.0687 0340 RasPppoe - ok
11:29:53.0859 0340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:29:53.0859 0340 Raspti - ok
11:29:54.0015 0340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:29:54.0015 0340 Rdbss - ok
11:29:54.0125 0340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:29:54.0125 0340 RDPCDD - ok
11:29:54.0281 0340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:29:54.0296 0340 rdpdr - ok
11:29:54.0453 0340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:29:54.0468 0340 RDPWD - ok
11:29:54.0593 0340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:29:54.0593 0340 redbook - ok
11:29:55.0015 0340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:29:55.0015 0340 Secdrv - ok
11:29:55.0203 0340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:29:55.0203 0340 serenum - ok
11:29:55.0343 0340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:29:55.0343 0340 Serial - ok
11:29:55.0546 0340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:29:55.0546 0340 Sfloppy - ok
11:29:55.0687 0340 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
11:29:55.0687 0340 sfman - ok
11:29:55.0828 0340 Simbad - ok
11:29:55.0890 0340 Sparrow - ok
11:29:55.0953 0340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:29:55.0953 0340 splitter - ok
11:29:56.0062 0340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:29:56.0062 0340 sr - ok
11:29:56.0250 0340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:29:56.0265 0340 Srv - ok
11:29:56.0453 0340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:29:56.0453 0340 swenum - ok
11:29:56.0593 0340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:29:56.0609 0340 swmidi - ok
11:29:56.0750 0340 symc810 - ok
11:29:56.0812 0340 symc8xx - ok
11:29:56.0875 0340 sym_hi - ok
11:29:56.0921 0340 sym_u3 - ok
11:29:57.0015 0340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:29:57.0015 0340 sysaudio - ok
11:29:57.0187 0340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:29:57.0187 0340 Tcpip - ok
11:29:57.0328 0340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:29:57.0328 0340 TDPIPE - ok
11:29:57.0359 0340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:29:57.0359 0340 TDTCP - ok
11:29:57.0453 0340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:29:57.0468 0340 TermDD - ok
11:29:57.0609 0340 TosIde - ok
11:29:57.0734 0340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:29:57.0750 0340 Udfs - ok
11:29:57.0828 0340 ultra - ok
11:29:57.0937 0340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:29:57.0937 0340 Update - ok
11:29:58.0156 0340 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:29:58.0171 0340 USBAAPL - ok
11:29:58.0343 0340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:29:58.0343 0340 usbccgp - ok
11:29:58.0500 0340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:29:58.0500 0340 usbhub - ok
11:29:58.0640 0340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:29:58.0656 0340 usbprint - ok
11:29:58.0812 0340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:29:58.0828 0340 usbscan - ok
11:29:58.0937 0340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:29:58.0953 0340 USBSTOR - ok
11:29:59.0062 0340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:29:59.0062 0340 usbuhci - ok
11:29:59.0218 0340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:29:59.0218 0340 VgaSave - ok
11:29:59.0265 0340 ViaIde - ok
11:29:59.0328 0340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:29:59.0328 0340 VolSnap - ok
11:29:59.0578 0340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:29:59.0578 0340 Wanarp - ok
11:29:59.0750 0340 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:29:59.0750 0340 WDC_SAM - ok
11:29:59.0796 0340 WDICA - ok
11:29:59.0875 0340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:29:59.0875 0340 wdmaud - ok
11:30:00.0328 0340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:30:00.0343 0340 WpdUsb - ok
11:30:00.0531 0340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:30:00.0531 0340 WudfPf - ok
11:30:00.0718 0340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:30:00.0718 0340 WudfRd - ok
11:30:00.0859 0340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:30:01.0078 0340 \Device\Harddisk0\DR0 - ok
11:30:01.0125 0340 Boot (0x1200) (813d9937473cbe884a080ebc8f03cbec) \Device\Harddisk0\DR0\Partition0
11:30:01.0125 0340 \Device\Harddisk0\DR0\Partition0 - ok
11:30:01.0140 0340 ============================================================
11:30:01.0140 0340 Scan finished
11:30:01.0140 0340 ============================================================
11:30:01.0203 0332 Detected object count: 0
11:30:01.0203 0332 Actual detected object count: 0
11:30:18.0484 0300 Deinitialize success
0
Answer 49 / 66
Anonymous User
Feb 4, 2012 at 10:39 AM
Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Download

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

Install it

Click on [b]START[/b],it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


I need to your ASWMBR log too in your next reply
0
Answer 50 / 66
Screwed
Feb 4, 2012 at 10:41 AM
Got One infection

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-04 11:31:33
-----------------------------
11:31:33.906 OS Version: Windows 5.1.2600 Service Pack 3
11:31:33.906 Number of processors: 1 586 0xA
11:31:33.906 ComputerName: MYCOMPUTER UserName:
11:31:34.328 Initialize success
11:31:51.640 AVAST engine defs: 12020400
11:31:54.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:31:54.031 Disk 0 Vendor: IC35L040AVER07-0 ER4OA46A Size: 38166MB BusType: 3
11:31:54.062 Disk 0 MBR read successfully
11:31:54.078 Disk 0 MBR scan
11:31:54.218 Disk 0 Windows XP default MBR code
11:31:54.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
11:31:54.296 Disk 0 scanning sectors +78140160
11:31:54.906 Disk 0 scanning C:\WINDOWS\system32\drivers
11:32:29.359 Service scanning
11:32:32.765 Modules scanning
11:32:43.593 Disk 0 trace - called modules:
11:32:43.609 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:32:43.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f55ab8]
11:32:43.625 3 CLASSPNP.SYS[f87b6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe6030]
11:32:44.140 AVAST engine scan C:\WINDOWS
11:33:08.718 AVAST engine scan C:\WINDOWS\system32
11:37:15.093 AVAST engine scan C:\WINDOWS\system32\drivers
11:37:39.906 AVAST engine scan C:\Documents and Settings\Administrator
11:39:14.593 AVAST engine scan C:\Documents and Settings\All Users
11:39:34.859 File: C:\Documents and Settings\All Users\Application Data\xSCDz1GaKeILNY.exe **INFECTED** Win32:Crypt-LHP [Trj]
11:40:16.906 Scan finished successfully
11:40:36.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
11:40:36.968 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR2.txt"
0
Answer 51 / 66
Anonymous User
Feb 4, 2012 at 10:44 AM
I want you to go to this path

C:\Documents and Settings\All Users\Application Data\xSCDz1GaKeILNY.exe

Delete the file

I think you're free from redirects at this point but further scans are to make sure that PC is clean

Waiting for other logs.Will check out later
0
Screwed
Feb 4, 2012 at 10:59 AM
ESET found WIN32/kryptic.ZRD.trojan
0
Screwed
Feb 4, 2012 at 11:03 AM
There is other similar files with that one ~b2C9j9ObvnP8FI ; ~3HEmNLSLzbemrC , Are these bad too or no?
0
Answer 52 / 66
Anonymous User
Feb 4, 2012 at 11:02 AM
Please post the logs together.Do not post it one by one.I dont need name of the infection .I need exact log contents.Please copy and paste it here

Thanks
0
Answer 53 / 66
Screwed
Feb 4, 2012 at 07:01 PM
C:\Documents and Settings\All Users\Application Data\xSCDz1GaKeILNY.exe a variant of Win32/Kryptik.ZRD trojan cleaned by deleting - quarantined
C:\Documents and Settings\Matthew Mitchell\Local Settings\Temp\261248.exe a variant of Win32/Sefnit.CD trojan deleted - quarantined
C:\Documents and Settings\MOM\My Documents\Downloads\video.exe Win32/TrojanDownloader.Adload.NIK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Application Data\Raptr\version_gold.txt Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\data[1].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\data[2].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\data[3].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\data[4].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\data[5].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\entertainment1[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\entertainment6[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\news1[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\news2[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\news6[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\news6[3] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\pandamovies_com[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\QuoteRequest[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\video5[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\video9[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\VUZBlinkyApp[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\CB0PUT8N\yahoo_com[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\data[1].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\data[2].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\entertainment3[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\entertainment7[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\entertainment7[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\fwlink[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\google_com[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news1[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news2[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news3[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news3[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news8[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\news8[3] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\video8[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\VUZBlinkyApp[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\VUZObsidianApp[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\KBCP4NUX\VUZSearchApp[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\appmgr_updates[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\data[1].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\data[2].aspx Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\entertainment10[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\entertainment10[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\entertainment5[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\news1[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\news5[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\news5[3] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\news7[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\news7[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\video1[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\Y9QJSJGN\video3[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\entertainment4[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news3[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news4[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news4[3] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news7[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news7[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news7[3] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news7[4] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news7[5] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\news8[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\porno_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\video10[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\video4[2] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\YZ8D2XK3\VUZChameleonapp[1] Win32/Adware.SpywareProtect2009 application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-789336058-1604221776-1801674531-1003\Dc9.exe probably a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.XEZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.02.2012_10.56.45\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\ZUM15.tmp\upgrade.exe a variant of Win32/Adware.OneStep application deleted - quarantined



_________________________________________________________
0
Answer 54 / 66
Screwed
Feb 4, 2012 at 07:26 PM
I cant copy and Paste or "save" log for GMER idk why. I could re-write them by hand.... Let me know if I am missing something in safe mode becuase everything is 10 times bigger.... ...
0
Answer 55 / 66
Screwed
Feb 4, 2012 at 07:27 PM
Delete quarantined files in ESET???
0
Answer 56 / 66
Screwed
Feb 4, 2012 at 11:16 PM
So I only have the trial version of Malware bytes as you gave me, and It wont give me an option to disable protection since I dont have the full version. So i just uninstalled it and rebooted and then ran combofix. It went all the way through and got stuck on "creating a log" step for 35 min.... I am trying again and it still says combofix has detected the following antivirus realtime protection: *** "Malware Protection Center" ***..... I have no idea how to disable this I was assuming it as Malware Bytes.... SORRY!!!
0
Answer 57 / 66
Anonymous User
Feb 4, 2012 at 11:25 PM
Press Windows+R key and type

cmd and click ok

Run the following commands

net stop winmgmt

go to C:/Windows/system32/wbem

Delete the repository folder

Now run this command

net start winmgmt


Try to run combofix now
0
Screwed
Feb 4, 2012 at 11:38 PM
ComboFix 12-02-05.01 - Administrator 02/05/2012 0:21.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.363 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Malware Protection Center *Enabled/Updated* {CFE072B0-F169-49D6-817B-7692478C4B2A}
FW: Malware Protection Center *Enabled* {69848B95-4268-499C-A6C7-2CD1E046595D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\~3HEmNLSLzbemrC
c:\documents and settings\All Users\Application Data\~3HEmNLSLzbemrCr
c:\documents and settings\All Users\Application Data\3HEmNLSLzbemrC
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Matthew Mitchell\WINDOWS
c:\documents and settings\MOM\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\MOM\Desktop\System Fix.lnk
c:\documents and settings\MOM\Start Menu\Programs\System Fix
c:\documents and settings\MOM\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\MOM\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\Nick\Desktop\System Fix.lnk
c:\documents and settings\Nick\Start Menu\Programs\System Fix
c:\documents and settings\Nick\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Nick\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\system32\SET48.tmp
c:\windows\system32\SET4D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-04 16:44 . 2012-02-04 16:44 -------- d-----w- c:\program files\ESET
2012-02-04 16:06 . 2012-02-04 16:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-02 19:01 . 2012-02-05 04:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware4
2012-01-28 19:26 . 2012-01-28 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-28 18:36 . 2012-02-05 03:41 -------- d-----w- c:\documents and settings\Administrator
2012-01-28 00:02 . 2012-01-28 00:02 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPOXPC
2012-01-28 00:00 . 2012-02-02 23:47 -------- d-sh--w- c:\documents and settings\All Users\Application Data\269667
2012-01-07 20:15 . 2012-02-03 20:27 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 20:15 . 2012-01-07 20:15 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 20:15 . 2012-01-07 20:15 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-07 20:15 . 2012-01-07 20:15 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 20:27 . 2011-04-20 18:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-10-09 818688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-10-27 149280]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
.
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/27/2009 10:15 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-27 c:\windows\Tasks\Command Prompt.job
- c:\windows\system32\cmd.exe [2004-08-04 00:12]
.
2012-02-03 c:\windows\Tasks\Norton Security Scan for Matthew Mitchell.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4twbar1.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Internet Security 2012 - c:\documents and settings\All Users\Application Data\isecurity.exe
HKLM-Run-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware4\mbamgui.exe
AddRemove-Antares Autotune VST RTAS TDM_is1 - c:\program files\Antares Audio Technologies\unins000.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware4\unins000.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files\Bing Bar Installer\InstallManager.exe
0
Screwed
Feb 4, 2012 at 11:41 PM
When we are finished sould you please recommend a way to clean my system of old unwanted files and an anti-virus. I was told it doesnt watter what anti virus you have, and you will always get malware and viruses no matter wat....
0
Answer 58 / 66
Screwed
Feb 5, 2012 at 12:08 AM
So I started system in normal mode and signed into my user name and for one the desktop picture did not show up, also I found it to be really really slow... I started Firefox and no photos will appear. I logged out and logged in to another user name under my name, also the picture was not loading for desktop, but the desktop items did not load either... It was also extremely slow and took forever to simply load the start menu...
0
Answer 59 / 66
Screwed
Feb 5, 2012 at 02:12 PM
Thats a hell of a lot of info i am posting on here.... If I post thst log you want.... What is the purpose? To get my CPU to run better???
0
Answer 60 / 66
Screwed
Feb 5, 2012 at 02:14 PM
MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 05-02-2012 at 15:04:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Kingston EtheRx KNE100TX PCI Fast Ethernet Adapter (21143-PD) = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : mycomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Kingston EtheRx KNE100TX PCI Fast Ethernet Adapter (21143-PD)

Physical Address. . . . . . . . . : 00-C0-F0-3C-3F-F9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, February 05, 2012 2:47:26 PM

Lease Expires . . . . . . . . . . : Monday, February 06, 2012 2:47:26 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.113.105, 74.125.113.99, 74.125.113.106, 74.125.113.104
74.125.113.103, 74.125.113.147



Pinging google.com [74.125.113.147] with 32 bytes of data:



Reply from 74.125.113.147: bytes=32 time=35ms TTL=53

Reply from 74.125.113.147: bytes=32 time=35ms TTL=53



Ping statistics for 74.125.113.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 35ms, Average = 35ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=188ms TTL=49

Reply from 98.139.180.149: bytes=32 time=160ms TTL=49



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 160ms, Maximum = 188ms, Average = 174ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 f0 3c 3f f9 ...... Kingston EtheRx KNE100TX PCI Fast Ethernet Adapter (21143-PD) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2012 09:32:27 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/02/2012 08:10:12 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/02/2012 05:13:17 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.51.0.1074, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.
Processing media-specific event for [mbam.exe!ws!]

Error: (02/02/2012 04:42:35 PM) (Source: Application Error) (User: )
Description: Faulting application mp269_8051.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [mp269_8051.exe!ws!]

Error: (02/01/2012 11:55:38 AM) (Source: Application Error) (User: )
Description: Faulting application mp269_8051.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [mp269_8051.exe!ws!]

Error: (01/31/2012 01:25:11 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/31/2012 01:25:08 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/31/2012 01:21:46 AM) (Source: Application Error) (User: )
Description: Faulting application mp269_8051.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [mp269_8051.exe!ws!]

Error: (01/30/2012 07:32:57 PM) (Source: Application Error) (User: )
Description: Faulting application mp269_8051.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [mp269_8051.exe!ws!]

Error: (01/30/2012 04:35:12 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/05/2012 02:48:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor

Error: (02/05/2012 02:48:15 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 02:39:21 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 02:13:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor

Error: (02/05/2012 02:13:42 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 01:13:41 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 01:04:29 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
Processor

Error: (02/05/2012 01:03:46 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 00:44:09 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/05/2012 00:43:37 AM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIM 7
AOL Messaging Toolbar
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
Bing Bar Platform (Version: 5.0.1423.0)
Bonjour (Version: 2.0.4.0)
Collab
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Dune 2000
ESET Online Scanner v3
FL Studio 8
Google Talk Plugin (Version: 2.5.8.4958)
IL Download Manager
iTunes (Version: 10.1.2.17)
Java(TM) 6 Update 16 (Version: 6.0.160)
Lexmark Supplies Monitor
Lexmark Z23-Z33
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 10.0 (x86 en-US) (Version: 10.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Norton Security Scan (Version: 2.3.0.44)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PoiZone
QuickTime (Version: 7.69.80.9)
Raptr
Redist (Version: 3.00.0000)
Toxic Biohazard
Ultimate Grant Secrets Genie (Version: 1.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2553975)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Media Manager (Version: 9.4.94)
Vuze (Version: 4.5)
WD SmartWare (Version: 1.1.0.7)
WebFldrs XP (Version: 9.50.7523)
Westwood Shared Internet Components
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 511.01 MB
Available physical RAM: 364.82 MB
Total Pagefile: 1247.43 MB
Available Pagefile: 1183.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.14 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:19.08 GB) NTFS

========================= Users: ========================================

User accounts for \\MYCOMPUTER

Administrator Guest HelpAssistant
Matthew Mitchell MOM Nick
SUPPORT_388945a0


**** End of log ****
0
Previous