Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet access and security essentials is jacked... Seems like some type of a rootkit virus


  • Please log in to reply
16 replies to this topic

#1 dave7676

dave7676

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 20 May 2012 - 10:48 PM

Hey everyone,

I believe I have a virus on my desktop Dell PC. I'm running windows XP media center edition 2002, service pack 3 with internet explorer for my web browser.

It all started 2 1/2 weeks ago while browsing themeforest searching for a new theme (Website template). I was viewing a demo and a window came up asking permission to open or run something that I thought was legit, didn't pay any attention to it and granted access. Got some pop-ups so I immediately shutdown the PC manualy and realized I had just screwed the pooch...

I then tried running microsoft security essentials (Unfortunately not in safe mode) and the (Quick) scan results said, clean. However, internet was still down. I shut it down and went to work; started the pc up later that evening only to find out that I couldn't get on the internet and security essentials was down and instead of green, was all in red stating something about it not being turned on. Tried running security essentials and couldn't. Downloaded Norman malware cleaner on a jump drive and copied it to my desktop, ran that and it found some malicious objects. After re-starting the PC, same thing... Tried deleting security essentials in add/remove programs; couldn't. Ended up manually removing security essentials through microsofts help page, only removed partial, still see it in security center, says virus protection is on?? Also, my firewall has been off and wont turn on.

Tried running a cleaner from microsoft and a couple others that seemed to not detect anything and finally 2 weeks later just ran Norman again and came here. Norman found 3 malicious objects which were:
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP1A0000003.msi: Archive infected
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP1A0000004.msi: Archive infected
C:\System Volume Information\_restore{EDF6B116-8887-4DDD-A0FD-EC926398F1F5}\RP2A0000135.MSI: Archive infected
However in the results it didn't clean or quarantine any?

Rootkit virus pro person please help!

Kind regards,

Dave

BC AdBot (Login to Remove)

 


#2 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 20 May 2012 - 10:54 PM

Last but not least, I already did a few system restores a couple weeks back when I first got the virus and was successful restoring to a few days previous to a week previous and that didn't resolve the issue. Tried doing system restore several times yesterday and it fails...

-Dave

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 21 May 2012 - 07:52 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 21 May 2012 - 11:03 PM

Hello,

Here is the FSS Log:

Farbar Service Scanner Version: 17-05-2012
Ran by Dave (administrator) on 21-05-2012 at 20:31:52
Running from "C:\Documents and Settings\Dave.DONKENDAVE\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Thank you,

Dave

Edited by Orange Blossom, 21 May 2012 - 11:20 PM.
Merged topics. ~ OB


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 26 May 2012 - 12:34 PM

I'm sorry for the delay.
It looks like email notification missed me.

We have couple of system files missing there.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    ipsec.sys
    afd.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 27 May 2012 - 05:29 PM

Here is my system look log

SystemLook 30.07.11 by jpshortstuff
Log created at 14:36 on 27/05/2012 by Dave
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [23:31 13/11/2008] [11:00 10/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys ------- 75264 bytes [17:46 20/10/2008] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [23:53 17/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [15:42 13/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a---- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a---- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a---- 138368 bytes [21:46 15/10/2008] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC
C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys --a---- 138496 bytes [21:46 15/10/2008] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [21:46 15/10/2008] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [23:31 13/11/2008] [09:51 14/08/2008] 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [04:09 18/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [15:10 15/04/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [04:40 14/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138496 bytes [22:46 15/10/2008] [11:00 10/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138112 bytes [23:43 13/11/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys -----c- 138368 bytes [22:48 15/10/2008] [10:44 20/06/2008] 944CA435BFCFC82CC1ED9E3A7D731AA9
C:\WINDOWS\ServicePackFiles\i386\afd.sys ------- 138112 bytes [17:45 20/10/2008] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD

-= EOF =-

Thanks,

Dave

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 27 May 2012 - 05:57 PM

Download following batch file: http://www.bleepstatic.com/fhost/uploads/1/106-fix.bat
Double click on it to run the fix.
Command prompt window will open.
You should see following message:
"2 file(s) copied"
In that case press any key to close command prompt window.
If you see any error message let me know.

Restart computer, post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 27 May 2012 - 06:59 PM

Message was close to "2 files copied"...
Message was "1 file copied"
"1 file copied"
I'm assuming that's fine?
Below is the latest FSS log

Farbar Service Scanner Version: 17-05-2012
Ran by Dave (administrator) on 27-05-2012 at 16:53:37
Running from "C:\Documents and Settings\Dave.DONKENDAVE\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 27 May 2012 - 07:15 PM

That looks very good.

I assume you still can't connect?

It looks like it may be just a matter of adjusting some settings.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings)
  • List Users, Partitions and Memory size
  • List Restore Points
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 27 May 2012 - 09:16 PM

Ya still no internet, here are the results from the mini tool box scan:

MiniToolBox by Farbar Version: 14-01-2012
Ran by Dave (administrator) on 27-05-2012 at 19:11:04
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



94.63.147.17 www.bing.com


========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : donkendave

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-12-3F-6C-5B-96

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 6c 5b 96 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/27/2012 04:36:23 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/27/2012 01:07:11 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/26/2012 02:11:57 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/21/2012 08:17:24 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/20/2012 10:49:46 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2012 07:10:55 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/16/2012 07:33:20 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/16/2012 07:19:59 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/16/2012 07:04:37 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/16/2012 06:58:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (05/27/2012 04:53:14 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (05/27/2012 04:52:46 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Services service failed to start due to the following error:
%%3

Error: (05/27/2012 04:52:46 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service failed to start due to the following error:
%%3

Error: (05/27/2012 04:52:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (05/27/2012 04:50:19 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error:
%%2

Error: (05/27/2012 04:50:19 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error:
%%2

Error: (05/27/2012 04:50:19 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (05/27/2012 04:50:19 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (05/27/2012 04:36:56 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (05/27/2012 04:36:28 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952450


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

1000 Best Fonts
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AutoUpdate (Version: 1.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 8.10.07)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Creative MediaSource
Dell Photo AIO Printer 962
Dell Resource CD (Version: 1.00.0000)
DiscAPI (Studio 10) (Version: 2.10.0060)
DivX (Version: 5.2.1)
ESPNMotion (Version: 2.1.6.0011)
Flash Slideshow Maker Pro 4.88 (Version: 4.88)
GemMaster Mystic
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
IrfanView (remove only) (Version: 4.27)
iTunes (Version: 10.5.2.11)
Jasc Paint Shop Photo Album (Version: 4.0.4)
Java™ 6 Update 10 (Version: 6.0.100)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
Otto
Pinnacle Instant DVD Recorder (Version: 1.60.110)
PowerDVD 5.5
Print to Fax (Version: 1.00)
QuickTime (Version: 7.71.80.42)
RAPID (Studio 10) (Version: 1.00.0004)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
Sonic Audio module (Version: 2.0.0)
Sonic DLA (Version: 4.97)
Sonic Encoders (Version: 1.00)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Audigy 2 ZS
Studio 10 (Version: 10.5)
The Sims 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Slideshow
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)
Yahoo! SiteBuilder (Version: 2.4.0)

========================= Devices: ================================

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2046.08 MB
Available physical RAM: 1632.93 MB
Total Pagefile: 3937.97 MB
Available Pagefile: 3702.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298 GB) (Free:149.16 GB) NTFS
9 Drive k: () (Removable) (Total:0.48 GB) (Free:0.38 GB) FAT

========================= Users: ========================================

User accounts for \\DONKENDAVE

Administrator Alyssa ASPNET
Dave Guest HelpAssistant
SUPPORT_388945a0

========================= Restore Points ==================================

28-02-2012 03:11:57 Software Distribution Service 3.0
28-02-2012 05:47:54 Software Distribution Service 3.0
28-02-2012 15:34:23 Software Distribution Service 3.0
28-02-2012 16:49:50 Software Distribution Service 3.0
29-02-2012 04:53:09 Software Distribution Service 3.0
29-02-2012 15:31:56 Software Distribution Service 3.0
29-02-2012 15:51:30 Software Distribution Service 3.0
29-02-2012 15:52:36 Software Distribution Service 3.0
01-03-2012 04:14:41 Software Distribution Service 3.0
01-03-2012 16:56:14 Software Distribution Service 3.0
02-03-2012 05:36:31 Software Distribution Service 3.0
03-03-2012 05:43:54 System Checkpoint
03-03-2012 08:21:03 Software Distribution Service 3.0
03-03-2012 19:32:44 Removed Safari
03-03-2012 19:35:39 Software Distribution Service 3.0
04-03-2012 02:00:53 Software Distribution Service 3.0
05-03-2012 18:47:49 Software Distribution Service 3.0
05-03-2012 20:53:43 Software Distribution Service 3.0
06-03-2012 05:20:28 Software Distribution Service 3.0
07-03-2012 19:25:53 Software Distribution Service 3.0
08-03-2012 06:58:47 Software Distribution Service 3.0
08-03-2012 18:01:40 Software Distribution Service 3.0
08-03-2012 21:35:13 Software Distribution Service 3.0
09-03-2012 05:39:20 Software Distribution Service 3.0
09-03-2012 21:58:23 Software Distribution Service 3.0
10-03-2012 08:18:31 Software Distribution Service 3.0
11-03-2012 20:57:51 Software Distribution Service 3.0
12-03-2012 00:57:39 Software Distribution Service 3.0
12-03-2012 21:37:00 Software Distribution Service 3.0
13-03-2012 02:41:27 Software Distribution Service 3.0
13-03-2012 04:20:00 Software Distribution Service 3.0
14-03-2012 02:36:51 Software Distribution Service 3.0
14-03-2012 16:01:55 Software Distribution Service 3.0
15-03-2012 04:37:34 Software Distribution Service 3.0
15-03-2012 14:07:28 Software Distribution Service 3.0
16-03-2012 18:37:26 Software Distribution Service 3.0
17-03-2012 00:19:07 Software Distribution Service 3.0
17-03-2012 19:34:06 Software Distribution Service 3.0
17-03-2012 22:23:06 Software Distribution Service 3.0
19-03-2012 18:48:42 Software Distribution Service 3.0
19-03-2012 20:51:56 Software Distribution Service 3.0
20-03-2012 04:08:30 Software Distribution Service 3.0
20-03-2012 04:31:33 Software Distribution Service 3.0
21-03-2012 04:04:41 Software Distribution Service 3.0
21-03-2012 04:15:52 Software Distribution Service 3.0
22-03-2012 03:05:43 Software Distribution Service 3.0
22-03-2012 21:30:58 Software Distribution Service 3.0
23-03-2012 10:00:15 Software Distribution Service 3.0
23-03-2012 21:20:24 Software Distribution Service 3.0
24-03-2012 05:11:10 Software Distribution Service 3.0
25-03-2012 21:16:29 Software Distribution Service 3.0
26-03-2012 04:37:08 Software Distribution Service 3.0
26-03-2012 04:55:02 Software Distribution Service 3.0
26-03-2012 21:12:57 Software Distribution Service 3.0
27-03-2012 04:51:09 Software Distribution Service 3.0
27-03-2012 04:54:03 Software Distribution Service 3.0
29-03-2012 01:55:03 Software Distribution Service 3.0
29-03-2012 03:27:29 Software Distribution Service 3.0
30-03-2012 03:03:40 Software Distribution Service 3.0
30-03-2012 03:18:32 Software Distribution Service 3.0
30-03-2012 03:39:06 Software Distribution Service 3.0
03-04-2012 05:07:51 Software Distribution Service 3.0
03-04-2012 05:22:42 Software Distribution Service 3.0
04-04-2012 04:42:15 Software Distribution Service 3.0
04-04-2012 18:04:41 Software Distribution Service 3.0
05-04-2012 02:58:57 Software Distribution Service 3.0
06-04-2012 04:44:15 Software Distribution Service 3.0
06-04-2012 05:36:55 Software Distribution Service 3.0
07-04-2012 22:09:51 Software Distribution Service 3.0
08-04-2012 02:19:19 Software Distribution Service 3.0
08-04-2012 20:15:44 Software Distribution Service 3.0
09-04-2012 21:21:45 Software Distribution Service 3.0
10-04-2012 03:47:16 Software Distribution Service 3.0
11-04-2012 21:53:48 Software Distribution Service 3.0
11-04-2012 22:03:20 Software Distribution Service 3.0
12-04-2012 04:58:42 Software Distribution Service 3.0
12-04-2012 22:15:37 Software Distribution Service 3.0
12-04-2012 22:36:16 Software Distribution Service 3.0
12-04-2012 23:19:53 Software Distribution Service 3.0
13-04-2012 05:35:27 Software Distribution Service 3.0
13-04-2012 19:16:40 Software Distribution Service 3.0
14-04-2012 00:31:58 Software Distribution Service 3.0
15-04-2012 22:16:40 Software Distribution Service 3.0
16-04-2012 04:17:06 Software Distribution Service 3.0
17-04-2012 04:21:15 Software Distribution Service 3.0
18-04-2012 04:19:19 Software Distribution Service 3.0
18-04-2012 04:55:00 Software Distribution Service 3.0
20-04-2012 00:18:17 Software Distribution Service 3.0
20-04-2012 00:32:19 Software Distribution Service 3.0
22-04-2012 23:34:54 Software Distribution Service 3.0
23-04-2012 02:04:47 Software Distribution Service 3.0
23-04-2012 19:52:29 Software Distribution Service 3.0
24-04-2012 03:53:35 Software Distribution Service 3.0
24-04-2012 14:19:08 Software Distribution Service 3.0
25-04-2012 01:47:07 Software Distribution Service 3.0
25-04-2012 02:24:30 Software Distribution Service 3.0
26-04-2012 01:51:23 Software Distribution Service 3.0
26-04-2012 17:49:31 Software Distribution Service 3.0
26-04-2012 21:05:29 Software Distribution Service 3.0
27-04-2012 21:20:47 System Checkpoint
27-04-2012 21:28:45 Software Distribution Service 3.0
29-04-2012 17:43:13 Software Distribution Service 3.0
29-04-2012 21:31:40 Installed Microsoft Office Live Meeting 2007
30-04-2012 04:03:43 Software Distribution Service 3.0
30-04-2012 05:50:48 Software Distribution Service 3.0
30-04-2012 19:33:03 Software Distribution Service 3.0
01-05-2012 04:58:18 Software Distribution Service 3.0
01-05-2012 19:21:25 Software Distribution Service 3.0
02-05-2012 04:18:27 Software Distribution Service 3.0
02-05-2012 15:25:52 Software Distribution Service 3.0
03-05-2012 03:08:20 Restore Operation
03-05-2012 03:26:07 Restore Operation
03-05-2012 03:33:03 Removed Microsoft Office Live Meeting 2007
03-05-2012 03:35:03 Removed Bonjour
03-05-2012 03:59:33 Configured SmartSound Quicktracks Plugin
03-05-2012 04:05:07 Restore Operation
03-05-2012 04:15:02 Removed Microsoft Office Live Meeting 2007
03-05-2012 04:15:26 Removed Bonjour
03-05-2012 04:18:10 Removed Apple Application Support
03-05-2012 04:40:32 Restore Operation
04-05-2012 04:12:39 Restore Operation
04-05-2012 04:18:19 Restore Operation
04-05-2012 04:22:44 Restore Operation
05-05-2012 17:35:23 System Checkpoint
06-05-2012 20:22:56 System Checkpoint
06-05-2012 20:43:03 Restore Operation
07-05-2012 03:59:40 Restore Operation
09-05-2012 04:47:26 System Checkpoint
13-05-2012 00:06:08 System Checkpoint
14-05-2012 17:14:47 System Checkpoint
14-05-2012 18:29:44 Restore Operation
15-05-2012 23:27:52 System Checkpoint
16-05-2012 19:03:28 Restore Operation
16-05-2012 19:10:29 Restore Operation
16-05-2012 19:56:30 Restore Operation
17-05-2012 02:33:42 Restore Operation
17-05-2012 02:42:02 Restore Operation
18-05-2012 02:43:08 System Checkpoint
20-05-2012 18:20:56 System Checkpoint
26-05-2012 22:57:17 System Checkpoint
28-05-2012 00:17:02 System Checkpoint

**** End of log ****

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 27 May 2012 - 10:25 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 28 May 2012 - 03:38 PM

Tried all those, none worked. I re-plugged in the infected PC to the router so I can have the other PC's in the house back online and am wondering if I need to have the infected PC plugged straight into the modem rather than the router for the next or any future trouble shooting steps, please advise?

I did get 2 error messages after hitting go on dial-a-fix before hitting the hammerhead icon which popped up several times (12 or so) which read the following:

Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of the file.

Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Your version of mshtml.dll is: 8.00.6001.19222. Please contact dial-a-fix@DjLizard.net so that an exception can be made for your version of the file.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 28 May 2012 - 05:30 PM

Those files shouldn't be affecting your internet connection.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================


Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

NOTE.
Since the computer can't connect...
To manually update MBAM, download this file: http://data.mbamupdates.com/tools/mbam-rules.exe
Double click on downloaded file to update the program.


=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==========================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

======================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 dave7676

dave7676
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 29 May 2012 - 09:29 AM

A couple of issues I had were:
1.) When I installed Mbam it gave me an error message stating there was a "Program error updating", so I downloaded the update link you gave me, installed and clicked finish. However, when I opened mbam and I had to install it again, it gave me the same error message so I went ahead and ran the scan but I am not sure if I got the updated version or not?
2.) Seeing how I manually tried removing microsoft security essentials a while back as I stated in my first e-mail and apparantly was unsucessful; when I go to my security center it appears to still be running. I couldn't turn it off to run main mirror as directed, so I am not sure if the scan was legit?

Below are the scan results:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 10
Out of date Java installed!
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: DONKENDAVE [administrator]

5/28/2012 7:10:29 PM
mbam-log-2012-05-28 (19-10-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489432
Time elapsed: 27 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dave.DONKENDAVE\Application Data\Adobe\AdobeUtil .exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 19:48:32
-----------------------------
19:48:32.875 OS Version: Windows 5.1.2600 Service Pack 3
19:48:32.875 Number of processors: 2 586 0x404
19:48:32.875 ComputerName: DONKENDAVE UserName: Dave
19:48:33.578 Initialize success
19:48:56.484 AVAST engine download error: 0
19:49:08.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:49:08.265 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
19:49:08.265 Disk 0 MBR read successfully
19:49:08.265 Disk 0 MBR scan
19:49:08.265 Disk 0 Windows XP default MBR code
19:49:08.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305156 MB offset 63
19:49:08.265 Disk 0 scanning sectors +624960630
19:49:08.328 Disk 0 scanning C:\WINDOWS\system32\drivers
19:49:17.062 Service scanning
19:49:27.187 Modules scanning
19:49:56.578 Disk 0 trace - called modules:
19:49:56.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:49:56.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d63ab8]
19:49:56.625 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a16d030]
19:49:56.625 Scan finished successfully
19:51:16.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\MBR.dat"
19:51:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 19:48:32
-----------------------------
19:48:32.875 OS Version: Windows 5.1.2600 Service Pack 3
19:48:32.875 Number of processors: 2 586 0x404
19:48:32.875 ComputerName: DONKENDAVE UserName: Dave
19:48:33.578 Initialize success
19:48:56.484 AVAST engine download error: 0
19:49:08.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:49:08.265 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
19:49:08.265 Disk 0 MBR read successfully
19:49:08.265 Disk 0 MBR scan
19:49:08.265 Disk 0 Windows XP default MBR code
19:49:08.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305156 MB offset 63
19:49:08.265 Disk 0 scanning sectors +624960630
19:49:08.328 Disk 0 scanning C:\WINDOWS\system32\drivers
19:49:17.062 Service scanning
19:49:27.187 Modules scanning
19:49:56.578 Disk 0 trace - called modules:
19:49:56.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:49:56.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d63ab8]
19:49:56.625 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a16d030]
19:49:56.625 Scan finished successfully
19:51:16.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\MBR.dat"
19:51:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 19:48:32
-----------------------------
19:48:32.875 OS Version: Windows 5.1.2600 Service Pack 3
19:48:32.875 Number of processors: 2 586 0x404
19:48:32.875 ComputerName: DONKENDAVE UserName: Dave
19:48:33.578 Initialize success
19:48:56.484 AVAST engine download error: 0
19:49:08.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:49:08.265 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
19:49:08.265 Disk 0 MBR read successfully
19:49:08.265 Disk 0 MBR scan
19:49:08.265 Disk 0 Windows XP default MBR code
19:49:08.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305156 MB offset 63
19:49:08.265 Disk 0 scanning sectors +624960630
19:49:08.328 Disk 0 scanning C:\WINDOWS\system32\drivers
19:49:17.062 Service scanning
19:49:27.187 Modules scanning
19:49:56.578 Disk 0 trace - called modules:
19:49:56.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:49:56.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d63ab8]
19:49:56.625 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a16d030]
19:49:56.625 Scan finished successfully
19:51:16.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\MBR.dat"
19:51:16.546 The log file has been saved successfully to "C:\Documents and Settings\Dave.DONKENDAVE\My Documents\aswMBR.txt"


Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
























































































































































































































































































Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
























































































































































































































































































Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
























































































































































































































































































Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
























































































































































































































































































Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 87
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-29 07:07:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: Main mirror.exe; Driver: C:\DOCUME~1\DAVE~1.DON\LOCALS~1\Temp\uxrdraow.sys


---- Kernel code sections - GMER 1.0.15 ----

? aayippld.sys The system cannot find the file specified. !
? C:\DOCUME~1\DAVE~1.DON\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB55422$\1838200302 0 bytes
File C:\WINDOWS\$NtUninstallKB55422$\1838200302\L 0 bytes
File C:\WINDOWS\$NtUninstallKB55422$\1838200302\U 0 bytes
File C:\WINDOWS\$NtUninstallKB55422$\1992533750 0 bytes

---- EOF - GMER 1.0.15 ----

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:01 AM

Posted 29 May 2012 - 07:34 PM

MBAM updated just fine:

Database version: v2012.05.28.04


GMER indicates further infection but in this case more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users