A very sick computer

Solved/Closed
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014 - Nov 9, 2012 at 06:27 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 24, 2012 at 04:40 AM
Hello,






Hi, I am new here and I need a very big help. I have been searching for a solution to my problem. My computer is very sick and it needs a serious help. I don't have big knowledge about computers so please be patient with me. First, my computer is slow so I have removed some files in C/ and transferred it to D/ now I have like 10 gb free space. My computer is so lucky to have the killer BSOD, then followed by unmountable boot volume. I have tried chkdsk/r but with no success I guess cause it never reached 100 percent and it ran for like almost two days... now I have my computer working with a very slow speed, as of the moment BSOD didn't appear yet and I hope it will just disappear and will never bug me anymore. Anyhow, I noticed that the sound of my computer is not normal anymore after I have ran the chkdsk. The audio is like, a person gargling.... please help me... I am so desperate.... help please. Thanks.
Related:
  • W29n51.sys download
  • Sick pou - Download - Children

53 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 10, 2012 at 04:00 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a system log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon, it allows to change the language.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).

4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on the screwdriver icon and ensure all of the items are checked.

6. Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the url and post it here.

Best regards

Ambucias
Moderator /Security Contributor
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 10, 2012 at 04:52 AM
Hi Ambucias,

thank you very much for the very quick reply. I have followed your instruction and have also downloaded zhp, I clicked it and have it running till it stopped in 43 % of the process. I tried it running thrice but to no success. Microsoft asked me to send a report and it gives me the following:

and the error report :

C:\DOCUME~1\Dewagede\LOCALS~1\Temp\WER21e3.dir00\ZHPDiag.exe.mdmp
C:\DOCUME~1\Dewagede\LOCALS~1\Temp\WER21e3.dir00\appcompat.txt





error signature :
szAppName : ZHPDiag.exe szAppVer : 1.3.1.39 szModName : hungapp
szModVer : 0.0.0.0 offset : 00000000




am I in big trouble?



thanks.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 10, 2012 at 03:51 PM
Big trouble you say, not really, at least for now. I should be able to tell you if and when you are in trouble.

You may have a virus which prevents diagnostic tools from running.

What is your operating system?

What is the make and model of your machine?

1. Complete remove ZHP Diag from your computer. (I trust you know how to do that)

2. Boot your machine in safe mode with networking.

3. Download ZHP Diag again.

4. Once on your desktop, change ZHP Diag's icon name to Kioskea.exe.

5. Launch ZHP Diag's installation.

6. Follow the instructions I gave you for the rest of the procedure.

Catch you later.
0
Ambucias,

Hi, I did everything under safe mode networking. Btw, here is the link of the report :


download link : http://speedy.sh/vsMcB/ZHPDiag.txt
forum link : [code]http://speedy.sh/vsMcB/ZHPDiag.txt/code
HTML link : <a href="http://speedy.sh/vsMcB/ZHPDiag.txt">Download at SpeedyShare</a>


sorry, posted it all just to be sure.



thanks again and ill be waiting for your response.


more powers!
0

Didn't find the answer you are looking for?

Ask a question
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 11, 2012 at 03:40 PM
Got it! Please stand-by.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 11, 2012 at 04:26 PM
Hi Josh

1. Your log reveals viruses:

-Babylon Toolbar
-Adware agent
-Adware Hotbar
-Click potato
-Spyware Soft 2pc
-Adware BHO
-Infection PUP Offer box
-Infection Dealo
-Infection Try Media
-Rogue Trojan Horse (RegGenie)

2. Your disk is in good order

3. You must update your Internet Explorer

4. You should empty the following folder: C:\WINDOWS\Prefetch

5. Most all of the malware on your computer came with downloads through Limewire and eMule. Limewire is infested with malware and so is eMule.

6. Avast offers limited protection for your machine.

7. If you get rid of the malware presently in your machine, you should be able to nurse back to health.

8. On your desktop, ZHP Diag created an icon ZHP Fix. Open ZHP fix.

9. Copy and paste the following lines in the main window and then click GO. Once you are done, close ZHP Fix

[HKLM\Software\Application Updater] [HKLM\Software\Freeze.com]
[HKLM\Software\Search Settings]
[HKLM\Software\Trymedia Systems]
O43 - CFD: 3/9/2012 - 8:36:50 PM - [0.000] ----D C:\Program Files\Application Updater
O43 - CFD: 10/20/2012 - 6:52:42 PM - [0.002] ----D C:\Program Files\RegGenie
O43 - CFD: 3/4/2012 - 9:29:50 AM - [0.037] ----D C:\Program Files\Common Files\Spigot
O43 - CFD: 12/5/2005 - 2:26:13 PM - [0] ----D C:\Documents and Settings\All Users\Favorites
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}]
[HKLM\Software\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
[HKLM\Software\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[HKLM\Software\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}]
[HKLM\Software\Classes\Interface\{618aad04-921f-44c2-be38-c0818af69861}]
[HKLM\Software\Classes\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337}]
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}]
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[HKLM\Software\Classes\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb}]
[HKLM\Software\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}]
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKLM\Software\Application Updater]
[HKLM\Software\freeze.com]
[HKLM\Software\Search Settings]
[HKLM\Software\Trymedia Systems]
C:\Program Files\Application Updater
C:\Program Files\Common Files\Spigot

10. You have a copy of Malwarebyte. Do not use it but do the following:

Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Boot your computer in safemode

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

11. Delete the ZHP Diag log, rerun ZHP Diag and upload the new log on Speedyshare. I wish to ensure we got rid of the Trojan Horse.

Good luck
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 11, 2012 at 04:28 PM
I now have writer's cramps!
0
Hi ambucias, I have opened zhpfix but there's no "go" button. ls there like any other button that u should click....?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 12, 2012 at 03:48 PM
Once you have copied the lines, click on the second icon, the one beside the camera. The lines will be pasted. You will then see the Go button appear.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 13, 2012 at 09:25 AM
hi ambucias, I dont know if I did it correctly but, when I ran the malware set up a black box appeared and gave me the ff report :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7AFE000 \WINDOWS\system32\KDCOM.DLL
0xF7A0E000 \WINDOWS\system32\BOOTVID.dll
0xF74CF000 ACPI.sys
0xF7B00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BE000 pci.sys
0xF75FE000 isapnp.sys
0xF760E000 ohci1394.sys
0xF761E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A12000 compbatt.sys
0xF7A16000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BC6000 pciide.sys
0xF787E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B02000 intelide.sys
0xF74A0000 pcmcia.sys
0xF762E000 MountMgr.sys
0xF7481000 ftdisk.sys
0xF7A1A000 ACPIEC.sys
0xF7BC7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7886000 PartMgr.sys
0xF763E000 VolSnap.sys
0xF7469000 atapi.sys
0xF764E000 disk.sys
0xF765E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7449000 fltmgr.sys
0xF7437000 sr.sys
0xF766E000 PxHelp20.sys
0xF7420000 KSecDD.sys
0xF740D000 WudfPf.sys
0xF7380000 Ntfs.sys
0xF7353000 NDIS.sys
0xF7339000 Mup.sys
0xF777E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AAA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6D4A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6D36000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CEA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6CD7000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF778E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6CBA000 \SystemRoot\system32\drivers\tifmsony.sys
0xF6A9C000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF78D6000 \SystemRoot\System32\Drivers\SonyNC.sys
0xF779E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6A82000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6EDB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6ECB000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A5F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7D31000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B56000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF78EE000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6EBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7ABA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A48000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6EAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6E9B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6A37000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6E8B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7906000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6E7B000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF790E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6E6B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B58000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF69B1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ACA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6E5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA09C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA078000 \SystemRoot\system32\drivers\portcls.sys
0xF77DE000 \SystemRoot\system32\drivers\drmk.sys
0xAA046000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA9EA1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF786E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B8E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B90000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B92000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79CE000 \SystemRoot\System32\drivers\vga.sys
0xF7B94000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B96000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79FE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7996000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A9A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8C87000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8C2E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF768E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8C06000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF79BE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF7AA6000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA8BE4000 \SystemRoot\System32\drivers\afd.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8BB9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8B49000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF771E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B23000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF772E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF774E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF79E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7CEB000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xA8AA5000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA8AFB000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA794E000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7966000 \SystemRoot\system32\DRIVERS\SonyImgF.sys
0xA7A56000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA7A36000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7936000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B70000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA90F3000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7B6A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBF157000 \SystemRoot\System32\ATMFD.DLL
0xF7304000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA7882000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA7830000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF76DE000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA7872000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA791A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA77CA000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7685000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA757C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7568000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA75CD000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF793E000 \??\C:\WINDOWS\system32\windrvNT.sys
0xA727C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA723F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7474000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
724 C:\WINDOWS\system32\smss.exe
844 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
912 C:\WINDOWS\system32\services.exe
948 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\svchost.exe
1132 svchost.exe
1172 C:\WINDOWS\system32\svchost.exe
1260 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1480 svchost.exe
1816 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2028 C:\WINDOWS\system32\spoolsv.exe
788 svchost.exe
832 C:\WINDOWS\system32\svchost.exe
1444 C:\WINDOWS\system32\svchost.exe
1456 C:\Program Files\Java\jre7\bin\jqs.exe
1748 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1952 C:\WINDOWS\system32\svchost.exe
376 wmpnetwk.exe
1580 C:\WINDOWS\explorer.exe
248 C:\WINDOWS\system32\wuauclt.exe
2552 alg.exe
3072 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3216 C:\Program Files\real\realplayer\Update\realsched.exe
3268 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3292 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
3332 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3400 C:\WINDOWS\system32\ctfmon.exe
3424 C:\Documents and Settings\Dewagede\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
3856 C:\Program Files\ZHPDiag\mbrcheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001'805e2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d'85c32800 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



i was trying to doanload malware bytes but it didnt allow me to.. I mean aside from that black box I didnt see anything. also this morning the blue screen appeared again with : kernel stalk inpage error.


:(
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 13, 2012 at 04:33 PM
Hello 101,

I am afraid that you have mistaken. I trust that you ensure that only the lines you copied appeared in the ZHP Fix window before you pressed GO ?

Blue screen again you say! Have you mentioned it in your original message ? Blue screen means bad news. When did you get a blue screen and what was the error message ?

Please explain that you were not allowed to download Malwarebyte. Any error message ? What did you see ?

Please delete the previous ZHP Diag log and run another to post on Speedyshare.

Communication is very important so please, tell me everything.

Regards
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 13, 2012 at 04:34 PM
Ambucias,


When I ran malware anti-malware it said that, there are no malwares found. So, we can assume that it is clean? Below is the link of the reports:

download link : http://speedy.sh/bthgH/ZHPDiag.Txt
forum link : [code]http://speedy.sh/bthgH/ZHPDiag.Txt/code
HTML link : <a href="http://speedy.sh/bthgH/ZHPDiag.Txt">Download at SpeedyShare</a>



I just would like to clarify something.... my computer still freezes and slow,,,, any remedies? :(
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 13, 2012 at 04:38 PM
Hi... it was this morning that I saw the BSOD with a text kernel stalk inoage error.
When I first tried to run malware anti-malware only a black box appeared and then after like 2 seconds its gone. So I wasnt able to do anything. what I did I went to another website and downloaded malware anti malware, saved it in my usb and transferred in my laptop.

I just sent you the new log of the ZHP diag.

I hope I did it right.

:/
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 13, 2012 at 04:39 PM
Did you run Malwarebyte or anti-malware ?
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 13, 2012 at 04:46 PM
i run this : Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 7.0.5730.13

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.861000 GHz
Memory total: 1063370752, free: 735907840




did I mess it up?


the link that you gave me.... gave me this report :


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7AFE000 \WINDOWS\system32\KDCOM.DLL
0xF7A0E000 \WINDOWS\system32\BOOTVID.dll
0xF74CF000 ACPI.sys
0xF7B00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74BE000 pci.sys
0xF75FE000 isapnp.sys
0xF760E000 ohci1394.sys
0xF761E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A12000 compbatt.sys
0xF7A16000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BC6000 pciide.sys
0xF787E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B02000 intelide.sys
0xF74A0000 pcmcia.sys
0xF762E000 MountMgr.sys
0xF7481000 ftdisk.sys
0xF7A1A000 ACPIEC.sys
0xF7BC7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7886000 PartMgr.sys
0xF763E000 VolSnap.sys
0xF7469000 atapi.sys
0xF764E000 disk.sys
0xF765E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7449000 fltmgr.sys
0xF7437000 sr.sys
0xF766E000 PxHelp20.sys
0xF7420000 KSecDD.sys
0xF740D000 WudfPf.sys
0xF7380000 Ntfs.sys
0xF7353000 NDIS.sys
0xF7339000 Mup.sys
0xF777E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AAA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6D4A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6D36000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6D0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CEA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78CE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6CD7000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF778E000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6CBA000 \SystemRoot\system32\drivers\tifmsony.sys
0xF6A9C000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF78D6000 \SystemRoot\System32\Drivers\SonyNC.sys
0xF779E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6A82000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6EDB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6ECB000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A5F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7D31000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7B56000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF78EE000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6EBB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7ABA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A48000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6EAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6E9B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6A37000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6E8B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7906000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6E7B000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF790E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6E6B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B58000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF69B1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ACA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6E5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA09C000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA078000 \SystemRoot\system32\drivers\portcls.sys
0xF77DE000 \SystemRoot\system32\drivers\drmk.sys
0xAA046000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA9EA1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF786E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B8E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B90000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B92000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79CE000 \SystemRoot\System32\drivers\vga.sys
0xF7B94000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B96000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79FE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7996000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A9A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8C87000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8C2E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF768E000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8C06000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF79BE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF7AA6000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA8BE4000 \SystemRoot\System32\drivers\afd.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8BB9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8B49000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF771E000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B23000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF772E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF774E000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF79E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7CEB000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xA8AA5000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA8AFB000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA794E000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF7966000 \SystemRoot\system32\DRIVERS\SonyImgF.sys
0xA7A56000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA7A36000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7936000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B70000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA90F3000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7B6A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CE1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBF157000 \SystemRoot\System32\ATMFD.DLL
0xF7304000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA7882000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA7830000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xF76DE000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA7872000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA791A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA77CA000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7685000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA757C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7568000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA75CD000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF793E000 \??\C:\WINDOWS\system32\windrvNT.sys
0xA727C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA723F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7474000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
724 C:\WINDOWS\system32\smss.exe
844 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
912 C:\WINDOWS\system32\services.exe
948 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\svchost.exe
1132 svchost.exe
1172 C:\WINDOWS\system32\svchost.exe
1260 C:\WINDOWS\system32\svchost.exe
1408 svchost.exe
1480 svchost.exe
1816 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2028 C:\WINDOWS\system32\spoolsv.exe
788 svchost.exe
832 C:\WINDOWS\system32\svchost.exe
1444 C:\WINDOWS\system32\svchost.exe
1456 C:\Program Files\Java\jre7\bin\jqs.exe
1748 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1952 C:\WINDOWS\system32\svchost.exe
376 wmpnetwk.exe
1580 C:\WINDOWS\explorer.exe
248 C:\WINDOWS\system32\wuauclt.exe
2552 alg.exe
3072 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3216 C:\Program Files\real\realplayer\Update\realsched.exe
3268 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3292 C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
3332 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3400 C:\WINDOWS\system32\ctfmon.exe
3424 C:\Documents and Settings\Dewagede\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
3856 C:\Program Files\ZHPDiag\mbrcheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001'805e2000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d'85c32800 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 13, 2012 at 04:48 PM
If you have sent me the correct log, you system is still infected especially with a rogue Trojan horse and other malware

Here is what we will do:

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

https://www.bleepingcomputer.com/download/combofix/

(click on the download @ bleeping computer button)

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.

Good luck
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 13, 2012 at 04:57 PM
okay ill do it. I have done this before. Thanks, really for being so patient.
0
Hi another problem. I have run combofix and closed ask, the windows and also disabled my anti virus program. It is now in Autoscan but a window appeared saying that: c:\combofix\mtee.3XE is not a valid Win32 application. What should I do?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 14, 2012 at 04:40 AM
Please explain what you mean by : and closed ask

Boot in safe mode with networking and run Combofix again. Remember Combofix takes a long time to run, it will go though at least 20 stages shown in a black window.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 14, 2012 at 06:19 AM
Hi Ambucias,

Last night I tried to run it again (not in safe mode) normal windows and it worked....

below is the log :

ComboFix 12-11-13.02 - Dewagede 14/11/2012 7:07.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.679 [GMT 1:00]
Running from: c:\documents and settings\Dewagede\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
.
.
2012-11-13 18:44 . 2012-11-13 18:44 140616 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-13 18:44 . 2012-11-13 18:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-11 14:54 . 2012-11-11 14:54 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-11-10 10:28 . 2012-11-13 22:16 -------- d-----w- c:\program files\ZHPDiag
2012-11-10 10:28 . 2012-11-13 22:16 -------- d-----w- C:\ZHP
2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- C:\found.000
2012-10-20 18:12 . 2012-10-20 18:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-20 17:48 . 2012-10-20 17:48 -------- d-----w- c:\documents and settings\Dewagede\Application Data\SpeedyPC Software
2012-10-20 17:48 . 2012-10-20 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-10-20 17:48 . 2012-10-20 17:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-20 17:48 . 2012-10-20 17:48 -------- d-----w- C:\Dell
2012-10-16 14:29 . 2012-10-16 14:29 -------- d-----w- c:\program files\NirSoft
2012-10-16 13:20 . 2012-10-16 13:20 -------- d-----w- c:\documents and settings\Dewagede\Application Data\RegGenie
2012-10-16 11:47 . 2012-10-16 11:47 -------- d-----w- c:\documents and settings\Dewagede\Application Data\DriverCure
2012-10-16 11:17 . 2012-10-20 17:47 -------- d-s---w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-10-22 20:16 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-10-22 20:16 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-10-22 20:15 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-10-22 20:15 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-10-22 20:15 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-10-22 20:15 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2011-10-22 20:16 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-10-22 20:15 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-10-22 20:15 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-10-22 20:14 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 16:32 . 2012-04-10 08:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 16:32 . 2011-09-10 17:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 13:14 . 2012-09-16 13:14 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-16 13:13 . 2012-06-16 16:25 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 13:13 . 2012-06-16 16:28 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 13:13 . 2010-09-13 16:54 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-08-27 19:12 . 2005-12-05 20:19 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12 . 2005-12-05 20:18 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12 . 2005-12-05 20:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12 . 2005-12-05 20:18 17408 ------w- c:\windows\system32\corpol.dll
2012-08-24 13:53 . 2005-12-05 20:19 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2005-12-05 20:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-22 13:17 . 2012-09-22 13:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 68856]
"Facebook Update"="c:\documents and settings\Dewagede\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-16 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-09 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /KBD:2 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Dewagede\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Dewagede\\My Documents\\Downloads\\wlsetup-web.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.AutoUpdate.exe"=
"c:\\Program Files\\Common Files\\Research In Motion\\AppLoader\\Loader.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpHost.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Dewagede\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Dewagede\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1856:TCP"= 1856:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/10/2011 21:15 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/10/2011 21:16 361032]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/12/2005 21:19 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/10/2011 21:16 21256]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/06/2008 07:44 47360]
S2 Change Modem Device Service;Change Modem Device Service;"c:\windows\system32\ChgService.exe" -service --> c:\windows\system32\ChgService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [06/08/2010 20:14 103424]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [13/11/2012 19:44 35144]
S3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [13/11/2012 19:44 140616]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [07/10/2011 18:41 594048]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [06/12/2005 00:54 28800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:32]
.
2012-11-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-10 22:50]
.
2012-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397393471-2348751738-1897457302-1006Core.job
- c:\documents and settings\Dewagede\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 12:36]
.
2012-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3397393471-2348751738-1897457302-1006UA.job
- c:\documents and settings\Dewagede\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-09 12:36]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-30 20:04]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-30 20:04]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397393471-2348751738-1897457302-1006Core.job
- c:\documents and settings\Dewagede\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 20:04]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3397393471-2348751738-1897457302-1006UA.job
- c:\documents and settings\Dewagede\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-16 20:04]
.
2012-11-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3397393471-2348751738-1897457302-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-11-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3397393471-2348751738-1897457302-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\documents and settings\Dewagede\Application Data\Mozilla\Firefox\Profiles\o1gzvcpw.default\
FF - prefs.js: keyword.URL - hxxp://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-Z1 - c:\docume~1\Dewagede\LOCALS~1\Temp\Rar$EX42.840\mbar\mbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 07:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\sccfg.sys 358 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNP1c4c\0000]
@DACL=(02 0000)
"Service"="1133813799"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
"Mfg"="Technologies Inc"
"LocationInformation"="on Microsoft ACPI-Compliant System"
"ConfigFlags"=dword:00000000
"Capabilities"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2012-11-14 07:33:36
ComboFix-quarantined-files.txt 2012-11-14 06:33
.
Pre-Run: 15,058,563,072 bytes free
Post-Run: 16,627,195,904 bytes free
.
- - End Of File - - C915EC854087D0B94A4443CEAA757878



My obrsevations:

- Computer is still slow and it is taking too much time to load whenever I open a browser.

- When I start my computer it is always asking me to have a disk check d:\ and I cancel it always because it is very slow. What should I do to prevent it from dick checking?

- I am now using my mobile as a router, I understand that my connection would be slower but I am just wondering because the packets sent is always higher than the packets received, is it a problem? the difference is between 200 - 500.

Thanks for the help.
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Nov 14, 2012 at 06:26 AM
Hi,



closed ask - should be "closed all the windows" - typo error. Sorry.
0