Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dell mini Xp becomes unresponsive


  • Please log in to reply
8 replies to this topic

#1 zmk76

zmk76

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 01 December 2012 - 05:22 PM

I have a Dell Mini running Windows Xp, lately after 15-20 mins it becomes unresponsive an nothing works. Can't close window or ctrl alt delete or task manager. The only thing you can do is turn it off and back on and same thing will happen again. Please Help.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:54 PM

Posted 05 December 2012 - 07:29 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 zmk76

zmk76
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 06 December 2012 - 11:11 AM

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java DB 10.5.3.0
Java™ 6 Update 23
Java™ SE Development Kit 6 Update 23
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 04-12-2012
Ran by Tom (administrator) on 06-12-2012 at 11:03:49
Running from "C:\Documents and Settings\Tom\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Bridge(11) BridgeMP(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0C000000050000000100000002000000030000000400000008000000090000000C00000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar Version: 25-11-2012
Ran by Tom (administrator) on 06-12-2012 at 11:05:50
Running from "C:\Documents and Settings\Tom\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection 1 (Connected)
Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)
EasyTether Network Adapter = Local Area Connection 13 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 1"

set address name="Wireless Network Connection 1" source=dhcp
set dns name="Wireless Network Connection 1" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 1" source=dhcp

# Interface IP Configuration for "Local Area Connection 13"

set address name="Local Area Connection 13" source=dhcp
set dns name="Local Area Connection 13" source=dhcp register=PRIMARY
set wins name="Local Area Connection 13" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MYMINI

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-24-E8-C5-B0-5C



Ethernet adapter Wireless Network Connection 1:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-25-56-76-44-49

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Thursday, December 06, 2012 10:59:00 AM

Lease Expires . . . . . . . . . . : Friday, December 07, 2012 9:51:54 AM

Server: UnKnown
Address: 10.0.0.1

Name: google.com
Address: 74.125.228.9



Pinging google.com [74.125.228.9] with 32 bytes of data:



Reply from 74.125.228.9: bytes=32 time=43ms TTL=53

Reply from 74.125.228.9: bytes=32 time=45ms TTL=53



Ping statistics for 74.125.228.9:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 45ms, Average = 44ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Address: 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=564ms TTL=48

Reply from 98.139.183.24: bytes=32 time=592ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 564ms, Maximum = 592ms, Average = 578ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 e8 c5 b0 5c ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 25 56 76 44 49 ...... Dell Wireless 1397 WLAN Mini-Card - Packet Scheduler Miniport
0x4 ...02 00 54 74 68 72 ...... EasyTether Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.4 25
10.0.0.0 255.255.255.0 10.0.0.4 10.0.0.4 25
10.0.0.4 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.4 10.0.0.4 25
255.255.255.255 255.255.255.255 10.0.0.4 10.0.0.4 1
255.255.255.255 255.255.255.255 10.0.0.4 2 1
255.255.255.255 255.255.255.255 10.0.0.4 4 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2012 10:53:14 PM) (Source: .NET Runtime) (User: )
Description: Application: mHotspot.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.EntryPointNotFoundException
Stack:
at  .()
at  ..ctor()
at  ..ctor()
at ..ctor()
at  .()

Error: (11/08/2012 10:50:09 PM) (Source: .NET Runtime) (User: )
Description: Application: mHotspot.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.EntryPointNotFoundException
Stack:
at  .()
at  ..ctor()
at  ..ctor()
at ..ctor()
at  .()

Error: (11/08/2012 02:10:00 PM) (Source: ConnectifySvc) (User: )
Description: ConnectifySvc error: 6Failed to SetServiceStatus


System errors:
=============
Error: (12/05/2012 01:08:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (12/05/2012 01:07:18 PM) (Source: Service Control Manager) (User: )
Description: The Task Scheduler service failed to start due to the following error:
%%1062

Error: (12/05/2012 01:07:18 PM) (Source: Service Control Manager) (User: )
Description: The Wireless Zero Configuration service failed to start due to the following error:
%%995

Error: (11/29/2012 10:10:16 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.43.161 for the Network Card with network address 002556764449 has been
denied by the DHCP server 192.168.2.254 (The DHCP Server sent a DHCPNACK message).

Error: (11/25/2012 01:11:52 AM) (Source: 0) (User: )
Description: 192.168.2.100B8:FF:61:DE:AE:3E

Error: (11/25/2012 01:11:52 AM) (Source: 0) (User: )
Description: 192.168.2.100B8:FF:61:DE:AE:3E

Error: (11/24/2012 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/24/2012 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/24/2012 00:04:15 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (11/24/2012 00:04:15 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (11/08/2012 10:53:14 PM) (Source: .NET Runtime)(User: )
Description: Application: mHotspot.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.EntryPointNotFoundException
Stack:
at  .()
at  ..ctor()
at  ..ctor()
at ..ctor()
at  .()

Error: (11/08/2012 10:50:09 PM) (Source: .NET Runtime)(User: )
Description: Application: mHotspot.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.EntryPointNotFoundException
Stack:
at  .()
at  ..ctor()
at  ..ctor()
at ..ctor()
at  .()

Error: (11/08/2012 02:10:00 PM) (Source: ConnectifySvc)(User: )
Description: ConnectifySvc error: 6Failed to SetServiceStatus


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advanced Audio FX Engine (Version: 1.12.05)
Apk Installing Aroma Creator
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
AVG 2013 (Version: 13.0.2629)
Battery Meter (Version: 0.0.0.7C)
CapsLKNotify (Version: 0.1.0.1)
CCScore (Version: 8.02.0000.0001)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Dell Webcam Central (Version: 1.02.06)
EasyTether (Version: 1.1.14)
EMSC (Version: 0.0.0.10)
ERUNT 1.1j
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.02.0000.0001)
ESScore (Version: 8.02.0000.0001)
ESSgui (Version: 8.02.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Google Chrome (Version: 23.0.1271.95)
HiJackThis (Version: 1.0.0)
HP Play [beta] (Version: 1.0.75.195)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.005)
inSSIDer (Version: 2.1.5)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.2.4)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ SE Development Kit 6 Update 23 (Version: 1.6.0.230)
Kodak EasyShare software
KYOCERA USB Modem M6000 Driver (Version: 1.02.0000)
LG Android Driver (Version: 1.0)
MahJong Suite 2010 v7.1
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
MiniTool Partition Wizard Home Edition 7.6.1
MotoHelper 2.0.40 Driver 4.9.0 (Version: 2.0.40)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.9.0 (Version: 4.9.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
netbrdg (Version: 7.01.0000.0001)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.03.000)
Novacomd (Version: 1.0.0.73)
OfotoXMI (Version: 8.02.1000.0001)
QPST 2.7 (Version: 2.7.366)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5798)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
SDFormatter (Version: 3.1.0)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
staticcr (Version: 8.02.0000.0001)
Tweakui Powertoy for Windows XP (Version: 1.00.0001)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 Card Reader Software (Version: 6.0.6000.81)
VPRINTOL (Version: 8.02.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
WinRAR archiver
WIRELESS (Version: 8.02.0000.0001)
ZTE Handset USB Driver
ZTE Handset USB Driver (Version: 5.2066.1.9B04)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 1014.36 MB
Available physical RAM: 665.86 MB
Total Pagefile: 2441.18 MB
Available Pagefile: 2215.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:173.83 GB) NTFS

========================= Users: ========================================

User accounts for \\MYMINI

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Tom

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031311-01.dmp
C:\WINDOWS\Minidump\Mini031311-02.dmp
========================= Restore Points ==================================

19-09-2012 23:40:52 System Checkpoint
13-10-2012 02:03:50 System Checkpoint
14-10-2012 02:32:04 System Checkpoint
15-10-2012 03:48:18 System Checkpoint
16-10-2012 05:45:18 System Checkpoint
17-10-2012 05:54:36 System Checkpoint
18-10-2012 06:48:32 System Checkpoint
19-10-2012 07:44:11 System Checkpoint
20-10-2012 07:47:21 System Checkpoint
21-10-2012 16:56:45 System Checkpoint
22-10-2012 17:26:18 System Checkpoint
23-10-2012 18:21:58 System Checkpoint
25-10-2012 04:01:53 System Checkpoint
26-10-2012 04:02:53 System Checkpoint
27-10-2012 04:58:34 System Checkpoint
27-10-2012 20:51:16 Unsigned driver install
27-10-2012 21:12:50 Installed KYOCERA USB Modem M6000 Driver.
27-10-2012 21:15:47 Unsigned driver install
28-10-2012 01:36:23 Software Distribution Service 3.0
28-10-2012 02:04:11 Software Distribution Service 3.0
28-10-2012 03:22:54 Removed EasyTether
28-10-2012 03:26:52 Software Distribution Service 3.0
28-10-2012 04:26:58 Software Distribution Service 3.0
28-10-2012 13:58:40 Software Distribution Service 3.0
29-10-2012 07:00:20 Software Distribution Service 3.0
29-10-2012 23:45:14 Installed QPST 2.7
30-10-2012 01:40:13 Removed Bonjour
30-10-2012 07:00:20 Software Distribution Service 3.0
31-10-2012 07:43:24 System Checkpoint
01-11-2012 07:44:47 System Checkpoint
02-11-2012 07:58:28 System Checkpoint
03-11-2012 08:34:39 System Checkpoint
04-11-2012 09:31:16 System Checkpoint
05-11-2012 08:00:18 Software Distribution Service 3.0
06-11-2012 19:05:47 Software Distribution Service 3.0
06-11-2012 19:39:06 Software Distribution Service 3.0
06-11-2012 21:59:57 Installed AVG 2013
06-11-2012 22:00:46 Installed AVG 2013
07-11-2012 02:34:23 Created by Wise Registry Cleaner
08-11-2012 17:00:54 System Checkpoint
08-11-2012 19:02:44 Removed Android Commander
08-11-2012 19:03:27 Removed Apple Application Support
08-11-2012 19:06:01 Removed Apple Mobile Device Support
08-11-2012 19:07:16 Removed Apple Software Update
08-11-2012 19:13:31 Removed iTunes
08-11-2012 19:17:27 Removed KYOCERA USB Modem M6000 Driver.
08-11-2012 19:39:18 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
08-11-2012 19:42:51 Removed Samsung Kies
08-11-2012 20:00:50 Removed QuickTime
08-11-2012 20:02:39 Removed QPST 2.7
09-11-2012 03:38:22 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
10-11-2012 03:50:35 System Checkpoint
11-11-2012 04:06:36 System Checkpoint
15-11-2012 22:23:40 Installed LG Android Driver
15-11-2012 22:36:59 Installed EasyTether
15-11-2012 22:38:41 Unsigned driver install
23-11-2012 02:11:28 System Checkpoint
24-11-2012 05:17:06 Removed AVG 2013
24-11-2012 05:19:59 Removed AVG 2013
30-11-2012 21:29:49 Installed SDFormatter.
02-12-2012 03:51:50 Installed QPST 2.7
02-12-2012 04:13:57 Unsigned driver install
03-12-2012 05:05:14 Update to an unsigned driver
03-12-2012 05:34:52 Update to an unsigned driver
03-12-2012 05:35:38 Installed WModem_Installer
03-12-2012 19:01:09 Unsigned driver install
05-12-2012 04:53:18 System Checkpoint

**** End of log ****

#4 zmk76

zmk76
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 06 December 2012 - 11:14 AM

11:12:02.0109 0136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:12:02.0828 0136 ============================================================
11:12:02.0828 0136 Current date / time: 2012/12/06 11:12:02.0828
11:12:02.0828 0136 SystemInfo:
11:12:02.0828 0136
11:12:02.0828 0136 OS Version: 5.1.2600 ServicePack: 3.0
11:12:02.0828 0136 Product type: Workstation
11:12:02.0828 0136 ComputerName: MYMINI
11:12:02.0828 0136 UserName: Tom
11:12:02.0828 0136 Windows directory: C:\WINDOWS
11:12:02.0828 0136 System windows directory: C:\WINDOWS
11:12:02.0828 0136 Processor architecture: Intel x86
11:12:02.0828 0136 Number of processors: 2
11:12:02.0828 0136 Page size: 0x1000
11:12:02.0828 0136 Boot type: Normal boot
11:12:02.0828 0136 ============================================================
11:12:03.0828 0136 BG loaded
11:12:04.0234 0136 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:12:04.0234 0136 ============================================================
11:12:04.0234 0136 \Device\Harddisk0\DR0:
11:12:04.0234 0136 MBR partitions:
11:12:04.0234 0136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
11:12:04.0234 0136 ============================================================
11:12:04.0281 0136 C: <-> \Device\Harddisk0\DR0\Partition1
11:12:04.0281 0136 ============================================================
11:12:04.0281 0136 Initialize success
11:12:04.0281 0136 ============================================================

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:54 PM

Posted 06 December 2012 - 05:59 PM

Hi

Please do the following next:

:step1:

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

How is the computer running now?

Edited by dev00790, 06 December 2012 - 06:11 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:54 PM

Posted 06 December 2012 - 06:11 PM

Note I have updated my previous post

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 zmk76

zmk76
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 December 2012 - 02:36 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tom :: MYMINI [administrator]

12/6/2012 8:16:09 PM
mbam-log-2012-12-06 (22-37-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320896
Time elapsed: 1 hour(s), 48 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0003.dta (Trojan.Agent.MRGGen) -> No action taken.

(end)

C:\android\platform-tools\LGOptimusVTools.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\android\platform-tools\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\34\c669a2-13d46950 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\60\d36127c-66c50f6f multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\aahk-17122011\tools\bin\zergRush Android/Exploit.Lotoor.BL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\z4root.1.3.0.zip multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\SuperOneClickv1.7-ShortFuse.zip multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\tbolt.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\ace-hack-kit-v9\tools\root\com.modaco.visionaryplus.r14.apk multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\ace-hack-kit-v9\tools\root\rage Android/Exploit.RageCage.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\ace-hack-kit-v9.tar.gz multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\p\Moto_MSM_Root.zip Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\p\SuperOneClickv1.5.5-ShortFuse.zip Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\aahk-17122011.zip Android/Exploit.Lotoor.BL trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\LGOptimusVTools.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\setup_freetwittube.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\PromoEngineInstaller\chutil.dll Win32/TopMedia.A application cleaned by deleting - quarantined
C:\Documents and Settings\Tom\My Documents\aahk-17122011\tools\bin\zergRush Android/Exploit.Lotoor.BL trojan cleaned by deleting - quarantined
C:\Moto_MSM_Root\rageagainstthecage-arm5.bin Android/Exploit.RageCage.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12d1e9\2568.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12d1e9\834.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP180\A0085871.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP180\A0085872.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP191\A0092961.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP191\A0092966.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\tbolt\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#8 zmk76

zmk76
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 December 2012 - 02:39 AM

C:\android\platform-tools\LGOptimusVTools.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\android\platform-tools\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\34\c669a2-13d46950 a variant of Java/Exploit.CVE-2010-0094.O trojan deleted - quarantined
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\60\d36127c-66c50f6f multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\aahk-17122011\tools\bin\zergRush Android/Exploit.Lotoor.BL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\z4root.1.3.0.zip multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\SuperOneClickv1.7-ShortFuse.zip multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\tbolt.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\ace-hack-kit-v9\tools\root\com.modaco.visionaryplus.r14.apk multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\ace-hack-kit-v9\tools\root\rage Android/Exploit.RageCage.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\ace-hack-kit-v9.tar.gz multiple threats deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\p\Moto_MSM_Root.zip Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\Camera\desktopclutter\Unused Desktop Shortcuts\Desktop\p\SuperOneClickv1.5.5-ShortFuse.zip Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\aahk-17122011.zip Android/Exploit.Lotoor.BL trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\LGOptimusVTools.zip Android/Exploit.Lotoor.AK trojan deleted - quarantined
C:\Documents and Settings\Tom\Desktop\desktopclutter\New Folder\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\setup_freetwittube.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Tom\Local Settings\temp\PromoEngineInstaller\chutil.dll Win32/TopMedia.A application cleaned by deleting - quarantined
C:\Documents and Settings\Tom\My Documents\aahk-17122011\tools\bin\zergRush Android/Exploit.Lotoor.BL trojan cleaned by deleting - quarantined
C:\Moto_MSM_Root\rageagainstthecage-arm5.bin Android/Exploit.RageCage.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12d1e9\2568.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\12d1e9\834.mof.vir Win32/RogueAV.A trojan cleaned by deleting - quarantined
C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP180\A0085871.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP180\A0085872.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP191\A0092961.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{EAA8C49C-51D3-43C7-A40A-8A20D702AF84}\RP191\A0092966.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\tbolt\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.12.2012_10.56.05\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:54 PM

Posted 07 December 2012 - 03:12 PM

Hi

Due to the large amount of malware found and removed by ESET:

-------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users