Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can anyone help me with this issue?


  • Please log in to reply
36 replies to this topic

#1 The Bird

The Bird

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 05:28 PM

First of all... I am not computer savy at all! So pardon any ignorance on my part. I am soo frustrated...

1. My computer sounds like its "screaming/hissing" all the time. Like the hard drive barely ever stops spinning.

2. My CPU usage is at 100% more often then not.

3. I have ran every virus tool i have and MBR Checker. Virus scans come in clean (however I had the Aleuron Virus and they all missed it and I had to use the Microsoft Live One Care scanner (no longer available) and TDDS Killer after a friend of mine manually removed the virus.

I seem to be getting infected every couple of months, right now looks good except for the CPU usage and the freezing. The main thing is my internet freezes and doesnt respond and goes into a DUMP file in my task manager and i have to end the process to fix it. I bough RegClean Pro and that didnt help either. The below is what MBR states but I again I don't know what this means.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B12000 \WINDOWS\system32\KDCOM.DLL
0xF7A22000 \WINDOWS\system32\BOOTVID.dll
0xF7612000 bcdr.sys
0xF74E3000 ACPI.sys
0xF7B14000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D2000 pci.sys
0xF7622000 isapnp.sys
0xF7BDA000 pciide.sys
0xF7892000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7632000 MountMgr.sys
0xF74B3000 ftdisk.sys
0xF7B18000 dmload.sys
0xF748D000 dmio.sys
0xF789A000 PartMgr.sys
0xF7642000 VolSnap.sys
0xF7475000 atapi.sys
0xF7652000 disk.sys
0xF7662000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7455000 fltMgr.sys
0xF7443000 sr.sys
0xF742E000 drvmcdb.sys
0xF78A2000 PxHelp20.sys
0xF7417000 KSecDD.sys
0xF7404000 WudfPf.sys
0xF7377000 Ntfs.sys
0xF734A000 NDIS.sys
0xF7330000 Mup.sys
0xF7762000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF715A000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF7146000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7128000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF794A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7104000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7952000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF70C4000 \SystemRoot\system32\drivers\smwdm.sys
0xF70A0000 \SystemRoot\system32\drivers\portcls.sys
0xF7782000 \SystemRoot\system32\drivers\drmk.sys
0xF707D000 \SystemRoot\system32\drivers\ks.sys
0xF6FCA000 \SystemRoot\system32\drivers\senfilt.sys
0xF7792000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7972000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6FB6000 \SystemRoot\system32\DRIVERS\parport.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7AF2000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7B36000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF798A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7CF4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7832000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AFE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7842000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7852000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F8E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7862000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79BA000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79CA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6F5E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7872000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79DA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6F14000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF7B50000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EB6000 \SystemRoot\system32\DRIVERS\update.sys
0xF72E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6E79000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0xF76A2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76E2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xEED6A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xEED1F000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF7AF6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7742000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF78D2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEEB9F000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110816.002\NAVEX15.SYS
0xEEB7A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEEB66000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110816.002\NAVENG.SYS
0xF78F2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6F5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF77E2000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0xF6F52000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF7902000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7912000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7802000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF6F4E000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF6E49000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF7B74000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C68000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B78000 \SystemRoot\System32\Drivers\Beep.SYS
0xF795A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7962000 \SystemRoot\System32\drivers\vga.sys
0xF7B7C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF797A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7992000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6F3A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEEB0B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEEAB2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEEA85000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF7882000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7702000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xEEA5D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE93C000 \SystemRoot\System32\vsdatant.sys
0xEE91A000 \SystemRoot\System32\drivers\afd.sys
0xF7752000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE8B0000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xEE885000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE815000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7812000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE7B7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEE799000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEE760000 \SystemRoot\System32\Drivers\Udfs.SYS
0xEE748000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B46000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEB5E000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79FA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D46000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF093000 \SystemRoot\System32\atikvmag.dll
0xBF0C9000 \SystemRoot\System32\ati3duag.dll
0xBF34D000 \SystemRoot\System32\ativvaxx.dll
0xF7722000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7C60000 \SystemRoot\system32\dla\tfsndres.sys
0xEC5F2000 \SystemRoot\system32\dla\tfsnifs.sys
0xEC678000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B92000 \SystemRoot\system32\dla\tfsnpool.sys
0xF796A000 \SystemRoot\system32\dla\tfsnboio.sys
0xF77F2000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7D10000 \SystemRoot\system32\dla\tfsndrct.sys
0xEC5B1000 \SystemRoot\system32\dla\tfsnudf.sys
0xEC598000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEC558000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBF420000 \SystemRoot\System32\ATMFD.DLL
0xEC478000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBF49000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xEBE59000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBCDC000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBE39000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B66000 \SystemRoot\system32\drivers\splitter.sys
0xEBCB9000 \SystemRoot\system32\drivers\aec.sys
0xEBE19000 \SystemRoot\system32\drivers\swmidi.sys
0xEBE09000 \SystemRoot\system32\drivers\DMusic.sys
0xEBC8E000 \SystemRoot\system32\drivers\kmixer.sys
0xF7BDB000 \SystemRoot\system32\drivers\drmkaud.sys
0xEBB69000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B6A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEBB00000 \SystemRoot\System32\Drivers\HTTP.sys
0xEB9B8000 \SystemRoot\system32\DRIVERS\srv.sys
0xF791A000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xF7932000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05F56404-45FA-4799-B439-867251D6E1E8}\MpKsl95c0093d.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
928 csrss.exe
956 C:\WINDOWS\system32\winlogon.exe
1000 C:\WINDOWS\system32\services.exe
1012 C:\WINDOWS\system32\lsass.exe
1216 C:\WINDOWS\system32\ati2evxx.exe
1236 C:\WINDOWS\system32\svchost.exe
1352 svchost.exe
1492 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1528 C:\WINDOWS\system32\svchost.exe
1572 C:\WINDOWS\system32\svchost.exe
1716 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1856 svchost.exe
1948 svchost.exe
576 C:\WINDOWS\explorer.exe
784 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
760 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2060 C:\WINDOWS\system32\spoolsv.exe
2300 svchost.exe
2332 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2464 C:\Program Files\Bonjour\mDNSResponder.exe
2776 C:\Program Files\Disk Speedup\DSUDefragSrv.exe
2896 C:\WINDOWS\system32\svchost.exe
2912 C:\Program Files\Java\jre6\bin\jqs.exe
3000 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
3024 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
3040 C:\WINDOWS\system32\HPZipm12.exe
3084 C:\WINDOWS\system32\svchost.exe
3184 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
3372 wmpnetwk.exe
3864 C:\WINDOWS\system32\wuauclt.exe
2160 wmiprvse.exe
2392 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
3144 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
3440 C:\WINDOWS\system32\ctfmon.exe
3516 C:\Documents and Settings\Robin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


Additionally, when I run RKill, it will give me a file it shuts down of
C:\
WINDOWS\system32\grpconv.exe ... ANY SUGGESTIONS PLEASE?!?!?!?!?

Edited by Budapest, 17 August 2011 - 05:40 PM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 05:40 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 05:46 PM

That is the Scan I have loaded and used. :( I also did one with Symantec as well. Isn't picking anything up.

When I had that Aleuron H virus, they both missed those as well. Should I unistall and reinstall the program do you think?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 05:48 PM

Did you try the TDSSKiller?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 05:51 PM

Yes... that too... updated all of them prior to use to. And the program thats doing it looks to be iexplore.exe

#6 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 05:53 PM

From what you are looking at in my first post, does it appear to look like an infection of some sort.

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 05:53 PM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 06:03 PM

MiniToolBox by Farbar
Ran by Robin (administrator) on 17-08-2011 at 19:02:39
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-CD-49-9C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Wednesday, August 17, 2011 5:53:31 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.113.105, 74.125.113.99, 74.125.113.106, 74.125.113.103
74.125.113.104, 74.125.113.147



Pinging google.com [74.125.93.105] with 32 bytes of data:



Reply from 74.125.93.105: bytes=32 time=92ms TTL=49

Reply from 74.125.93.105: bytes=32 time=29ms TTL=49



Ping statistics for 74.125.93.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 92ms, Average = 60ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=58ms TTL=50

Reply from 209.191.122.70: bytes=32 time=50ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 58ms, Average = 54ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 cd 49 9c ...... Broadcom NetXtreme 57xx Gigabit Controller - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.3 192.168.2.3 20
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/17/2011 04:12:48 AM) (Source: Application Hang) (User: )
Description: Hanging application RegCleanPro.exe, version 6.21.65.1715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/17/2011 04:12:01 AM) (Source: Application Error) (User: )
Description: Fault bucket 223121472.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/17/2011 04:11:40 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/17/2011 04:10:34 AM) (Source: Application Error) (User: )
Description: Faulting application regcleanpro.exe, version 6.21.65.1715, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [regcleanpro.exe!ws!]

Error: (08/16/2011 06:19:07 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.17099, faulting module jvm.dll, version 16.0.0.13, fault address 0x000c7cf2.
Processing media-specific event for [iexplore.exe!ws!]

Error: (08/16/2011 05:47:14 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/16/2011 05:43:04 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/16/2011 05:36:58 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.7104.0, P5 fixed, P6 2 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/16/2011 05:19:52 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 9.4.5.236, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/15/2011 02:33:39 AM) (Source: Application Hang) (User: )
Description: Fault bucket -1739320580.


System errors:
=============
Error: (08/17/2011 05:54:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde
Lbd

Error: (08/17/2011 05:53:08 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80070005.

Error: (08/17/2011 05:13:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (08/17/2011 05:11:24 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80070005.

Error: (08/17/2011 04:38:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (08/17/2011 04:36:06 AM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80070005.

Error: (08/17/2011 04:28:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (08/17/2011 04:26:04 AM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80070005.

Error: (08/17/2011 03:01:27 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (08/17/2011 02:59:30 AM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80070005.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

6200 (Version: 47.0.1.000)
6200_Help (Version: 47.0.1.000)
6200Trb (Version: 47.0.1.000)
Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 1.5.1.8210)
Adobe Download Manager (Version: 1.6.2.97)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Reader 9.4.5 (Version: 9.4.5)
AIM 7
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 2.0.4.0)
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
BufferChm (Version: 45.4.157.000)
CCleaner (Version: 2.29)
Choice Guard (Version: 1.2.87.0)
Comcast High-Speed Internet Install Wizard
Copy (Version: 45.4.157.000)
Core FTP LE 2.1
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
Disk Speedup
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Download Updater (AOL LLC)
Fax (Version: 47.0.1.000)
FinePrint
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.35.324
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Print Diagnostic Utility (Version: 1.11.0004)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
iCarly - iDream in Toons
InstantShare (Version: 45.4.157.000)
Internet Explorer (Enable DEP)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.1.2)
Java™ 6 Update 18 (Version: 6.0.180)
Junk Mail filter update (Version: 14.0.8064.206)
jZip
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.99)
Logitech QuickCam (Version: 11.90.1263)
Logitech QuickCam Driver Package
Logitech Updater (Version: 1.70)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 12.0.6414.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PanoStandAlone (Version: 45.4.157.000)
PersonalWebKit
phantomlinkcloaker
phantomproject
PhotoGallery (Version: 45.4.157.000)
PowerDVD 5.3
ProductContext (Version: 47.0.1.000)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
Readme (Version: 47.0.1.000)
RegClean Pro (Version: 6.21)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Segoe UI (Version: 14.0.4327.805)
SkinsHP1 (Version: 45.4.157.000)
Sonic DLA (Version: 4.95)
Sonic RecordNow! (Version: 7.3)
Sonic Update Manager (Version: 2.9)
SoundMAX (Version: 5.12.01.5246)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Symantec Endpoint Protection (Version: 11.0.6200.754)
TrayApp (Version: 45.4.157.000)
TrueForms Online
TrueForms Online (Version: 4.5)
Uninstall 1.0.0.1
Unload (Version: 4.5.0)
VC 9.0 Runtime (Version: 1.0.0)
Verizon Mobile Broadband Drivers (Version: 3.10.005.002.09)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Family Safety (Version: 14.0.8064.206)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live OneCare safety scanner
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Yahoo! Messenger
Yontoo Layers 1.10.01 (Version: 1.10.01)
ZoneAlarm (Version: 9.2.057.000)

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 1022.09 MB
Available physical RAM: 316.06 MB
Total Pagefile: 2971.14 MB
Available Pagefile: 2311.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149 GB) (Free:93.64 GB) NTFS
2 Drive d: (RIO) (CDROM) (Total:7.7 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\HOME

admin Administrator ASPNET
Guest HelpAssistant Robin
SUPPORT_388945a0


**** End of log ****

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 06:09 PM

What antivirus software do you currently have installed on your machine?

I see some Symantec, Microsoft and Zone Alarm stuff in your logs.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 06:11 PM

Symatec is running in my task and Malware is on my desktop. I use both. And I know this is going to soung CRAZY, but there is this noise coming from my speakers??????

#11 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 06:13 PM

What are all the errors?

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 06:14 PM

Do you have Microsoft Security Essentials and/or Zone Alarm installed?

And when you say "Malware" do you mean Malwarebytes Anti-Malware?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 06:17 PM

yes, but MSE is not active ( I don't think ) and yes again Malwarebytes Anti-Malware

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 17 August 2011 - 06:21 PM

Malwarebytes can stay but you should uninstall MSE as it can conflict with Symatec.

Also, if you have Zone Alarm antivirus installed you need to get rid of it as well.

You should only have one antivirus installed at any one time.

Also, you should update to the latest version of Java here: http://java.com/en/download/index.jsp
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 The Bird

The Bird
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 17 August 2011 - 06:23 PM

I don't use Zone Alarm Virus, I just use the firewall. I am uninstalling MSE now and updating Java. Give me a min to report back.. should I restart when I am done???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users