Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Insanely annoying audio ads, script errors, and other problems...


  • This topic is locked This topic is locked
49 replies to this topic

#1 adamlikesguitar

adamlikesguitar

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 30 April 2011 - 01:29 PM

Hi. I know there are so many other topics related to this but i need someone to guide me through the removal steps. Here is what's wrong:

Recently my computer got some Windows Restore virus which i removed using rkill and malwarebytes. A week later some other malware infected my computer that made a thing called XP antivirus 11 pop up and pretend to scan my computer. I used malwarebytes to remove that, but ever since then my computer has random audio ads, redirects from google in internet explorer, internet script errors, and for some reason, automatic updates won't turn on.

I am in great need of assistance. Thanks!!! :)

Here are my DDS logs, but when i tried running gmer, i got a blue screen of death. :(

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Roger Livingston at 14:39:11.67 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.88 [GMT -4:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NlsSrv32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\AOL\1173239244\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Documents and Settings\Roger Livingston\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: WinampTBSearch Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: WinampTBSearch Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - c:\program files\flashcatch\flashcatch.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - c:\program files\flashcatch\flashcatch.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Sonic RecordNow!]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HostManager] c:\program files\common files\aol\1173239244\ee\AOLSoftware.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: &Search
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - hxxp://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235955015562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235954984859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2007-3-11 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2007-3-11 51072]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-6-9 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-5-3 115792]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-5-3 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-4-13 61008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-1-10 39048]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
.
=============== Created Last 30 ================
.
2011-04-28 19:22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 19:22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 20:51:53 -------- d-----w- C:\997c0f10c100a142ef7d
2011-04-19 15:19:36 -------- d--h--w- c:\docume~1\rogerl~1\applic~1\Malwarebytes
2011-04-19 15:19:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:57:14 7 ----a-w- c:\windows\system32\mkghj.dll
2011-02-23 15:31:19 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2011-02-23 15:31:18 1872624 ----a-w- c:\windows\system32\winsflt.dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 14:41:38.45 ===============

Attached File  Attach.txt   17.01KB   2 downloads

EDIT: Posts merged ~Budapest

Edited by Budapest, 30 April 2011 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 30 April 2011 - 04:02 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#3 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 30 April 2011 - 05:18 PM

I tried downloading ComboFix and turned off my AV and firewall but when I clicked on the program, a green progress bar popped up, finished and went away and nothing else happened. Also, this thing in the lower right hand corner of my screen keeps popping up that says 1 program has been blocked, but it isn't combofix. Should I allow or block these programs it asks for and why is this coming up if my AV and firewall are disabled?

*Later on a text file called "catchme" appeared on my desktop

Edited by adamlikesguitar, 30 April 2011 - 05:50 PM.


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 30 April 2011 - 06:14 PM

Unfortunately without being able to see what you are seeing, there's not a lot I tell you. Skip Combofix for now and go with the following:

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 30 April 2011 - 08:41 PM

Ok, I downloaded TDSSKiller, extracted the files, and attempted to open the program numerous times. However, nothing ever happens. The only things that I have been able to download and actually use recently on my computer have been malwarebytes (off of a flash drive) and DDS a few hours ago.

Maybe my computer is beyond repair?

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 01 May 2011 - 01:36 PM

Good evening. :)

Maybe my computer is beyond repair?

Nah, not just yet.

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#7 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 01 May 2011 - 01:46 PM

Thanks for your patience. Here's what the log said:

aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 14:44:04
-----------------------------
14:44:04.890 OS Version: Windows 5.1.2600 Service Pack 3
14:44:04.890 Number of processors: 1 586 0x209
14:44:04.890 ComputerName: ROGER-HTVDPU1HI UserName:
14:44:12.906 Initialize success
14:44:37.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:44:37.062 Disk 0 Vendor: ST3160812A 3.ADH Size: 152587MB BusType: 3
14:44:39.093 Disk 0 MBR read successfully
14:44:39.093 Disk 0 MBR scan
14:44:39.093 Disk 0 Windows XP default MBR code
14:44:41.093 Disk 0 scanning sectors +312480315
14:44:41.109 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:55.625 Service scanning
14:44:57.781 Disk 0 trace - called modules:
14:44:57.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82f0c1ed]<<
14:44:57.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f49ab8]
14:44:57.796 3 CLASSPNP.SYS[f8656fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f77b00]
14:44:57.796 \Driver\atapi[0x82f4b308] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82f0c1ed
14:44:57.796 Scan finished successfully
14:45:25.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\MBR.dat"
14:45:25.968 The log file has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\aswMBR.txt"

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 01 May 2011 - 02:32 PM

Thanks for your patience.

Nowt on the TV any way!

OK, run aswMBR.exe again.

  • Click the Scan button as before.
  • Once the scan has completed, then Fix button should become active - click it.
  • Once complete, click Save log as before, save it to your desktop and post in your next reply.

So long, and thanks for all the fish.

 

 


#9 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 01 May 2011 - 02:35 PM

The FixMBR button becomes available, not the Fix button. Do i click FixMBR?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 01 May 2011 - 02:40 PM

If that's the only one that becomes active, then that's the one to click.

So long, and thanks for all the fish.

 

 


#11 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 01 May 2011 - 02:42 PM

Log:

aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 14:44:04
-----------------------------
14:44:04.890 OS Version: Windows 5.1.2600 Service Pack 3
14:44:04.890 Number of processors: 1 586 0x209
14:44:04.890 ComputerName: ROGER-HTVDPU1HI UserName:
14:44:12.906 Initialize success
14:44:37.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:44:37.062 Disk 0 Vendor: ST3160812A 3.ADH Size: 152587MB BusType: 3
14:44:39.093 Disk 0 MBR read successfully
14:44:39.093 Disk 0 MBR scan
14:44:39.093 Disk 0 Windows XP default MBR code
14:44:41.093 Disk 0 scanning sectors +312480315
14:44:41.109 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:55.625 Service scanning
14:44:57.781 Disk 0 trace - called modules:
14:44:57.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82f0c1ed]<<
14:44:57.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f49ab8]
14:44:57.796 3 CLASSPNP.SYS[f8656fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f77b00]
14:44:57.796 \Driver\atapi[0x82f4b308] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82f0c1ed
14:44:57.796 Scan finished successfully
14:45:25.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\MBR.dat"
14:45:25.968 The log file has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright© 2011 AVAST Software
Run date: 2011-05-01 15:33:36
-----------------------------
15:33:36.750 OS Version: Windows 5.1.2600 Service Pack 3
15:33:36.750 Number of processors: 1 586 0x209
15:33:36.750 ComputerName: ROGER-HTVDPU1HI UserName:
15:33:38.046 Initialize success
15:33:40.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:33:40.218 Disk 0 Vendor: ST3160812A 3.ADH Size: 152587MB BusType: 3
15:33:42.234 Disk 0 MBR read successfully
15:33:42.234 Disk 0 MBR scan
15:33:42.234 Disk 0 Windows XP default MBR code
15:33:44.234 Disk 0 scanning sectors +312480315
15:33:44.265 Disk 0 scanning C:\WINDOWS\system32\drivers
15:33:51.625 Service scanning
15:33:52.671 Disk 0 trace - called modules:
15:33:52.687 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82f0c1ed]<<
15:33:52.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f49ab8]
15:33:52.687 3 CLASSPNP.SYS[f8656fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f77b00]
15:33:52.687 \Driver\atapi[0x82f4b308] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x82f0c1ed
15:33:52.687 Scan finished successfully
15:41:28.812 Disk 0 Windows 501 MBR fixed successfully
15:41:55.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\MBR.dat"
15:41:55.140 The log file has been saved successfully to "C:\Documents and Settings\Roger Livingston\Desktop\aswMBR.txt"


*whoops, I think the first log got in there too.

Edited by adamlikesguitar, 01 May 2011 - 02:43 PM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 01 May 2011 - 03:02 PM

Reboot the PC and then take it for a spin and let me know how it's behaving.

So long, and thanks for all the fish.

 

 


#13 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 01 May 2011 - 04:09 PM

I left my computer alone for a while, and when I came back, there was a blue screen of death. And ads are still playing.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:37 PM

Posted 01 May 2011 - 04:12 PM

Did you reboot it before it crashed and is it now working OK, apart from the ads?
Also, do you have a flashdrive of at least 128 Mb that you can wipe clean as we are going to need to get a little dirty with this one I feel - in a nice and safe sort of way, so don't worry. :thumbup2:

So long, and thanks for all the fish.

 

 


#15 adamlikesguitar

adamlikesguitar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in the world
  • Local time:11:37 AM

Posted 01 May 2011 - 04:14 PM

No, I didn't reboot it at all. It just crashed. And yes, I have a flash drive. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users