Jump to content

PUM Disabled Security Center virus


Recommended Posts

Malwarebites (MB) found it but since  was already installed It wont update. I ran Rkill in safe mode then Chameleon,  it failed to update MB. It did find 3 PUM Disabled Security Center Virus files & killed em all in Safe Mode, but its still not letting update Windows, AVG or MB. I get some fake looking error messages. It also removed Zone Alarm. I'm getting this error code: "(0,0, Connection Refused)"  when trying to update MB
I think the virus is still active. It blocks me from going to MB's & AVG's forums.
So I been going there from another PC to study.


I never set an Admin password on that PC when XP was installed, but now it asks for one in safe mode. So I have to enter safe mode under my name, "JB" Thats the Only thing I told it when XP was set up. No JB don't work for the admin PW

I ran Hijackthis But didn't see no funny stuff (I guess) Not really sure. I left  AVG doing another full scan & unplugged the network cable from the PC...

I have a backup of all my work stuff including email addys on a 2nd drive, It may also be infected. Thats the only reason I haven't low leveled the main drive.
Help if you can,

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

I ran raebar in safe mode:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2013 02
Ran by JB (administrator) on 12-07-2013 07:51:16
Running from E:\Documents and Settings\JB\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Check Point Software Technologies LTD) E:\WINDOWS\system32\ZoneLabs\vsmon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - "E:\WINDOWS\system32\NeroCheck.exe" [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [ZoneAlarm Client] - "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [1043968 2011-02-18] (Check Point Software Technologies LTD)
HKLM\...\Run: [AVG_UI] - "E:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [A0] - cmd /c "E:\Documents and Settings\JB\Desktop\mbar\mbar.exe" /r /s [769096 2013-07-11] (Malwarebytes Corporation)
HKLM\...\RunOnce: [1] - E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe /r /p [218184 2012-08-15] ()
Winlogon\Notify\!SASWinLogon: E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [X]
BootExecute: autocheck autochk * E:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
StartMenuInternet: IEXPLORE.EXE - "%programfiles%\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope value is missing.
BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - E:\Program Files\Failsafe\GuardIE\PnIE.dll (Failsafe Technologies)
Toolbar: HKLM - Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - E:\Program Files\Failsafe\GuardIE\PnIE.dll (Failsafe Technologies)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373554598812
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)

FireFox:
========
FF ProfilePath: E:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\nwoulpdb.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @real.com/nppl3260;version=6.0.11.1879 - E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1939 - E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.872 - E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - E:\Documents and Settings\JB\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ghostery - E:\Documents and Settings\JB\Application Data\Mozilla\Firefox\Profiles\nwoulpdb.default\Extensions\firefox@ghostery.com
FF Extension: Default - E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - E:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; E:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
S2 avgwd; E:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S3 getPlusHelper; E:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-11-06] (NOS Microsystems Ltd.)
S2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware1\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vsmon; E:\WINDOWS\system32\ZoneLabs\vsmon.exe [2435592 2011-02-18] (Check Point Software Technologies LTD)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

S2 Aspi32; E:\Windows\System32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
S1 AVGIDSDriver; E:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; E:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; E:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; E:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; E:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; E:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; E:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; E:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 Dot4Scan; E:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 HPZid412; E:\Windows\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP)
S3 HPZipr12; E:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP)
S3 HPZius12; E:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP)
R3 mbamchameleon; E:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-07-11] ()
S3 MBAMProtector; E:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 nvax; E:\Windows\System32\drivers\nvax.sys [13056 2002-12-04] (NVIDIA Corporation)
R3 NVENET; E:\Windows\System32\DRIVERS\NVENET.sys [80896 2002-09-22] (NVIDIA Corporation)
S3 nvnforce; E:\Windows\System32\drivers\nvapu.sys [241664 2002-12-04] (NVIDIA Corporation)
R0 nv_agp; E:\Windows\System32\DRIVERS\nv_agp.sys [13568 2002-09-05] (NVIDIA Corporation)
S1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; E:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2008-12-04] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2008-12-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SI3112r; E:\Windows\System32\DRIVERS\SI3112r.sys [110128 2007-02-01] (Silicon Image, Inc)
R0 SiFilter; E:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-02-01] (Silicon Image, Inc.)
R1 vsdatant; E:\Windows\System32\vsdatant.sys [532224 2010-05-13] (Check Point Software Technologies LTD)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S4 IntelIde; No ImagePath
S3 NTACCESS; \??\D:\NTACCESS.sys [x]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-12 07:50 - 2013-07-12 07:50 - 00000000 ____D E:\FRST
2013-07-12 07:49 - 2013-07-11 22:10 - 01218524 ____A (Farbar) E:\Documents and Settings\JB\Desktop\FRST.exe
2013-07-11 09:56 - 2013-07-11 09:57 - 00000000 ____D E:\WINDOWS\LastGood
2013-07-11 09:07 - 2013-07-11 09:21 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-11 09:05 - 2013-07-11 09:21 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbar
2013-07-11 08:35 - 2013-07-11 11:28 - 00002409 ____A E:\Documents and Settings\JB\Desktop\avgrep.txt
2013-07-11 07:20 - 2013-07-10 10:05 - 01816704 ____A (Bleeping Computer, LLC) E:\Documents and Settings\JB\Desktop\rkill.com
2013-07-11 07:04 - 2013-07-11 07:04 - 00035144 ____A E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-07-10 10:43 - 2013-07-10 10:43 - 00000791 ____A E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-10 10:42 - 2013-07-10 10:43 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware1
2013-07-10 10:26 - 2013-07-11 07:21 - 00002874 ____A E:\Documents and Settings\JB\Desktop\Rkill.txt
2013-07-10 07:41 - 2013-07-10 07:41 - 00000000 ____D E:\Documents and Settings\JB\Application Data\AVG2013
2013-07-10 07:34 - 2013-07-10 07:34 - 00000702 ____A E:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-07-10 07:34 - 2013-07-10 07:34 - 00000000 ____D E:\Documents and Settings\JB\Application Data\TuneUp Software
2013-07-10 07:33 - 2013-07-10 07:35 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AVG2013
2013-07-10 07:09 - 2013-07-10 07:08 - 00098304 ____A E:\WINDOWS\Minidump\Mini071013-01.dmp
2013-07-10 07:04 - 2013-07-10 07:33 - 00000000 ___HD E:\$AVG
2013-07-10 06:59 - 2013-07-11 08:36 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\Avg2013
2013-07-10 06:59 - 2013-07-10 08:36 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\MFAData
2013-07-10 06:59 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\MFAData
2013-07-09 11:24 - 2013-07-09 11:24 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000
2013-07-09 11:22 - 2013-07-10 07:19 - 00000000 __SHD E:\WINDOWS\CSC
2013-07-09 11:11 - 2013-07-09 11:11 - 00000738 ____A E:\Documents and Settings\JB\Start Menu\Programs\Outlook Express.lnk
2013-07-09 11:08 - 2013-07-09 11:08 - 00005041 ____A E:\Documents and Settings\JB\My Documents\contacts.csv
2013-07-08 08:33 - 2013-07-10 07:03 - 00000000 ____D E:\Program Files\Mozilla Firefox
2013-06-28 09:44 - 2013-06-28 09:44 - 00000242 ____A E:\Documents and Settings\JB\Desktop\BBQ rub & cheese.txt
2013-06-12 07:18 - 2013-06-12 09:52 - 00000000 ____D E:\Documents and Settings\JB\My Documents\ct110 parts

==================== One Month Modified Files and Folders =======

2013-07-12 07:50 - 2013-07-12 07:50 - 00000000 ____D E:\FRST
2013-07-11 22:10 - 2013-07-12 07:49 - 01218524 ____A (Farbar) E:\Documents and Settings\JB\Desktop\FRST.exe
2013-07-11 11:28 - 2013-07-11 08:35 - 00002409 ____A E:\Documents and Settings\JB\Desktop\avgrep.txt
2013-07-11 09:58 - 2009-07-17 08:12 - 01620060 ____A E:\WINDOWS\WindowsUpdate.log
2013-07-11 09:57 - 2013-07-11 09:56 - 00000000 ____D E:\WINDOWS\LastGood
2013-07-11 09:57 - 2009-07-17 03:01 - 00686832 ____A E:\WINDOWS\setupapi.log
2013-07-11 09:57 - 2009-07-17 02:54 - 00000000 ____D E:\WINDOWS\Help
2013-07-11 09:52 - 2009-07-22 06:55 - 00000116 ____A E:\WINDOWS\NeroDigital.ini
2013-07-11 09:24 - 2009-07-17 09:50 - 00000000 ____D E:\Documents and Settings\JB\Application Data\MailWasher
2013-07-11 09:21 - 2013-07-11 09:07 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-11 09:21 - 2013-07-11 09:05 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbar
2013-07-11 08:36 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\Avg2013
2013-07-11 07:21 - 2013-07-10 10:26 - 00002874 ____A E:\Documents and Settings\JB\Desktop\Rkill.txt
2013-07-11 07:04 - 2013-07-11 07:04 - 00035144 ____A E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-07-11 07:02 - 2009-07-17 08:19 - 00000062 __ASH E:\Documents and Settings\JB\Local Settings\desktop.ini
2013-07-11 07:01 - 2009-07-17 08:17 - 00000062 __ASH E:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-11 06:56 - 2009-07-17 08:17 - 00000006 ___AH E:\WINDOWS\Tasks\SA.DAT
2013-07-11 06:54 - 2009-07-17 08:19 - 00000178 ___SH E:\Documents and Settings\JB\ntuser.ini
2013-07-10 10:43 - 2013-07-10 10:43 - 00000791 ____A E:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-10 10:43 - 2013-07-10 10:42 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware1
2013-07-10 10:41 - 2009-07-17 03:04 - 00000157 ____A E:\WINDOWS\wiadebug.log
2013-07-10 10:41 - 2009-07-17 03:04 - 00000049 ____A E:\WINDOWS\wiaservc.log
2013-07-10 10:30 - 2009-07-17 08:17 - 00032472 ____A E:\WINDOWS\SchedLgU.Txt
2013-07-10 10:05 - 2013-07-11 07:20 - 01816704 ____A (Bleeping Computer, LLC) E:\Documents and Settings\JB\Desktop\rkill.com
2013-07-10 09:51 - 2012-11-09 07:32 - 00000830 ____A E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-10 09:32 - 2010-11-16 12:15 - 00000000 ____D E:\Program Files\Malwarebytes' Anti-Malware
2013-07-10 09:32 - 2009-12-02 09:01 - 00014848 _ASHC E:\WINDOWS\Thumbs.db
2013-07-10 08:36 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\MFAData
2013-07-10 08:10 - 2012-05-16 09:36 - 00000000 ____D E:\Documents and Settings\JB\Desktop\new recipes office
2013-07-10 07:41 - 2013-07-10 07:41 - 00000000 ____D E:\Documents and Settings\JB\Application Data\AVG2013
2013-07-10 07:35 - 2013-07-10 07:33 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\AVG2013
2013-07-10 07:34 - 2013-07-10 07:34 - 00000702 ____A E:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-07-10 07:34 - 2013-07-10 07:34 - 00000000 ____D E:\Documents and Settings\JB\Application Data\TuneUp Software
2013-07-10 07:33 - 2013-07-10 07:04 - 00000000 ___HD E:\$AVG
2013-07-10 07:19 - 2013-07-09 11:22 - 00000000 __SHD E:\WINDOWS\CSC
2013-07-10 07:09 - 2010-10-06 09:27 - 00000000 ____D E:\WINDOWS\Minidump
2013-07-10 07:08 - 2013-07-10 07:09 - 00098304 ____A E:\WINDOWS\Minidump\Mini071013-01.dmp
2013-07-10 07:04 - 2009-12-04 07:52 - 00000000 ____D E:\Documents and Settings\Administrator
2013-07-10 07:03 - 2013-07-08 08:33 - 00000000 ____D E:\Program Files\Mozilla Firefox
2013-07-10 07:03 - 2009-12-03 09:53 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\avg8
2013-07-10 07:02 - 2009-12-03 09:53 - 00000000 ____D E:\Program Files\AVG
2013-07-10 06:59 - 2013-07-10 06:59 - 00000000 ____D E:\Documents and Settings\JB\Local Settings\Application Data\MFAData
2013-07-09 11:24 - 2013-07-09 11:24 - 00000000 ____D E:\Documents and Settings\JB\Desktop\mbam-chameleon-1.62.1.1000
2013-07-09 11:18 - 2009-07-17 08:10 - 00000000 ____D E:\WINDOWS\system32\Restore
2013-07-09 11:12 - 2009-07-17 03:02 - 00203341 ___AC E:\WINDOWS\iis6.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00108376 ___AC E:\WINDOWS\FaxSetup.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00082097 ___AC E:\WINDOWS\ocgen.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00061147 ___AC E:\WINDOWS\tsoc.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00048638 ___AC E:\WINDOWS\comsetup.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00029936 ___AC E:\WINDOWS\ntdtcsetup.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00009857 ___AC E:\WINDOWS\MedCtrOC.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00006705 ___AC E:\WINDOWS\ocmsn.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00006269 ___AC E:\WINDOWS\msgsocm.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00005804 ___AC E:\WINDOWS\tabletoc.log
2013-07-09 11:12 - 2009-07-17 03:02 - 00004507 ____A E:\WINDOWS\imsins.log
2013-07-09 11:11 - 2013-07-09 11:11 - 00000738 ____A E:\Documents and Settings\JB\Start Menu\Programs\Outlook Express.lnk
2013-07-09 11:11 - 2009-07-17 08:18 - 00000234 __ASH E:\Documents and Settings\JB\Start Menu\Programs\desktop.ini
2013-07-09 11:11 - 2009-07-17 03:02 - 00355086 ___AC E:\WINDOWS\system32\PerfStringBackup.INI
2013-07-09 11:11 - 2009-07-17 03:02 - 00050752 ___AC E:\WINDOWS\msmqinst.log
2013-07-09 11:11 - 2009-07-17 03:02 - 00020291 ___AC E:\WINDOWS\netfxocm.log
2013-07-09 11:10 - 2009-07-17 03:02 - 00004507 ____A E:\WINDOWS\imsins.BAK
2013-07-09 11:10 - 2009-07-17 02:54 - 00000000 ____D E:\WINDOWS\system32\inetsrv
2013-07-09 11:08 - 2013-07-09 11:08 - 00005041 ____A E:\Documents and Settings\JB\My Documents\contacts.csv
2013-07-09 09:55 - 2007-07-27 07:00 - 00000565 ____A E:\WINDOWS\win.ini
2013-07-09 09:55 - 2007-07-27 07:00 - 00000435 ____A E:\WINDOWS\system.ini
2013-07-08 08:58 - 2009-07-17 11:44 - 00000000 ____D E:\Program Files\Common Files\Adobe
2013-07-08 08:57 - 2012-04-25 11:03 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Adobe
2013-07-08 08:57 - 2009-07-17 11:44 - 00000000 ____D E:\Program Files\Adobe
2013-07-08 08:33 - 2012-05-31 08:17 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
2013-07-08 07:04 - 2007-07-27 07:00 - 00013646 ____A E:\WINDOWS\system32\wpa.dbl
2013-07-02 06:42 - 2009-07-17 09:51 - 00000492 ____A E:\Documents and Settings\JB\Desktop\mail.txt
2013-06-28 09:44 - 2013-06-28 09:44 - 00000242 ____A E:\Documents and Settings\JB\Desktop\BBQ rub & cheese.txt
2013-06-28 09:27 - 2009-07-17 08:18 - 00000000 ____D E:\Documents and Settings\JB
2013-06-12 09:52 - 2013-06-12 07:18 - 00000000 ____D E:\Documents and Settings\JB\My Documents\ct110 parts
2013-06-12 07:05 - 2012-06-07 06:36 - 00692104 ____A (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-12 07:05 - 2011-05-16 07:02 - 00071048 ____A (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

E:\Windows\explorer.exe => MD5 is legit
E:\Windows\System32\winlogon.exe => MD5 is legit
E:\Windows\System32\svchost.exe => MD5 is legit
E:\Windows\System32\services.exe
[2007-07-27 07:00] - [2008-04-14 06:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

E:\Windows\System32\User32.dll => MD5 is legit
E:\Windows\System32\userinit.exe => MD5 is legit
E:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2013 02
Ran by JB at 2013-07-12 07:52:08
Running from E:\Documents and Settings\JB\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

4x4 Evo2
Ad-aware 6 Personal (Version: 6.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Download Manager (Version: 1.6.2.49)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AiO_Scan_CDA (Version: 51.0.230.000)
Audacity 2.0.3 (Version: 2.0.3)
AVG 2013 (Version: 13.0.3204)
AVG 2013 (Version: 13.0.3349)
AVG 2013 (Version: 2013.0.3349)
CDCheck
Digimax Master (Version: 1.0.35)
File-Saver
Guard-IE V3.3
HijackThis 2.0.2 (Version: 2.0.2)
HP PSC & OfficeJet 6.1.A
HP USB Disk Storage Format Tool
InterVideo WinDVD
MailWasher
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office Word Viewer 2003 (Version: 11.0.6506.0)
Microsoft PowerPoint Viewer 97
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
Nero Suite
NVIDIA Windows 2000/XP nForce Drivers
OpenOffice.org 3.2 (Version: 3.2.9483)
Prism Video Converter
QFolder (Version: 1.00.0000)
QuickTime Alternative 1.76 (Version: 1.76)
RealPlayer
Scan (Version: 6.0.0.0)
Sound Effects Generator 2.2
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware Free Edition (Version: 4.23.0.1006)
USB DATA INPUT MESSAGE SYSTEM ¢ñ (V1.1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
Your Uninstaller! 7 (Version: 7.4.2012.5)
ZoneAlarm (Version: 9.2.105.000)
 

==================== Restore Points  =========================

09-07-2013 16:18:40 System Checkpoint
10-07-2013 12:02:34 Installed AVG 2013
10-07-2013 12:03:58 Removed AVG Free 8.5
10-07-2013 12:18:42 Installed AVG 2013
10-07-2013 12:32:57 Installed AVG 2013

==================== Hosts content: ==========================

2007-07-27 07:00 - 2009-12-04 11:06 - 00000734 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2013 07:18:41 AM) (Source: MsiInstaller) (User: JB-05AA7CF32685)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/10/2013 07:16:05 AM) (Source: Application Error) (User: )
Description: Fault bucket 223121472.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/10/2013 07:16:04 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (07/10/2013 07:15:24 AM) (Source: Application Error) (User: )
Description: Faulting application superantispyware.exe, version 4.23.0.1006, faulting module superantispyware.exe, version 4.23.0.1006, fault address 0x0007a9f2.
Processing media-specific event for [superantispyware.exe!ws!]

Error: (07/10/2013 07:12:17 AM) (Source: MsiInstaller) (User: JB-05AA7CF32685)
Description: The installation of E:\Documents and Settings\All Users\Application Data\MFAData\pack\AVGx86.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (07/08/2013 08:52:09 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/08/2013 08:52:09 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/29/2013 07:22:18 AM) (Source: Application Error) (User: )
Description: Faulting application digimaxmaster.exe, version 1.0.35.0, faulting module mfc71.dll, version 7.10.3077.0, fault address 0x00094e90.
Processing media-specific event for [digimaxmaster.exe!ws!]

Error: (03/12/2013 06:54:59 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/12/2013 06:54:59 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (07/11/2013 10:17:56 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 10:01:00 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:56:37 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/11/2013 09:55:22 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:55:13 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:52:47 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:38:40 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:27:34 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:26:37 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/11/2013 09:26:24 AM) (Source: DCOM) (User: JB-05AA7CF32685)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (07/10/2013 07:18:41 AM) (Source: MsiInstaller)(User: JB-05AA7CF32685)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)

Error: (07/10/2013 07:16:05 AM) (Source: Application Error)(User: )
Description: 223121472

Error: (07/10/2013 07:16:04 AM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (07/10/2013 07:15:24 AM) (Source: Application Error)(User: )
Description: superantispyware.exe4.23.0.1006superantispyware.exe4.23.0.10060007a9f2

Error: (07/10/2013 07:12:17 AM) (Source: MsiInstaller)(User: JB-05AA7CF32685)
Description: E:\Documents and Settings\All Users\Application Data\MFAData\pack\AVGx86.msi(NULL)(NULL)(NULL)

Error: (07/08/2013 08:52:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/08/2013 08:52:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/29/2013 07:22:18 AM) (Source: Application Error)(User: )
Description: digimaxmaster.exe1.0.35.0mfc71.dll7.10.3077.000094e90

Error: (03/12/2013 06:54:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (03/12/2013 06:54:59 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 1023.48 MB
Available physical RAM: 601.52 MB
Total Pagefile: 2463.43 MB
Available Pagefile: 2342.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:26.75 GB) NTFS
Drive e: () (Fixed) (Total:37.26 GB) (Free:18.76 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 6A7C6A7C)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 6D806D80)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from this link:

 http://www.malwarebytes.org/products/mbar/

Unzip the File to a convenient location. (Recommend the Desktop)


1. Open the mbar folder run mbar.exe

Image1.png

2. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

3. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

4. The following image opens, select Next.

Image2.png

5. The following image opens, select Update

Image3.png

6. When the update completes select Next.

Image4.png

7. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

8. If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats. Or if you are sure any entries should not be kept, just untick them.

MBAntiRKcleanA.png

9. The Clean up procedure will be Scheduled for process.

Capture.png

10. When scheduling is complete the following image will appear,

Capture2.png

11. Select the Yes tab, the system should re-boot to complete the cleaning process.

12. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown, (copy/paste the most recent by date/time)

Image10.png

Thanks,
 

Kevin

Link to post
Share on other sites

Should I install/run Mbar in safe mode?  (The system seems to be in its death bed in normal start up),  keeps freezing up & It gets pissed off when the internet cable is unplugged. The PC is at my office, I'll return in the moring & follow your instructions exactly as posted...

 

Thanks Kevin

Link to post
Share on other sites

Yes give it a try in safe mode if that is your best option. You can d/l the tool on another PC and transfer via usb stick, cd or similar... It maybe beneficial to maybe run an offline tool also if MBAR does not work...

 

I give the instructions now just in case you need them:

 

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive. If not use the PC you are using

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.
You will have to select the correct version for your system, either 32 or 64 bit

WD.png

Double click to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

In the new window accept the agreement:

WD2a.png

In the new window select your USB Flash Drive, then select "Next"

WD3.png

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

WD3a.png

In the new window accept the formatting alert by selecting "Next"

WD3b.png

Files will be Downloaded:

WD4.png

Files will be processed and created

WD5.png

Flash drive will be formatted and prepared

WD6.png

Files will be added to the Flash Drive and the tool will be created.

WD7.png

The procedure is finished and the Tool created, click on "Finish" to complete.

WD8.png

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key to boot into regular windows.
Navigate to the following file:
"C:\windows\windows defender offline\support\mssWrapper.log" Open with notepad and copy and paste it into a reply.

C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt

 

Kevin

Link to post
Share on other sites

Mbar never completed its update/gave me the success: database successfully updated,

 

log files:

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
JB :: JB-05AA7CF32685 [administrator]

7/13/2013 7:20:51 AM
mbar-log-2013-07-13 (07-20-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 219753
Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

System log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.464000 GHz
Memory total: 1073201152, free: 646168576

Connection refused
Initializing...
Done!
Scanning drivers directory: E:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6A7C6A7C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 78140097
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 40020664320 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6D806D80

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.464000 GHz
Memory total: 1073201152, free: 681156608

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.464000 GHz
Memory total: 1073201152, free: 854634496

Connection refused
Connection refused
Initializing...
------------ Kernel report ------------
     07/13/2013 07:20:31
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
SI3112r.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
SiWinAcc.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
nv_agp.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NVENET.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\vsdatant.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\E:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\E:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86f26ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-f\
Lower Device Object: 0xffffffff86f00d98
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86effab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff86f00940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86effab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f28b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86effab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f67910, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86f00940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: E:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "e:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rdpwd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\jedih2rx.bin" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\jedih2rx.bin" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\jedireg.pat" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\jedireg.pat" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mbamcatchme.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mbamcatchme.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ramsed.bin" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ramsed.bin" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\avgntflt.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\avgntflt.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "e:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "E:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6A7C6A7C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 78140097
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 40020664320 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78145360-78165360)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86f26ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f3eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86f26ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86f68f18, DeviceName: \Device\00000069\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86f00d98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6D806D80

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Done!
Read File: File "e:\Documents and Settings\JB\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "e:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing e:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
 

I'm going to use the thumb drive to boot, & send that log next

Link to post
Share on other sites

I  installed Defender on a flash drive & booted the PC from it,  

did not see any files being loaded but did see a windows splash screen. After about 5 mins I get this text:

 

Your PC needs to restart.

Please hold down the power button.

Error code: 0x0000005d

Parameters:

0x03060a00

0x68747541

0x69746E65

0x444D4163 

 


I restarted it 3 times, the same happend on  each reboot It Never did run a "Quick Scan" or give me any other options?

 

Guess my bios is too old? I just noticed when the PC starts normally a blank CMD box pops up after the Windows splash screen & the monitor goes blank.

 

I never tried Windows Malicious software removel tool. Would that do anything?

Link to post
Share on other sites

Yes you can try MRST, is ok to use:

 

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop (1)

Save and Rename it as You download it to iexplore.exe (2)

 

msrt1-1.jpg

 

Double-click iexplore.exe on your Desktop to run it

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

 

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Click on Start, Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

Link to post
Share on other sites

Let me add, last time it booted up from a fake looking safe mode (with huge icons)  I used Super Anti Spywares Safe boot, It booted to the Real Window safe mode. The screen resolution was back to normal, it didn't ask  for sign in as admin or user, the HD did not stop seeking. I could hear it running like it was doing a defrag, The drive LED was going crazy. (The net cable was unplugged too) I rebooted again in safe with networking (cat5 pluged in) It will not get back online. I shut it down.

 

Important Question, Is the data safe on my secondary HD? Or is it infected too? This is my office PC & yes its old, but untill it got infected it did what I needed.

 

  BTW My son's new PC got the same virus, it came from a disc that was used on both PC's. His PC is running Win 7, Mine is running XP Pro. MB found the virus on his PC & removed it. Here's how it happened:

I got a letter in the postal mail from our local Better Business Bureau  (The BBB) asking for a company profile update. About a week later I got an Email from the BBB asking for the same thing. It had a form attached as a Zip file. I stupidly opened it. This is how my PC got infected. MB listed the file name after finding it on my sons PC before it was removed,  I wrote it down but cant find it on my PC. Outlook is set to remove deleted mail when closed on my PC, I should have known something was wrong when the Email BBB form that I filled out was returned as a mail failure

 

Thanks for all your help Kevin. I'm thing Low level the drive? Whats your thoughts?

Link to post
Share on other sites

You`ve lost me off, your system is Windows XP Pro, what is the status right now, does it boot to normal windows or only safe mode. Also be aware your Desktop will look strange in safe mode, the resolution will not be as you`d expect as the video adapter driver will not be running.

Link to post
Share on other sites

Sorry, My Office Desktop PC (NOT this laptop) is the infected machine & is running XP Pro.

I tricked the infected PC into sending an email to my ISP with the log files posted above. I used remote logon to copy/ paste& post these logs

 

It will boot in Both modes. But locks up in each & will not get online anymore.

 

I can burn files from this or any other PC to a CD/DVD or Flash drive, install, & run them. 

 

This is what I've been doing. Understand about the video adapter,

I have two monitors connected to it.

 

Sorry about delayed responces I type very slow

Link to post
Share on other sites

I left this out, I will not be back to my office untill Monday morning. I've down loaded MSRT & renamed it as you recommened  to This  PC's (my home PC) desktop. I'll burn a CD & try to run it on my infected office PC Monday. morning

Link to post
Share on other sites

Understood & Thanks Kevin.

 

Only If you have time check out my YouTube channel. It has over 5 million views.

 

www.youtube.com/user/007bondjb

 

This video is my favorite. I had more fun making this one than any other...

 

 

Hahahaha, Enjoy & thanks again

Link to post
Share on other sites

Loved that video, absolute class. I`ve passed it round several mates, i`m sure the numbers will grow.....

 

As well as MRST also run the following when MRST is done...

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Cheers,

 

Kevin...

Link to post
Share on other sites

Downloaded & ran MRST in Full scan mode, It found Nothing! If MB did remove the infection(s), they or it (virus) corrupted the OP system before MB was ran. It happened quickly, within an hour. This happened before me asking for help on this thread.

 

Tomorrow I'm gonna clear & reset the bios. Yes I know how, unplug power, remove the battery, & move the MB bios jumper, then reverse the procedure.  After that I'm gonna low level the drive, & do a clean OP sys. install.

 

I want to thank you for all you help also. In my next YT Video I'll give you & this site a Thanks Shout Out!

 

Kevin, If you ever come across The Big Pond, Send a PM to my YT channel. We'll down a few liters of aleI & I'll  do the cooking.

 

JB

Link to post
Share on other sites

Thanks for the feedback JB, sometimes I guess the best option is to cut loose and start again. No plans for for a visit in the near future, but maybe 2 or 3 years who knows...

I`ve bookmarked your YT channel so will keep up as best I can, defo try your Whiskey inspired meatloaf, will be interesting.... If you`re good to go i`ll get one of the mods to close out...

 

Take care,

 

Kevin

Link to post
Share on other sites

I'm good for the close out,  Never had any this problem before. It Was my fault,...( I did change all my passwords too)

 

Stay in touch if you have time Mate;

 

Thanks again Kevin

 

PS: My other Cajun Style Meatloaf recipe vids taste better, They don't use a mix from a fan. (from scratch is always better) I get lots of items from them to try, Some are good! Some aint, This one was, simply OK...

 

 

JB

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.