Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Are these virus?


  • Please log in to reply
21 replies to this topic

#1 bivels

bivels

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 December 2011 - 04:05 AM

Hello I think I have a virus in my PC
I ran RKILL and here is the log of what it stopped are these a worry or not?
Thank you in advance

Rkill was run on 22.12.2011 at 9:54:39.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Programme\Brownie\BrstsWnd.exe
C:\Programme\Brownie\brpjp04a.exe


Rkill completed on 22.12.2011 at 9:54:46.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 23 December 2011 - 12:26 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 23 December 2011 - 06:25 AM

Hi Broni

Thanks for all that will try it between christmas & news year and get back to you

regards bivels

Merry Xmas

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 23 December 2011 - 12:18 PM

OK.......

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 03 January 2012 - 06:23 AM

Will try your fixes right now and get back to you, thanks.

#6 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 03 January 2012 - 06:59 AM

checkup.txt:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Avira Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Thunderbird (3.1.11) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

MiniToolBox

MiniToolBox by Farbar
Ran by Botel (administrator) on 03-01-2012 at 12:29:18
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

RT2500 USB Wireless LAN Card = Drahtlose Netzwerkverbindung (Disconnected)
Realtek RTL8139/810x Family Fast Ethernet NIC = LAN-Verbindung (Connected)
1394-Netzwerkadapter = 1394-Verbindung (Connected)


# ----------------------------------
# Schnittstellen-IP-Konfiguration
# ----------------------------------
pushd interface ip


# Schnittstellen-IP-Konfiguration für ""LAN-Verbindung""

set address name="LAN-Verbindung" source=dhcp
set dns name="LAN-Verbindung" source=dhcp register=PRIMARY
set wins name="LAN-Verbindung" source=dhcp


popd
# Ende der Schnittstellen-IP-Konfiguration




Windows-IP-Konfiguration



Hostname. . . . . . . . . . . . . : medion

Primäres DNS-Suffix . . . . . . . :

Knotentyp . . . . . . . . . . . . : Unbekannt

IP-Routing aktiviert. . . . . . . : Nein

WINS-Proxy aktiviert. . . . . . . : Nein

DNS-Suffixsuchliste . . . . . . . : Belkin



Ethernetadapter LAN-Verbindung:



Verbindungsspezifisches DNS-Suffix: Belkin

Beschreibung. . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physikalische Adresse . . . . . . : 00-16-17-25-1C-8C

DHCP aktiviert. . . . . . . . . . : Ja

Autokonfiguration aktiviert . . . : Ja

IP-Adresse. . . . . . . . . . . . : 192.168.2.3

Subnetzmaske. . . . . . . . . . . : 255.255.255.0

Standardgateway . . . . . . . . . : 192.168.2.1

DHCP-Server . . . . . . . . . . . : 192.168.2.1

DNS-Server. . . . . . . . . . . . : 192.168.2.1

Lease erhalten. . . . . . . . . . : Dienstag, 3. Januar 2012 11:55:05

Lease läuft ab. . . . . . . . . . : Dienstag, 19. Januar 2038 04:14:07

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 173.194.34.19, 173.194.34.20, 173.194.34.16, 173.194.34.17
173.194.34.18



Ping google.com [173.194.34.18] mit 32 Bytes Daten:



Antwort von 173.194.34.18: Bytes=32 Zeit=20ms TTL=51

Antwort von 173.194.34.18: Bytes=32 Zeit=27ms TTL=51



Ping-Statistik fr 173.194.34.18:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 20ms, Maximum = 27ms, Mittelwert = 23ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Ping yahoo.com [72.30.2.43] mit 32 Bytes Daten:



Antwort von 72.30.2.43: Bytes=32 Zeit=199ms TTL=53

Antwort von 72.30.2.43: Bytes=32 Zeit=201ms TTL=53



Ping-Statistik fr 72.30.2.43:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 199ms, Maximum = 201ms, Mittelwert = 200ms

Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Ping bleepingcomputer.com [208.43.87.2] mit 32 Bytes Daten:



Zeitberschreitung der Anforderung.

Zeitberschreitung der Anforderung.



Ping-Statistik fr 208.43.87.2:

Pakete: Gesendet = 2, Empfangen = 0, Verloren = 2 (100% Verlust),



Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:



Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128



Ping-Statistik fr 127.0.0.1:

Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust),

Ca. Zeitangaben in Millisek.:

Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms

===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 17 25 1c 8c ...... Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Anzahl
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 20
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 20
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Standardgateway: 192.168.2.1
===========================================================================
St„ndige Routen:
Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/03/2012 11:46:32 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Das medienspezifische Ereignis für [pev.exe!ws!] wird verarbeitet.

Error: (01/03/2012 11:46:18 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Das medienspezifische Ereignis für [pev.exe!ws!] wird verarbeitet.

Error: (01/03/2012 11:45:35 AM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes Modul iexplore.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (01/03/2012 11:39:15 AM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6562.5003, stamp 4e2f99fb, faulting module urlmon.dll, version 8.0.6001.19165, stamp 4eb43960, debug? 0, fault address 0x0000591c.

Error: (12/31/2011 00:17:23 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung AcroRd32.exe, Version 10.1.1.33, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (12/31/2011 00:17:10 PM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung AcroRd32.exe, Version 10.1.1.33, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error: (12/31/2011 00:13:44 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x04932060.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (12/31/2011 00:13:04 PM) (Source: Application Error) (User: )
Description: Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x05072060.
Das medienspezifische Ereignis für [iexplore.exe!ws!] wird verarbeitet.

Error: (12/28/2011 11:20:43 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext: Anwendung, SystemIndex Katalog

Error: (12/28/2011 11:20:42 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.


System errors:
=============
Error: (01/03/2012 11:58:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet.

Error: (01/03/2012 11:55:29 AM) (Source: Print) (User: SYSTEM)
Description: Der Drucker Virtual PDF Printer konnte nicht initialisiert werden, da der Treiber Virtual PDF Printer nicht gefunden wurde.

Error: (01/02/2012 06:18:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet.

Error: (01/02/2012 06:16:07 PM) (Source: Print) (User: SYSTEM)
Description: Der Drucker Virtual PDF Printer konnte nicht initialisiert werden, da der Treiber Virtual PDF Printer nicht gefunden wurde.

Error: (01/02/2012 05:47:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
USBSTOR

Error: (01/02/2012 05:47:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet.

Error: (01/02/2012 05:45:20 PM) (Source: Print) (User: SYSTEM)
Description: Der Drucker Virtual PDF Printer konnte nicht initialisiert werden, da der Treiber Virtual PDF Printer nicht gefunden wurde.

Error: (01/02/2012 10:19:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet.

Error: (01/02/2012 10:17:07 AM) (Source: Print) (User: SYSTEM)
Description: Der Drucker Virtual PDF Printer konnte nicht initialisiert werden, da der Treiber Virtual PDF Printer nicht gefunden wurde.

Error: (01/02/2012 09:22:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß gestartet.


Microsoft Office Sessions:
=========================
Error: (01/03/2012 11:39:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62365 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (12/14/2011 03:49:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 16369 seconds with 3840 seconds of active time. This session ended with a crash.

Error: (11/27/2011 01:04:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1784 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (11/27/2011 00:34:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2682217 seconds with 31260 seconds of active time. This session ended with a crash.

Error: (09/24/2011 05:17:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 804581 seconds with 34920 seconds of active time. This session ended with a crash.

Error: (09/03/2011 01:15:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 330188 seconds with 9900 seconds of active time. This session ended with a crash.

Error: (07/20/2011 03:22:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 80963 seconds with 5580 seconds of active time. This session ended with a crash.

Error: (06/08/2011 05:31:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10435 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (05/13/2011 09:22:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 84793 seconds with 5880 seconds of active time. This session ended with a crash.

Error: (04/22/2011 02:09:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 194209 seconds with 15060 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.1)
Acrobat.com (Version: 1.6.65)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.1.116)
Auslogics Disk Defrag (Version: version 3.1)
Avira Free Antivirus (Version: 12.0.0.190)
Becker Content Manager (Version: 1.5.1807.0)
Brother HL-3040CN (Version: 1.00)
BufferChm (Version: 100.0.170.000)
C-Media USB2.0 Card Reader
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
Choice Guard (Version: 1.2.87.0)
Cordless DUALphone Suite
Creatix V.92 Data Fax Modem
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 10.0.0.0)
Download Center (Version: 2, 0, 0, 450)
Download Updater (AOL LLC)
eSupportQFolder (Version: 1.00.0000)
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
FreePDF XP (Remove only)
Gmail Backup
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
GPBaseService (Version: 100.0.187.000)
HMS TRADER 2 (Version: 2.17.8.0)
Hotfix für Windows XP (KB2633952) (Version: 1)
hppCLJCM1312 (Version: 001.000.00106)
hppFaxDrvCM1312 (Version: 001.000.00106)
hppFaxUtilityCM1312 (Version: 001.000.00105)
hppFonts (Version: 001.001.00056)
hppManualsCM1312 (Version: 001.000.00106)
hppPQVideoCM1312 (Version: 001.000.00106)
hppQFolderCM1312 (Version: 1.00.0000)
HPProductAssistant (Version: 100.0.170.000)
hppscanCM1312 (Version: 001.000.00112)
hppScanToCM1312 (Version: 001.000.00105)
hppSendFaxCM1312 (Version: 001.000.00107)
hppTLBXFXCM1312 (Version: 001.015.00047)
hppusgCM1312 (Version: 000.001.00001)
HPSSupply (Version: 100.0.170.000)
hpzTLBXFX (Version: 004.015.00152)
ImgBurn (Version: 2.5.6.0)
Installation Windows Live (Version: 14.0.8050.1202)
IrfanView (remove only)
iTunes (Version: 10.1.0.56)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 26 (Version: 6.0.260)
LightScribe 1.6.43.1 (Version: 1.6.43.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Manual CanoScan LiDE 25
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft IntelliType Pro 7.0 (Version: 7.0.260.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Outlook-Sicherung für Persönliche Ordner (Version: 1.10.0.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.4.0)
Mozilla Firefox (3.6.10) (Version: 3.6.10 (de))
Mozilla Thunderbird (3.1.11) (Version: 3.1.11 (en-US))
MSVCMergeModules (Version: 1.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.8506)
neroxml (Version: 1.0.0)
NVIDIA Drivers (Version: 1.3)
OmniPage SE 2.0 (Version: 2.00.0004)
Outil de téléchargement Windows Live (Version: 14.0.8014.1029)
overland (Version: 2.1.5)
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
PS7600 (Version: 1.01.0000)
PSShortcutsP (Version: 1.01.0000)
PSUsage (Version: 1.30.0000)
QuickTime (Version: 7.68.75.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5845)
RealUpgrade 1.1 (Version: 1.1.0)
RedMon - Redirection Port Monitor
RT2500 USB Wireless LAN Card (Version: 1.00.00.05)
Scan (Version: 10.1.0.0)
Segoe UI (Version: 14.0.4327.805)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2) (Version: 2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1)
Sicherheitsupdate für Windows XP (KB2393802) (Version: 1)
Sicherheitsupdate für Windows XP (KB2412687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2419632) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476490) (Version: 1)
Sicherheitsupdate für Windows XP (KB2476687) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478960) (Version: 1)
Sicherheitsupdate für Windows XP (KB2478971) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479628) (Version: 1)
Sicherheitsupdate für Windows XP (KB2479943) (Version: 1)
Sicherheitsupdate für Windows XP (KB2481109) (Version: 1)
Sicherheitsupdate für Windows XP (KB2483185) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485376) (Version: 1)
Sicherheitsupdate für Windows XP (KB2485663) (Version: 1)
Sicherheitsupdate für Windows XP (KB2503665) (Version: 1)
Sicherheitsupdate für Windows XP (KB2506212) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507618) (Version: 1)
Sicherheitsupdate für Windows XP (KB2507938) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508272) (Version: 1)
Sicherheitsupdate für Windows XP (KB2508429) (Version: 1)
Sicherheitsupdate für Windows XP (KB2509553) (Version: 1)
Sicherheitsupdate für Windows XP (KB2524375) (Version: 1)
Sicherheitsupdate für Windows XP (KB2535512) (Version: 1)
Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2)
Sicherheitsupdate für Windows XP (KB2544893) (Version: 1)
Sicherheitsupdate für Windows XP (KB2562937) (Version: 1)
Sicherheitsupdate für Windows XP (KB2566454) (Version: 1)
Sicherheitsupdate für Windows XP (KB2567680) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570222) (Version: 1)
Sicherheitsupdate für Windows XP (KB2570947) (Version: 1)
Sicherheitsupdate für Windows XP (KB2592799) (Version: 1)
Sicherheitsupdate für Windows XP (KB2618451) (Version: 1)
Sicherheitsupdate für Windows XP (KB2619339) (Version: 1)
Sicherheitsupdate für Windows XP (KB2620712) (Version: 1)
Sicherheitsupdate für Windows XP (KB2624667) (Version: 1)
Sicherheitsupdate für Windows XP (KB2633171) (Version: 1)
Sicherheitsupdate für Windows XP (KB2639417) (Version: 1)
Sicherheitsupdate für Windows XP (KB923789)
Simple Adblock (Version: 1.0.3)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
TrayApp (Version: 100.0.170.000)
Uninstall 1.0.0.1
Universal Document Converter (Version: 4.2)
Update für Windows Internet Explorer 8 (KB975364) (Version: 1)
Update für Windows Internet Explorer 8 (KB976662) (Version: 1)
Update für Windows Internet Explorer 8 (KB976749) (Version: 1)
Update für Windows XP (KB2541763) (Version: 1)
Update für Windows XP (KB2641690) (Version: 1)
Update für Windows XP (KB971029) (Version: 1)
USB Wireless Keyboard Driver
VideoMate T , M , P Series Driver (Version: 1.37.800)
VirtualCloneDrive
VLC media player 1.1.4 (Version: 1.1.4)
Vuze (Version: 4.6)
Vuze Remote Toolbar (Version: 6.3.3.3)
Vuze Toolbar (Version: 4.1.0.5)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Anmelde-Assistent (Version: 5.000.818.6)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031514)
WinZip 14.0 (Version: 14.0.8688)
X10 Hardware™
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3070.42 MB
Available physical RAM: 1876.92 MB
Total Pagefile: 4956.25 MB
Available Pagefile: 3720.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.39 MB

========================= Partitions: =====================================

1 Drive c: (Boot_neu) (Fixed) (Total:97.66 GB) (Free:58.65 GB) NTFS
2 Drive d: (Backup_neu) (Fixed) (Total:97.66 GB) (Free:30.69 GB) NTFS
3 Drive e: (RECOVER) (Fixed) (Total:9.76 GB) (Free:3.85 GB) FAT32
5 Drive g: (Azureus Downloads) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF
6 Drive h: () (Fixed) (Total:260.68 GB) (Free:247.11 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\MEDION

Administrator ASPNET Botel
Gast Hilfeassistent SUPPORT_388945a0
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****



MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Botel :: MEDION [administrator]

03.01.2012 12:35:17
mbam-log-2012-01-03 (12-35-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 179299
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Dokumente und Einstellungen\Botel\Eigene Dateien\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Restarting computer now.

#7 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 03 January 2012 - 06:37 PM

Hi Broni,

The GMer scan took a long time - only ran with devices unclicked. Here's the log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 00:30:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 SAMSUNG_HD502IJ rev.1AA01113
Running: 5suz31l6.exe; Driver: C:\DOKUME~1\Botel\LOKALE~1\Temp\ugldypog.sys


---- System - GMER 1.0.15 ----

SSDT B871AA64 ZwClose
SSDT B871AA1E ZwCreateKey
SSDT B871AA6E ZwCreateSection
SSDT B871AA14 ZwCreateThread
SSDT B871AA23 ZwDeleteKey
SSDT B871AA2D ZwDeleteValueKey
SSDT B871AA5F ZwDuplicateObject
SSDT B871AA32 ZwLoadKey
SSDT B871AA00 ZwOpenProcess
SSDT B871AA05 ZwOpenThread
SSDT B871AA87 ZwQueryValueKey
SSDT B871AA3C ZwReplaceKey
SSDT B871AA78 ZwRequestWaitReplyPort
SSDT B871AA37 ZwRestoreKey
SSDT B871AA73 ZwSetContextThread
SSDT B871AA7D ZwSetSecurityObject
SSDT B871AA28 ZwSetValueKey
SSDT B871AA82 ZwSystemDebugControl
SSDT B871AA0F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? almx.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB75F8360, 0x3CEED5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[632] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\SearchIndexer.exe[2292] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

Really hope you can help me, thanks!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 03 January 2012 - 07:11 PM

All looks clean.
Both files you mentioned at the beginning belong to Brother printer if you have/had one.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 04 January 2012 - 03:16 AM

Thank you, Broni, done. However, my computer is still extremely slow and on start up I have a black screen until the Welcome screen appears, hence I cannot get into Safe Mode.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 04 January 2012 - 11:16 AM

What exactly is slow?

As for safe mode....

Download SafeBootKeyRepair by sUBs and save it to your desktop.
Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear then post the log it produces.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 04 January 2012 - 02:09 PM

Thanks, Broni. Here's the log:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys


Everything is slow on this machine, i.e. internet, opening files, writing text, etc. That's why I thought the computer is still infested after I had removed 47 viruses with Dr. Web and Malwarebytes. Please find below the MWB log (can't find the D. Web log).

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122308

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.12.2011 18:01:22
mbam-log-2011-12-23 (18-01-22).txt

Scan type: Quick scan
Objects scanned: 183132
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programme\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\programme\hpbcfgre.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122308

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.12.2011 18:46:55
mbam-log-2011-12-23 (18-46-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|M:\|)
Objects scanned: 339797
Time elapsed: 32 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programme\Software.com\download center\installmanager.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{e1859c7d-c110-42ec-8f55-47656192a30c}\RP938\A0170258.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

After this my machine was actually a lot faster for a couple of days, then it became slower and slower again.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 04 January 2012 - 03:46 PM

Your MBAM version is outdated.
Update it, run another scan and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 January 2012 - 06:39 AM

Hi Broni,

The logs I sent you were just to show you that the machine was infected before (23rd December). Here is the new log with the updated version.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Botel :: MEDION [administrator]

05.01.2012 14:07:58
mbam-log-2012-01-05 (14-07-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329548
Time elapsed: 4 hour(s), 18 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Have you found a solution for the black screen on startup?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 06 January 2012 - 11:15 AM

Have you found a solution for the black screen on startup?

You didn't mention this before.
What happens?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 bivels

bivels
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 06 January 2012 - 12:00 PM

Hi Broni You must have overlooked it with all these log logs posted

Here is what I posted Thank you

, Broni, done. However, my computer is still extremely slow and on start up I have a black screen until the Welcome screen appears, hence I cannot get into Safe Mode.

Report
Back to top MultiQuote
Quote
--------------------------------------------------------------------------------
#10 Broni

The Coolest BC Computer

Group:
BC Advisor Posts:
18,746 Joined:
01-February 08 Gender:Male Location:Daly City, CA Posted 04 January 2012 - 05:16 PM

What exactly is slow?

As for safe mode....

Download SafeBootKeyRepair by sUBs and save it to your desktop.
Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear then post the log it produces

regards bivels




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users