Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Win32 pup-gen what to do


  • Please log in to reply
52 replies to this topic

#1 want2know2

want2know2

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 04:00 AM

Hi all I got a Dell inspiron 17" vista sp1 yesterday it got really very slow with typing on-line in Mozilla. Scanned it with all the works: spybot , Mbam, Superantispyware, bootspeed from Auslogics and that's wherei was told i have something that makes my computer browsing very slow. Avast asked to do a scan when I start up and it concluded that win 32 pup gen is on my system, it says C:\windows\AutoKMS.exe and C:\windows|KMSEmulator.exe is infected. Now it asks what to do i choose delete all, but it says it's in window file am I sure so now I turn to you guys cause you'll know what I need to do!
Can someone help me?
Thanks
J

Edited by want2know2, 26 January 2012 - 05:00 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:50 PM

Posted 26 January 2012 - 12:20 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 12:29 PM

Thank you for your reply Broni, I'll get to it straight away and post all i need to post to get this sorted...
thanx again
J

Edited by want2know2, 26 January 2012 - 12:29 PM.


#4 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 01:18 PM

this is what came out of the first thing:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java™ 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
``````````End of Log````````````

Next to farber SS...yes?

Edited by want2know2, 26 January 2012 - 01:19 PM.


#5 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 01:27 PM

This is the second log:

Farbar Service Scanner Version: 18-01-2012 01
Ran by User (administrator) on 26-01-2012 at 18:23:13
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-08-29 08:56] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-16 16:47] - [2010-06-16 15:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-08-29 08:56] - [2011-03-02 14:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 02:33] - [2008-01-21 02:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 02:33] - [2008-01-21 02:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-04-11 19:14] - [2009-04-11 19:14] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 02:34] - [2008-01-21 02:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-09-06 11:40] - [2009-09-06 11:40] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

next mini TB

#6 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 01:32 PM

hmmm....
shall i still go for it?? you say tick List event 10 event viewer log but they say viewer error.. it's most likely the same thing yeah...

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:50 PM

Posted 26 January 2012 - 01:39 PM

Yes go for it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 01:43 PM

This is step 3:

MiniToolBox by Farbar Version: 18-01-2012
Ran by User (administrator) on 26-01-2012 at 18:32:57
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : User-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-5F-F5-D7-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c9fd:377a:ee22:4a62%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 26 January 2012 17:06:31
Lease Expires . . . . . . . . . . : 26 January 2012 19:06:33
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-25-64-56-CC-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{CF5F4935-F0FE-4200-A3B1-46116FE5BC43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2F70CA0D-0C48-4BE7-9086-F705359A1EC4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 209.85.229.105
209.85.229.104
209.85.229.103
209.85.229.99
209.85.229.147



Pinging google.com [173.194.67.106] with 32 bytes of data:

Reply from 173.194.67.106: bytes=32 time=44ms TTL=45

Reply from 173.194.67.106: bytes=32 time=35ms TTL=45



Ping statistics for 173.194.67.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 44ms, Average = 39ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=167ms TTL=51

Reply from 72.30.2.43: bytes=32 time=200ms TTL=51



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 167ms, Maximum = 200ms, Average = 183ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 2ms, Average = 2ms

===========================================================================
Interface List
12 ...00 22 5f f5 d7 ff ...... Dell Wireless 1397 WLAN Mini-Card
11 ...00 25 64 56 cc 18 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{CF5F4935-F0FE-4200-A3B1-46116FE5BC43}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{2F70CA0D-0C48-4BE7-9086-F705359A1EC4}
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 281
192.168.0.6 255.255.255.255 On-link 192.168.0.6 281
192.168.0.255 255.255.255.255 On-link 192.168.0.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::c9fd:377a:ee22:4a62/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/26/2012 05:07:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2012 00:00:12 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/26/2012 00:00:11 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/26/2012 10:26:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2012 10:25:47 AM) (Source: Winlogon) (User: )
Description: Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

Error: (01/25/2012 09:09:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2012 04:37:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2012 10:50:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2012 11:15:15 PM) (Source: IMFservice) (User: )
Description: The interface is unknown

Error: (01/24/2012 11:15:15 PM) (Source: IMFservice) (User: )
Description: The handle is invalid


System errors:
=============
Error: (01/26/2012 05:07:05 PM) (Source: Service Control Manager) (User: )
Description: lxeaCATSCustConnectService%%1053

Error: (01/26/2012 05:07:05 PM) (Source: Service Control Manager) (User: )
Description: 30000lxeaCATSCustConnectService

Error: (01/26/2012 05:07:05 PM) (Source: Service Control Manager) (User: )
Description: avast! iAVS4 Control Service%%3

Error: (01/26/2012 05:06:32 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/26/2012 10:26:11 AM) (Source: Service Control Manager) (User: )
Description: lxeaCATSCustConnectService%%1053

Error: (01/26/2012 10:26:11 AM) (Source: Service Control Manager) (User: )
Description: 30000lxeaCATSCustConnectService

Error: (01/26/2012 10:26:11 AM) (Source: Service Control Manager) (User: )
Description: avast! iAVS4 Control Service%%3

Error: (01/26/2012 10:25:47 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/25/2012 09:14:31 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (01/25/2012 09:09:16 PM) (Source: Service Control Manager) (User: )
Description: lxeaCATSCustConnectService%%1053


Microsoft Office Sessions:
=========================
Error: (01/26/2012 05:07:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2012 00:00:12 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/26/2012 00:00:11 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/26/2012 10:26:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2012 10:25:47 AM) (Source: Winlogon)(User: )
Description: 0xC004F0120x00000000

Error: (01/25/2012 09:09:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2012 04:37:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/25/2012 10:50:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2012 11:15:15 PM) (Source: IMFservice)(User: )
Description: The interface is unknown

Error: (01/24/2012 11:15:15 PM) (Source: IMFservice)(User: )
Description: The handle is invalid


=========================== Installed Programs ============================

3DVIA Shape for Maps (Version: 6.207.09182)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.0.3.13070)
Adobe Community Help (Version: 3.3.0)
Adobe Community Help (Version: 3.3.0.800)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Audio FX Engine (Version: 1.12.05)
Advanced SystemCare 4 (Version: 4.2.0)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 2.0.3)
Auslogics BoostSpeed (Version: 5.2)
avast! Internet Security (Version: 6.0.1367.0)
Bing Bar (Version: 7.0.850.0)
Camersoft Webcam Capture 2.2.32
CCleaner (Version: 3.11)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
Cooking Academy 2 World Cuisine (Version: 1.0.1)
Corel WinDVD 2010 (Version: 10.0.5.544)
Dassault Systemes Software Prerequisites x86 (Version: 8.1.3)
Dell-eBay (Version: 1.00.0000)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 1.1.0029)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 13.0.2.0)
Dell Video Chat (Version: 6.0 (6567))
Dell Webcam Central (Version: 1.20.10)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Diaper Dash (Version: 1.0)
DivX Setup (Version: 2.5.0.8)
Dynasty Warriors Online
Free Video to MP3 Converter version 4.1
Free YouTube Download version 3.0.20.1228
GoToAssist 8.0.0.514
iLivid (Version: 1.92.0.115854)
IMVU Avatar Chat Software
Integrated Webcam Driver (1.00.04.0310) (Version: 1.00.04.0310)
Intel® Matrix Storage Manager
IObit Malware Fighter (Version: 1.0)
Jane's Realty (Version: 1.01)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8117.416)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark S300-S400 Series
Lexmark Toolbar (Version: 4.13.37.0)
Lexmark Tools for Office (Version: 1.29.0.0)
Live! Cam Avatar Creator (Version: 4.6.2303.1)
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.0.69.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Language Pack 2010 - Dutch/Nederlands (Version: 14.0.6029.1000)
Microsoft Office O MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office X MUI (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mind Sparke Brain Fitness Pro (Version: 2.0.27)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Newnovelist2 (Version: 2.1.0)
NLVM v3.0 (Version: 3.0.0.0)
Paltalk Messenger (Version: 10.0)
Paltalk Messenger Interop
PMB (Version: 5.5.02.12220)
PowerDVD DX (Version: 8.2.5024)
Protected Folder
QuickSet (Version: 9.4.7)
QuickTime (Version: 7.70.80.34)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Sallys Spa (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.50.1002)
Suspects and Clues (Version: 1.09)
swMSM (Version: 12.0.0.1)
Uninstall 1.0.0.1
Unity Web Player (Version: 2.6.0f7_29850)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR archiver
Zeallsoft Screen Webcam Recorder 2.0

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2007.63 MB
Available physical RAM: 980.34 MB
Total Pagefile: 4256.55 MB
Available Pagefile: 2302.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.71 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:11.74 GB) NTFS
2 Drive d: (Hitachi) (Fixed) (Total:465.76 GB) (Free:420.76 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.03 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest User


**** End of log ****

I already have Mbam(updated and all) do i scan with this one or download a newer version?

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:50 PM

Posted 26 January 2012 - 01:53 PM

Scan with it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 02:46 PM

Yes I scanned with it. This is the Log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.26.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
User :: USER-PC [administrator]

Protection: Enabled

26/01/2012 18:45:36
mbam-log-2012-01-26 (18-45-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211629
Time elapsed: 25 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

I'm going to restart now!

#11 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 02:56 PM

Computer has gotten very slow, took me ages to get Mozilla started and get around on the BC website. anyway going for last step aswMBR.

#12 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 03:06 PM

computer says avast antirootkit has stopped working windows can check for a solution to the problem.
a. check online or
b. close programme
Was this supposed to happen??
because it stopped the aswMBR scan...

#13 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 26 January 2012 - 03:17 PM

what would you suggest to do??
do you have another solution?
J

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:50 PM

Posted 26 January 2012 - 03:45 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 want2know2

want2know2
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 27 January 2012 - 03:52 AM

it ran then stopped, so I scanned again and it took till late night next morning my laptop had turned itself on standby so i scanned again it checked went to the last thing it scanned and went on scanning until just now 2 minutes ago my laptop gave me blue screen and rebooted...

Shall i run it again normally or in safe mode as you mentioned yesterday?
J




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users