Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky -giving notification


  • Please log in to reply
10 replies to this topic

#1 Madmah

Madmah

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 27 December 2012 - 11:15 PM

Hi,

Past days whenever my system reboot, my kaspersky shows a message, your computer security is at risk. Detected illegal software that can be used by criminals to harm your computer or personal data.
And then it asks me to do a full scan, When full scan is done - It says your computer security at risk do a full scan and this cycle repeats.
Under report, it shows Trojan graph as high But no name is mentioned.

My Kaspersky is licensed one 2011 version. Windos XP SP2 - OS

What should i do?

THANK YOU

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:28 PM

Posted 28 December 2012 - 12:18 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Madmah

Madmah
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 28 December 2012 - 11:17 PM

Hi Broni,

Greetings to you and thank you for guiding me.

Please find the report of Security Check:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
K
a
s
p
e
r
s
k
y
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
All Users Start Menu Programs Startup\ESET-phase2.exe
login LOCALS~1 Temp ESET-2296\7za.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

--------------------------------------------------------------------------------------------------------------------------------------

FSS REPORT:

Farbar Service Scanner Version: 23-12-2012
Ran by login (administrator) on 29-12-2012 at 09:40:27
Running from "C:\Documents and Settings\login\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2003-10-03 03:17] - [2003-10-03 03:17] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2003-10-03 03:17] - [2003-10-03 03:17] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2003-10-03 03:17] - [2003-10-03 03:17] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-23 20:51] - [2003-10-03 03:17] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2011-03-23 20:53] - [2003-10-03 03:17] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2011-03-23 20:53] - [2003-10-03 03:17] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-03-23 20:51] - [2003-10-03 03:17] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2011-03-23 20:53] - [2003-10-03 03:17] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2011-03-23 20:53] - [2003-10-03 03:17] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2003-10-03 03:17] - [2003-10-03 03:17] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2003-10-03 03:17] - [2003-10-03 03:17] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2003-10-03 03:17] - [2003-10-03 03:17] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) kl2(10) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000A00000005000000010000000200000003000000040000000900000007000000080000000C00000006000000


**** End of log ****

MINITOOL BOX REPORT:


MiniToolBox by Farbar Version: 25-11-2012
Ran by login (administrator) on 29-12-2012 at 09:46:44
Running from "C:\Documents and Settings\login\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82578DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.11 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=218.248.255.147 register=PRIMARY
add dns name="Local Area Connection" addr=218.248.255.146 index=2
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : melurmea

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection

Physical Address. . . . . . . . . : E0-69-95-2E-FB-D9

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 218.248.255.147

218.248.255.146

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 218.248.255.147

Name: google.com
Addresses: 74.125.236.135, 74.125.236.136, 74.125.236.137, 74.125.236.142
74.125.236.128, 74.125.236.129, 74.125.236.130, 74.125.236.131, 74.125.236.132
74.125.236.133, 74.125.236.134



Pinging google.com [74.125.236.110] with 32 bytes of data:



Reply from 74.125.236.110: bytes=32 time=104ms TTL=54

Reply from 74.125.236.110: bytes=32 time=105ms TTL=54



Ping statistics for 74.125.236.110:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 104ms, Maximum = 105ms, Average = 104ms

Server: UnKnown
Address: 218.248.255.147

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=332ms TTL=52

Reply from 72.30.38.140: bytes=32 time=268ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 268ms, Maximum = 332ms, Average = 300ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...e0 69 95 2e fb d9 ...... Intel® 82578DC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
106.10.170.118 255.255.255.255 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
174.142.167.115 255.255.255.255 192.168.1.1 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
203.84.220.39 255.255.255.255 192.168.1.1 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2012 00:14:33 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/18/2012 09:32:59 AM) (Source: CanonPrinterDriver3) (User: MELURMEA)
Description: DrvSendPage71B0000007750AE4ACCESS_VIOLATION

Error: (12/17/2012 11:34:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/12/2012 06:23:57 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/10/2012 03:17:15 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.4518.1014, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/01/2012 11:24:55 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/01/2012 11:17:52 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/01/2012 11:16:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/01/2012 11:16:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (12/01/2012 11:14:14 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/29/2012 09:16:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/28/2012 10:46:46 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (12/28/2012 09:17:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/27/2012 03:37:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/27/2012 02:34:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/27/2012 02:11:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/27/2012 00:21:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/27/2012 09:11:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/26/2012 06:07:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/26/2012 02:38:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE


Microsoft Office Sessions:
=========================
Error: (10/08/2012 07:29:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4983 seconds with 540 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader 9.5.2 (Version: 9.5.2)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Canon LBP2900
doPDF 7.2 printer
ESET Online Scanner v3
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
Google Chrome (Version: 23.0.1271.97)
GraphPad Prism 5 (Trial) (Version: 5.04)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5273)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Network Connections 15.3.68.0 (Version: 15.3.68.0)
Kaspersky Internet Security 2011 (Version: 11.0.1.400)
LG CyberLink Power2Go (Version: 6.2.4009)
LG Power Tools (Version: 6.0.3316)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSN
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Opera 9.51 (Version: 9.51)
PaperPort Image Printer (Version: 1.00.0000)
Picasa 3 (Version: 3.5)
PopCap Browser Plugin
QuickTime (Version: 7.72.80.56)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.6106)
Reliance Netconnect - Broadband+ (Version: 11.030.01.16.114)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Setup1 (Version: 1.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1150)
VLC media player 1.0.1 (Version: 1.0.1)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WordWeb (Version: 5)
YTD YouTube Downloader & Converter 3.7

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3253.25 MB
Available physical RAM: 2467.15 MB
Total Pagefile: 5132.92 MB
Available Pagefile: 4281.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.6 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:48.83 GB) (Free:33.73 GB) NTFS
3 Drive e: () (Fixed) (Total:97.65 GB) (Free:97.43 GB) NTFS
4 Drive f: () (Fixed) (Total:97.65 GB) (Free:77.27 GB) NTFS
5 Drive g: () (Fixed) (Total:97.65 GB) (Free:95.24 GB) NTFS
6 Drive h: () (Fixed) (Total:123.96 GB) (Free:123.89 GB) NTFS

========================= Users: ========================================

User accounts for \\MELURMEA

admin Administrator Guest
HelpAssistant login SUPPORT_388945a0


**** End of log ****

Will come back soon with other reports.

Thank you

Regards,

Madmah

#4 Madmah

Madmah
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 29 December 2012 - 01:37 AM

Hi Broni,

Here is my MBAM REPORT: No detections were shown: I restarted my computer. Shall come back with aswMBR report soon.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
login :: MELURMEA [administrator]

12/29/2012 11:51:25 AM
mbam-log-2012-12-29 (11-51-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220295
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Regards,

Madmah

#5 Madmah

Madmah
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 29 December 2012 - 05:02 AM

Hi Broni,

Carried out all steps except the last one ASWMBR. My Kaspersky is giving me a warning message - Some drivers are installed in C drive,if its installed Kaspersky will have no control. What do you want to do? It gives me optiions to allow, terminate , etc..

Let me know what should i do?

By the way, still when system starts "Kaspersky says detected illegal software that can be used by criminals to harm your computer..

Help me

Regards,

Madmah

#6 Madmah

Madmah
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 29 December 2012 - 06:35 AM

Dear Broni,

I tried in Safe Mode and it worked..

Given below are the report of ASWMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-29 16:50:26
-----------------------------
16:50:26.484 OS Version: Windows 5.1.2600 Service Pack 2
16:50:26.484 Number of processors: 4 586 0x2505
16:50:26.484 ComputerName: MELURMEA UserName: login
16:50:34.015 Initialize success
16:50:47.968 AVAST engine download error: 0
16:51:01.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
16:51:01.156 Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
16:51:01.203 Disk 0 MBR read successfully
16:51:01.234 Disk 0 MBR scan
16:51:01.281 Disk 0 Windows XP default MBR code
16:51:01.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
16:51:01.359 Disk 0 Partition - 00 0F Extended LBA 426930 MB offset 102398310
16:51:01.406 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 102398373
16:51:01.453 Disk 0 Partition - 00 05 Extended 99998 MB offset 307194930
16:51:01.500 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 99998 MB offset 307194993
16:51:01.546 Disk 0 Partition - 00 05 Extended 99998 MB offset 716788170
16:51:01.609 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99998 MB offset 511991613
16:51:01.656 Disk 0 Partition - 00 05 Extended 126935 MB offset 1126381410
16:51:01.765 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 126935 MB offset 716788233
16:51:01.875 Disk 0 scanning sectors +976752000
16:51:02.078 Disk 0 scanning C:\WINDOWS\system32\drivers
16:51:24.343 Service scanning
16:52:04.312 Modules scanning
16:52:17.140 Disk 0 trace - called modules:
16:52:17.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
16:52:17.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac90ab8]
16:52:17.390 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000063[0x8ad64890]
16:52:17.484 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8ad5dd98]
16:52:17.562 Scan finished successfully
16:52:28.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\login\Desktop\MBR.dat"
16:52:28.593 The log file has been saved successfully to "C:\Documents and Settings\login\Desktop\aswMBR.txt"


i Restarted my computer, still Kaspersky says, detected legal software that can be used by criminals to harm your computer or personal data. When checked the report, it shows all virus, trojan, worm etc are zero. But under other programs, the graph reads value 2 and says "legal software that can be used by criminals to harm your computer or personal data". But it dont say what is that software?



Help me please..

Regards,

Madmah

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:28 PM

Posted 29 December 2012 - 11:39 AM

Run Kaspersky full scan. It may show some more details.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:28 PM

Posted 31 December 2012 - 04:44 PM

I closed the double post here.
http://www.bleepingcomputer.com/forums/topic479073.html/page__gopid__2935279#entry2935279
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Madmah

Madmah
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 31 December 2012 - 11:42 PM

Dear Broni,

I dont understand by what you mean by closing the double post. Now what should i do to resolve my issue.

Thanks

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:28 PM

Posted 01 January 2013 - 12:12 PM

Follow boopme's advice: http://www.bleepingcomputer.com/forums/topic479073.html/page__view__findpost__p__2931374

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:28 PM

Posted 02 January 2013 - 11:43 AM

Madmah,

With the information you have provided we believe you will need help from the malware removal team. It's not that we don't want to continue helping you here, there are tools that may need to be used that aren't allowed in the Am I Infected forum.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users