Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely infected...


  • Please log in to reply
7 replies to this topic

#1 kerneldrop

kerneldrop

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 28 January 2012 - 02:12 AM

I think my topic is accurate due to the following issues:
  • MalwareBytes closes on its on before scan starts
  • Windows XP shutdown takes waaaaay (~5mins.) too long during the 'Saving your settings' step

Operating System:
Windows XP Service Pack 3


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 28 January 2012 - 09:33 AM

Hello and welcome.. Lets try this way.

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 28 January 2012 - 05:54 PM


TDSS Killer Log:
15:59:05.0882 0212 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
15:59:06.0152 0212 ============================================================
15:59:06.0152 0212 Current date / time: 2012/01/28 15:59:06.0152
15:59:06.0152 0212 SystemInfo:
15:59:06.0152 0212
15:59:06.0152 0212 OS Version: 5.1.2600 ServicePack: 3.0
15:59:06.0152 0212 Product type: Workstation
15:59:06.0152 0212 ComputerName: MAIN
15:59:06.0152 0212 UserName: Owner
15:59:06.0152 0212 Windows directory: F:\WINDOWS
15:59:06.0152 0212 System windows directory: F:\WINDOWS
15:59:06.0152 0212 Processor architecture: Intel x86
15:59:06.0152 0212 Number of processors: 1
15:59:06.0152 0212 Page size: 0x1000
15:59:06.0152 0212 Boot type: Safe boot with network
15:59:06.0152 0212 ============================================================
15:59:09.0737 0212 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:59:09.0858 0212 Initialize success
15:59:12.0251 0852 ============================================================
15:59:12.0251 0852 Scan started
15:59:12.0251 0852 Mode: Manual;
15:59:12.0251 0852 ============================================================
15:59:13.0343 0852 Abiosdsk - ok
15:59:13.0403 0852 abp480n5 - ok
15:59:13.0493 0852 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
15:59:13.0503 0852 ACPI - ok
15:59:13.0583 0852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:59:13.0583 0852 ACPIEC - ok
15:59:13.0653 0852 adpu160m - ok
15:59:13.0713 0852 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
15:59:13.0723 0852 aec - ok
15:59:13.0803 0852 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
15:59:13.0803 0852 AFD - ok
15:59:13.0843 0852 Aha154x - ok
15:59:13.0883 0852 aic78u2 - ok
15:59:13.0923 0852 aic78xx - ok
15:59:14.0014 0852 AliIde - ok
15:59:14.0064 0852 amsint - ok
15:59:14.0224 0852 asc - ok
15:59:14.0274 0852 asc3350p - ok
15:59:14.0304 0852 asc3550 - ok
15:59:14.0444 0852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:59:14.0444 0852 AsyncMac - ok
15:59:14.0504 0852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
15:59:14.0514 0852 atapi - ok
15:59:14.0574 0852 Atdisk - ok
15:59:14.0644 0852 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:59:14.0644 0852 Atmarpc - ok
15:59:14.0745 0852 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
15:59:14.0745 0852 audstub - ok
15:59:14.0845 0852 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) F:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:59:14.0855 0852 avgntflt - ok
15:59:14.0955 0852 avipbb (475fbb85956534720858ae72010c0a43) F:\WINDOWS\system32\DRIVERS\avipbb.sys
15:59:14.0955 0852 avipbb - ok
15:59:15.0035 0852 avkmgr (271cfd1a989209b1964e24d969552bf7) F:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:59:15.0045 0852 avkmgr - ok
15:59:15.0165 0852 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) F:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:59:15.0175 0852 BCM43XX - ok
15:59:15.0235 0852 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
15:59:15.0235 0852 Beep - ok
15:59:15.0426 0852 catchme - ok
15:59:15.0486 0852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
15:59:15.0496 0852 cbidf2k - ok
15:59:15.0536 0852 cd20xrnt - ok
15:59:15.0586 0852 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
15:59:15.0586 0852 Cdaudio - ok
15:59:15.0656 0852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
15:59:15.0656 0852 Cdfs - ok
15:59:15.0776 0852 cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
15:59:15.0776 0852 cdrom - ok
15:59:15.0816 0852 Changer - ok
15:59:15.0986 0852 CmBatt (0f6c187d38d98f8df904589a5f94d411) F:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:59:15.0986 0852 CmBatt - ok
15:59:16.0107 0852 cmdGuard (f8a304ab7bbc61b26f66ab65aae27693) F:\WINDOWS\system32\DRIVERS\cmdguard.sys
15:59:16.0127 0852 cmdGuard - ok
15:59:16.0197 0852 cmdHlp (a736f2263310fee1799de88cb50c1023) F:\WINDOWS\system32\DRIVERS\cmdhlp.sys
15:59:16.0197 0852 cmdHlp - ok
15:59:16.0257 0852 CmdIde - ok
15:59:16.0297 0852 Compbatt (6e4c9f21f0fae8940661144f41b13203) F:\WINDOWS\system32\DRIVERS\compbatt.sys
15:59:16.0307 0852 Compbatt - ok
15:59:16.0407 0852 Cpqarray - ok
15:59:16.0657 0852 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) F:\Program Files\SystemRequirementsLab\cpudrv.sys
15:59:16.0657 0852 cpudrv - ok
15:59:16.0727 0852 dac2w2k - ok
15:59:16.0767 0852 dac960nt - ok
15:59:16.0858 0852 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
15:59:16.0868 0852 Disk - ok
15:59:17.0028 0852 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
15:59:17.0058 0852 dmboot - ok
15:59:17.0168 0852 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
15:59:17.0188 0852 dmio - ok
15:59:17.0258 0852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
15:59:17.0258 0852 dmload - ok
15:59:17.0348 0852 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
15:59:17.0358 0852 DMusic - ok
15:59:17.0448 0852 dpti2o - ok
15:59:17.0499 0852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
15:59:17.0499 0852 drmkaud - ok
15:59:17.0579 0852 E100B (ac9cf17ee2ae003c98eb4f5336c38058) F:\WINDOWS\system32\DRIVERS\e100b325.sys
15:59:17.0589 0852 E100B - ok
15:59:17.0789 0852 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
15:59:17.0789 0852 Fastfat - ok
15:59:17.0879 0852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\drivers\Fdc.sys
15:59:17.0899 0852 Fdc - ok
15:59:17.0969 0852 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
15:59:17.0979 0852 Fips - ok
15:59:18.0059 0852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\drivers\Flpydisk.sys
15:59:18.0059 0852 Flpydisk - ok
15:59:18.0169 0852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
15:59:18.0169 0852 FltMgr - ok
15:59:18.0250 0852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
15:59:18.0250 0852 Fs_Rec - ok
15:59:18.0310 0852 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:59:18.0310 0852 Ftdisk - ok
15:59:18.0380 0852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
15:59:18.0380 0852 Gpc - ok
15:59:18.0510 0852 GTWModem (2b34e4aacb5734bfd663c803335b11ea) F:\WINDOWS\system32\DRIVERS\GWMDM.sys
15:59:18.0560 0852 GTWModem - ok
15:59:18.0690 0852 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
15:59:18.0690 0852 HidUsb - ok
15:59:18.0760 0852 hpn - ok
15:59:18.0850 0852 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
15:59:18.0860 0852 HTTP - ok
15:59:18.0921 0852 i2omgmt - ok
15:59:18.0961 0852 i2omp - ok
15:59:19.0041 0852 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:59:19.0041 0852 i8042prt - ok
15:59:19.0191 0852 ialm (da91f5385cfc8ba0f110f2fde112b563) F:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:59:19.0241 0852 ialm - ok
15:59:19.0391 0852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
15:59:19.0401 0852 Imapi - ok
15:59:19.0471 0852 ini910u - ok
15:59:19.0561 0852 Inspect (456003490faa4a2361ceacbfb6409172) F:\WINDOWS\system32\DRIVERS\inspect.sys
15:59:19.0561 0852 Inspect - ok
15:59:19.0622 0852 IntelIde (b5466a9250342a7aa0cd1fba13420678) F:\WINDOWS\system32\DRIVERS\intelide.sys
15:59:19.0622 0852 IntelIde - ok
15:59:19.0712 0852 intelppm (8c953733d8f36eb2133f5bb58808b66b) F:\WINDOWS\system32\DRIVERS\intelppm.sys
15:59:19.0712 0852 intelppm - ok
15:59:19.0772 0852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
15:59:19.0772 0852 Ip6Fw - ok
15:59:19.0852 0852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:59:19.0852 0852 IpFilterDriver - ok
15:59:19.0912 0852 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
15:59:19.0912 0852 IpInIp - ok
15:59:19.0972 0852 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
15:59:19.0972 0852 IpNat - ok
15:59:20.0042 0852 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
15:59:20.0042 0852 IPSec - ok
15:59:20.0102 0852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
15:59:20.0102 0852 IRENUM - ok
15:59:20.0182 0852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
15:59:20.0182 0852 isapnp - ok
15:59:20.0263 0852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:59:20.0263 0852 Kbdclass - ok
15:59:20.0343 0852 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:59:20.0343 0852 kbdhid - ok
15:59:20.0403 0852 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
15:59:20.0413 0852 kmixer - ok
15:59:20.0473 0852 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
15:59:20.0473 0852 KSecDD - ok
15:59:20.0573 0852 lbrtfdc - ok
15:59:20.0703 0852 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) F:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:59:20.0713 0852 MBAMSwissArmy - ok
15:59:20.0843 0852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
15:59:20.0843 0852 mnmdd - ok
15:59:20.0913 0852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
15:59:20.0913 0852 Modem - ok
15:59:21.0004 0852 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) F:\WINDOWS\system32\drivers\MODEMCSA.sys
15:59:21.0014 0852 MODEMCSA - ok
15:59:21.0074 0852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
15:59:21.0084 0852 Mouclass - ok
15:59:21.0184 0852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
15:59:21.0194 0852 mouhid - ok
15:59:21.0234 0852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
15:59:21.0234 0852 MountMgr - ok
15:59:21.0264 0852 mraid35x - ok
15:59:21.0404 0852 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:59:21.0434 0852 MREMP50 - ok
15:59:21.0474 0852 MREMP50a64 - ok
15:59:21.0494 0852 MREMPR5 - ok
15:59:21.0524 0852 MRENDIS5 - ok
15:59:21.0574 0852 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:59:21.0584 0852 MRESP50 - ok
15:59:21.0604 0852 MRESP50a64 - ok
15:59:21.0675 0852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:59:21.0685 0852 MRxDAV - ok
15:59:21.0765 0852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:59:21.0785 0852 MRxSmb - ok
15:59:21.0935 0852 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
15:59:21.0935 0852 Msfs - ok
15:59:22.0015 0852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
15:59:22.0025 0852 MSKSSRV - ok
15:59:22.0065 0852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:59:22.0085 0852 MSPCLOCK - ok
15:59:22.0115 0852 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
15:59:22.0115 0852 MSPQM - ok
15:59:22.0185 0852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:59:22.0185 0852 mssmbios - ok
15:59:22.0315 0852 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
15:59:22.0325 0852 Mup - ok
15:59:22.0416 0852 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
15:59:22.0416 0852 NDIS - ok
15:59:22.0496 0852 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:59:22.0496 0852 NdisTapi - ok
15:59:22.0556 0852 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:59:22.0556 0852 Ndisuio - ok
15:59:22.0626 0852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:59:22.0636 0852 NdisWan - ok
15:59:22.0696 0852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
15:59:22.0696 0852 NDProxy - ok
15:59:22.0746 0852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
15:59:22.0756 0852 NetBIOS - ok
15:59:22.0816 0852 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
15:59:22.0826 0852 NetBT - ok
15:59:23.0006 0852 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
15:59:23.0016 0852 Npfs - ok
15:59:23.0097 0852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
15:59:23.0107 0852 Ntfs - ok
15:59:23.0197 0852 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
15:59:23.0197 0852 Null - ok
15:59:23.0277 0852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:59:23.0277 0852 NwlnkFlt - ok
15:59:23.0327 0852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:59:23.0337 0852 NwlnkFwd - ok
15:59:23.0407 0852 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) F:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
15:59:23.0417 0852 odysseyIM4 - ok
15:59:23.0487 0852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
15:59:23.0497 0852 Parport - ok
15:59:23.0557 0852 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
15:59:23.0557 0852 PartMgr - ok
15:59:23.0607 0852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
15:59:23.0617 0852 ParVdm - ok
15:59:23.0677 0852 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
15:59:23.0687 0852 PCI - ok
15:59:23.0727 0852 PCIDump - ok
15:59:23.0808 0852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
15:59:23.0808 0852 PCIIde - ok
15:59:23.0888 0852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:59:23.0888 0852 Pcmcia - ok
15:59:23.0948 0852 PDCOMP - ok
15:59:23.0998 0852 PDFRAME - ok
15:59:24.0038 0852 PDRELI - ok
15:59:24.0068 0852 PDRFRAME - ok
15:59:24.0128 0852 perc2 - ok
15:59:24.0168 0852 perc2hib - ok
15:59:24.0368 0852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
15:59:24.0368 0852 PptpMiniport - ok
15:59:24.0489 0852 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
15:59:24.0489 0852 PSched - ok
15:59:24.0549 0852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
15:59:24.0549 0852 Ptilink - ok
15:59:24.0579 0852 ql1080 - ok
15:59:24.0619 0852 Ql10wnt - ok
15:59:24.0669 0852 ql12160 - ok
15:59:24.0729 0852 ql1240 - ok
15:59:24.0779 0852 ql1280 - ok
15:59:24.0839 0852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
15:59:24.0839 0852 RasAcd - ok
15:59:24.0929 0852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:59:24.0929 0852 Rasl2tp - ok
15:59:25.0009 0852 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:59:25.0009 0852 RasPppoe - ok
15:59:25.0059 0852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
15:59:25.0059 0852 Raspti - ok
15:59:25.0129 0852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
15:59:25.0140 0852 Rdbss - ok
15:59:25.0200 0852 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:59:25.0200 0852 RDPCDD - ok
15:59:25.0330 0852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
15:59:25.0330 0852 RDPWD - ok
15:59:25.0450 0852 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
15:59:25.0450 0852 redbook - ok
15:59:25.0640 0852 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) F:\WINDOWS\system32\DRIVERS\RsFx0103.sys
15:59:25.0650 0852 RsFx0103 - ok
15:59:25.0851 0852 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
15:59:25.0851 0852 Secdrv - ok
15:59:25.0951 0852 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\drivers\Serial.sys
15:59:25.0961 0852 Serial - ok
15:59:26.0111 0852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
15:59:26.0111 0852 Sfloppy - ok
15:59:26.0181 0852 Simbad - ok
15:59:26.0261 0852 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) F:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
15:59:26.0271 0852 SmartDefragDriver - ok
15:59:26.0331 0852 Sparrow - ok
15:59:26.0411 0852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
15:59:26.0411 0852 splitter - ok
15:59:26.0572 0852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
15:59:26.0572 0852 sr - ok
15:59:26.0682 0852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
15:59:26.0692 0852 Srv - ok
15:59:26.0812 0852 ssmdrv (a36ee93698802cd899f98bfd553d8185) F:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:59:26.0812 0852 ssmdrv - ok
15:59:26.0902 0852 STAC97 (4bd2a399c36bf5d3d9ff4b6da60b1d00) F:\WINDOWS\system32\drivers\STAC97.sys
15:59:26.0902 0852 STAC97 - ok
15:59:26.0992 0852 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
15:59:27.0002 0852 swenum - ok
15:59:27.0062 0852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
15:59:27.0062 0852 swmidi - ok
15:59:27.0152 0852 symc810 - ok
15:59:27.0192 0852 symc8xx - ok
15:59:27.0243 0852 sym_hi - ok
15:59:27.0303 0852 sym_u3 - ok
15:59:27.0423 0852 SynTP (fb5c05bb8d5b557a0072313a23ab1d68) F:\WINDOWS\system32\DRIVERS\SynTP.sys
15:59:27.0433 0852 SynTP - ok
15:59:27.0493 0852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
15:59:27.0493 0852 sysaudio - ok
15:59:27.0613 0852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
15:59:27.0623 0852 Tcpip - ok
15:59:27.0693 0852 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
15:59:27.0693 0852 TDPIPE - ok
15:59:27.0753 0852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
15:59:27.0753 0852 TDTCP - ok
15:59:27.0833 0852 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
15:59:27.0833 0852 TermDD - ok
15:59:27.0944 0852 TosIde - ok
15:59:28.0044 0852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
15:59:28.0044 0852 Udfs - ok
15:59:28.0094 0852 ultra - ok
15:59:28.0294 0852 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) F:\Documents and Settings\Owner\My Documents\Downloads\Unlocker\UnlockerDriver5.sys
15:59:28.0294 0852 UnlockerDriver5 - ok
15:59:28.0404 0852 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
15:59:28.0414 0852 Update - ok
15:59:28.0524 0852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:59:28.0524 0852 usbccgp - ok
15:59:28.0594 0852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
15:59:28.0594 0852 usbehci - ok
15:59:28.0675 0852 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
15:59:28.0675 0852 usbhub - ok
15:59:28.0765 0852 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:59:28.0765 0852 usbstor - ok
15:59:28.0845 0852 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:59:28.0845 0852 usbuhci - ok
15:59:28.0935 0852 VBoxDrv (49a4673b3e1e167fe5c18f6571d00af5) F:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
15:59:28.0935 0852 VBoxDrv - ok
15:59:28.0975 0852 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) F:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
15:59:28.0975 0852 VBoxNetAdp - ok
15:59:29.0025 0852 VBoxNetFlt (af33dc300f15505321efb49c58016258) F:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
15:59:29.0025 0852 VBoxNetFlt - ok
15:59:29.0095 0852 VBoxUSBMon (3cdc46bc988ce3921c4e9480a56afd8e) F:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
15:59:29.0095 0852 VBoxUSBMon - ok
15:59:29.0175 0852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
15:59:29.0175 0852 VgaSave - ok
15:59:29.0225 0852 ViaIde - ok
15:59:29.0316 0852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) F:\WINDOWS\system32\drivers\VolSnap.sys
15:59:29.0316 0852 VolSnap - ok
15:59:29.0476 0852 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
15:59:29.0486 0852 Wanarp - ok
15:59:29.0526 0852 WDICA - ok
15:59:29.0606 0852 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
15:59:29.0606 0852 wdmaud - ok
15:59:29.0956 0852 WPC54Gv3 (e679fe7890c366f3418963e289d273cf) F:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS
15:59:29.0986 0852 WPC54Gv3 - ok
15:59:30.0047 0852 WpdUsb (cf4def1bf66f06964dc0d91844239104) F:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:59:30.0057 0852 WpdUsb - ok
15:59:30.0207 0852 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:59:30.0217 0852 WudfPf - ok
15:59:30.0287 0852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:59:30.0287 0852 WudfRd - ok
15:59:30.0457 0852 {6080A529-897E-4629-A488-ABA0C29B635E} (02cea7fc83b48d59732dcaee910334fa) F:\WINDOWS\system32\drivers\ialmsbw.sys
15:59:30.0457 0852 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
15:59:30.0517 0852 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (68547ea3ab2fbdbee8e6aca9640996b6) F:\WINDOWS\system32\drivers\ialmkchw.sys
15:59:30.0517 0852 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
15:59:30.0567 0852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:59:30.0768 0852 \Device\Harddisk0\DR0 - ok
15:59:30.0798 0852 Boot (0x1200) (a20097d6c0bda31ff20f747769d76b54) \Device\Harddisk0\DR0\Partition0
15:59:30.0798 0852 \Device\Harddisk0\DR0\Partition0 - ok
15:59:30.0818 0852 ============================================================
15:59:30.0818 0852 Scan finished
15:59:30.0818 0852 ============================================================
15:59:30.0878 0272 Detected object count: 0
15:59:30.0878 0272 Actual detected object count: 0
15:59:41.0763 1468 Deinitialize success


SUPERAntiSpyware Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2012 at 05:30 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type : Complete Scan
Total Scan Time : 01:24:53

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 300
Memory threats detected : 0
Registry items scanned : 22655
Registry threats detected : 0
File items scanned : 230337
File threats detected : 5

Adware.Tracking Cookie
ad.insightexpressai.com [ F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U9SR223 ]
media.mtvnservices.com [ F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U9SR223 ]
media.philly.com [ F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U9SR223 ]
secure-us.imrworldwide.com [ F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U9SR223 ]
sftrack.searchforce.net [ F:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2U9SR223 ]


Additional Note:
MalwareByte's would not open at all.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 28 January 2012 - 10:40 PM

Ok lets lookm at these rhen.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 29 January 2012 - 11:43 PM


MiniToolBox Log:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 29-01-2012 at 16:15:25
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys Wireless-G Notebook Adapter WPC54G Ver.3 = Wireless Network Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "VirtualBox Host-Only Network"

set address name="VirtualBox Host-Only Network" source=static addr=192.168.56.1 mask=255.255.255.0
set dns name="VirtualBox Host-Only Network" source=static addr=none register=PRIMARY
set wins name="VirtualBox Host-Only Network" source=static addr=none

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Main

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-E0-B8-55-E5-59



Ethernet adapter VirtualBox Host-Only Network:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter

Physical Address. . . . . . . . . : 08-00-27-00-40-01

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.56.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Linksys Wireless-G Notebook Adapter WPC54G Ver.3

Physical Address. . . . . . . . . : 00-1E-21-E2-6A-1A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

71.242.0.12

Lease Obtained. . . . . . . . . . : Sunday, January 29, 2012 4:12:40 PM

Lease Expires . . . . . . . . . . : Monday, January 30, 2012 4:12:40 PM

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.105, 74.125.115.99, 74.125.115.147, 74.125.115.104
74.125.115.106, 74.125.115.103



Pinging google.com [74.125.113.103] with 32 bytes of data:



Reply from 74.125.113.103: bytes=32 time=24ms TTL=252

Reply from 74.125.113.103: bytes=32 time=25ms TTL=252



Ping statistics for 74.125.113.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=143ms TTL=250

Reply from 98.137.149.56: bytes=32 time=171ms TTL=250



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 143ms, Maximum = 171ms, Average = 157ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 b8 55 e5 59 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x4 ...08 00 27 00 40 01 ...... VirtualBox Host-Only Ethernet Adapter - Packet Scheduler Miniport
0x30003 ...00 1e 21 e2 6a 1a ...... Wireless-G Notebook Adapter WPC54G V3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
192.168.56.0 255.255.255.0 192.168.56.1 192.168.56.1 20
192.168.56.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.56.255 255.255.255.255 192.168.56.1 192.168.56.1 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.56.1 192.168.56.1 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.56.1 192.168.56.1 1
255.255.255.255 255.255.255.255 192.168.56.1 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 F:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/23/2012 10:28:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/23/2012 10:28:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/23/2012 10:28:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/22/2012 11:31:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x800708ca (converted to 0x800423f4).

Error: (01/09/2012 00:52:59 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/09/2012 00:52:59 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/09/2012 00:52:59 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/19/2011 08:21:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/08/2011 11:28:38 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (11/22/2011 06:46:12 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (01/28/2012 05:42:32 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (01/28/2012 05:42:32 PM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service failed to start due to the following error:
%%2

Error: (01/28/2012 05:41:07 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/28/2012 03:55:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr
cmdGuard
Fips
intelppm
ssmdrv
VBoxDrv
VBoxUSBMon

Error: (01/28/2012 03:54:23 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/28/2012 01:09:14 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (01/28/2012 01:09:14 PM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service failed to start due to the following error:
%%2

Error: (01/28/2012 01:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (01/28/2012 01:51:59 AM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service failed to start due to the following error:
%%2

Error: (01/27/2012 00:33:54 PM) (Source: DCOM) (User: Owner)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (01/23/2012 10:28:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/23/2012 10:28:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/23/2012 10:28:01 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/22/2012 11:31:17 PM) (Source: VSS)(User: )
Description: 0x800708ca0x800423f4RemovableStorageManagerOpenNtmsSessionW

Error: (01/09/2012 00:52:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/09/2012 00:52:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (01/09/2012 00:52:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/19/2011 08:21:25 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (12/08/2011 11:28:38 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (11/22/2011 06:46:12 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

7-Zip 4.65
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11 (Version: 11)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Asus ACPI Driver (Version: 1.00.0004)
Avira Free Antivirus (Version: 12.0.0.872)
CCleaner (Version: 3.14)
CDBurnerXP (Version: 4.3.2.2140)
Cobian Backup 9
ColorPic (Version: 4.1)
COMODO Internet Security (Version: 5.8.16726.2131)
Consolas Font Family (Version: 1.00.0000)
DS_Store Cleaner 1.5.0
FileZilla Client 3.5.3 (Version: 3.5.3)
Foxit Reader (Version: 3.0.2009.1301)
FreeMind (Version: 0.8.1)
Gateway Desktop Manager
Gateway Drivers and Applications Recovery
Gateway Ink Monitor (Version: 1.0.0.21)
Gateway Power Management
Git version 1.7.7-preview20111012 (Version: 1.7.7-preview20111012)
Google Chrome (Version: 16.0.912.77)
GTW V.92 Voicemodem
IcoFX 1.6.4
ImageMagick 6.7.4-0 Q16 (2011-12-15) (Version: 6.7.4)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4497)
Intel® Network Connections Drivers
Internet Explorer Developer Toolbar (Version: 1.0.2188)
Jasc Paint Shop Pro 8 (Version: 8.10.0000)
Java Auto Updater (Version: 2.0.5.1)
Java DB 10.4.1.3 (Version: 10.4.1.3)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Development Kit 6 Update 12 (Version: 1.6.0.120)
K-Lite Codec Pack 8.0.0 (Standard) (Version: 8.0.0)
KeePass Password Safe 2.15
Launchy 2.5
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Media Converter for Philips
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework SDK (English) 1.1 (Version: 1.1.4322)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird 9.0.1 (x86 en-US) (Version: 9.0.1)
MSDN Library for Visual Studio 2008 Express Editions SP1 (Version: 9.0.30708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Netflix Movie Viewer (Version: 1.2.211)
node.js (Version: 0.6.8)
Notepad++ (Version: 5.9.6.2)
NUnit 2.5.5 (Version: 2.5.5.10112)
Odyssey Client (Version: )
OpenOffice.org 3.2 (Version: 3.2.9502)
Oracle VM VirtualBox 4.1.6 (Version: 4.1.6)
PostgreSQL 9.0 (Version: 9.0)
Python 2.6 psycopg2-2.4.2
Python 2.6 py2exe-0.6.9
Python 2.6 pycurl-ssl-7.19.0
Python 2.6 WConio-1.5.1
Python 2.6.4 (Version: 2.6.4150)
QuickTime (Version: 7.69.80.9)
RegExr (Version: 0.3.1)
Revo Uninstaller 1.93 (Version: 1.93)
SA60xx Device Manager (Version: 1.00.0000)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Smart Defrag 2 (Version: 2.2)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spoon Sandbox Manager 3.24 (Version: 3.24.0.9)
Spoon Sandbox Manager 3.25 (Version: 3.25.0.9)
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SQLite ADO.NET 2.0/3.5 Provider (Version: 1.066.0)
StarUML 5.0.2.1570
SUPERAntiSpyware (Version: 5.0.1142)
Synaptics TouchPad
System Requirements Lab
System Requirements Lab for Intel (Version: 4.1.66.0)
TagScanner 5.1 build 594
Trillian
Viewpoint Media Player
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Vz In Home Agent (Version: 7.02.12)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 1270.42 MB
Available physical RAM: 729.73 MB
Total Pagefile: 1881.78 MB
Available Pagefile: 1298.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.61 MB

========================= Partitions: =====================================

4 Drive f: () (Fixed) (Total:74.52 GB) (Free:36.1 GB) NTFS

========================= Users: ========================================

User accounts for \\MAIN

Administrator ASPNET Guest
HelpAssistant Owner postgres
SUPPORT_388945a0

========================= Minidump Files ==================================

F:\WINDOWS\Minidump\Mini020811-01.dmp
F:\WINDOWS\Minidump\Mini080910-01.dmp
F:\WINDOWS\Minidump\Mini081210-01.dmp
F:\WINDOWS\Minidump\Mini081810-01.dmp

**** End of log ****


ESET Online Scanner Log
None.

Edited by kerneldrop, 30 January 2012 - 03:17 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 30 January 2012 - 07:25 PM

Looks like there is an active Zeroaccess rootkit working in here.
We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kerneldrop

kerneldrop
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 31 January 2012 - 11:32 PM


OK, so I'm having a few issues:

  • dds.scr freezes and locks up my system before it finishes
  • GMER takes over 4 hours to get about 3/4 of the way through the system
  • A new driver is being found on system start


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 01 February 2012 - 12:03 AM

If GMER won't run skip it and move on.



If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users