pcemkr Posted August 2, 2011 ID:460855 Share Posted August 2, 2011 Hello,Am working to help clen up my mother's computer. She primarily uses it for internet access and to play games, but it seems the last clean up left her without antivirus protection and it shows!I was able to run MWB, Avira Antivir (both cleared 13 issues...1 related to registry)...successfully ran DDS, but ran into issues with GMER (system gets internet error, closes program and automatically reboots computer). I will include what I have in hopes it is enough to resolve the issues and set her up with proper protection moving forward.Thank you in advance!~peace~Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7350Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/1/2011 7:58:52 PMmbam-log-2011-08-01 (19-58-51).txtScan type: Quick scanObjects scanned: 150254Time elapsed: 15 minute(s), 0 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected).DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Owner at 9:12:23 on 2011-08-01Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.14 [GMT -4:00].AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Lexmark 2300 Series\lxcgmon.exeC:\Program Files\Lexmark 2300 Series\ezprint.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\lxcgcoms.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?fr=fptb-attuSearch Page = uWindow Title = Windows Internet Explorer provided by Yahoo!uInternet Settings,ProxyOverride = *.localuSearchAssistant = mSearchAssistant = BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe SearchBHO: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - c:\program files\mapit_1\prxtbMapi.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - c:\program files\mapit_1\prxtbMapi.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [408809432] c:\progra~1\egames\pengui~1\register\egames~1.exe /r "c:\progra~1\egames\pengui~1\register\EGAMES~1.rpd"mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270249044166DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{05E83518-DBD2-48E8-8FAE-1C2AB1E9B618} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E22594C9-FADE-40A1-BB1E-2232D4FDE047} : DhcpNameServer = 192.168.1.254Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLNotify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12Hosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-31 11608]R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-31 136360]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-31 269480]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-31 66616]R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-30 41272]S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2005-8-17 477696].=============== Created Last 30 ================.2011-08-01 04:22:13 -------- d-----w- c:\windows\system32\NtmsData2011-08-01 03:39:17 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}2011-08-01 03:12:16 -------- d-----w- c:\documents and settings\owner\application data\Avira2011-08-01 02:53:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-08-01 02:52:56 -------- d-----w- c:\program files\Avira2011-08-01 02:52:56 -------- d-----w- c:\documents and settings\all users\application data\Avira2011-07-31 16:22:19 -------- d-----w- c:\program files\Defraggler2011-07-30 18:17:05 -------- dc-h--w- c:\documents and settings\all users\application data\~12011-07-30 17:04:21 -------- d-----w- c:\program files\SpywareBlaster2011-07-30 16:34:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2011-07-30 16:34:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-30 16:34:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-07-30 16:34:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-30 16:34:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-30 16:13:48 -------- d-----w- c:\documents and settings\owner\application data\Uniblue2011-07-30 16:13:19 -------- dc-h--w- c:\documents and settings\all users\application data\~02011-07-30 16:13:18 -------- d-----w- c:\program files\Uniblue2011-07-30 16:12:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware2011-07-29 00:11:50 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla2011-07-28 23:06:26 -------- d-----w- c:\program files\AVAST Software2011-07-28 23:06:26 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2011-07-28 22:56:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files2011-07-28 22:53:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-07-20 20:41:13 -------- d-----w- c:\program files\Hasbro Interactive2011-07-05 20:50:43 -------- d-----w- c:\documents and settings\owner\application data\PriceGong2011-07-05 20:47:07 -------- d-----w- c:\program files\Conduit2011-07-05 20:46:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mapit_12011-07-05 20:46:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit.==================== Find3M ====================.2011-06-22 22:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2011-06-17 12:36:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 9:14:04.51 ===============attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 3, 2011 Staff ID:461458 Share Posted August 3, 2011 Hi and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
pcemkr Posted August 4, 2011 Author ID:461575 Share Posted August 4, 2011 Thank you so much for the reply!The info you requested is posted and/or attached.~peace~Malwarebytes' Anti-Malware 1.51.1.1800www.malwarebytes.orgDatabase version: 7367Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/3/2011 7:25:02 PMmbam-log-2011-08-03 (19-25-01).txtScan type: Quick scanObjects scanned: 150633Time elapsed: 14 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ComboFix 11-08-03.03 - Owner 08/03/2011 20:19:16.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.115 [GMT -4:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\Application Data\PriceGongc:\documents and settings\Owner\Application Data\PriceGong\Data\1.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\2229.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\4048.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\4436.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\4489.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\450.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\67.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\83.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\a.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\b.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\c.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\d.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\e.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\f.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\g.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\h.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\i.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\j.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\k.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\l.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\m.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\mru.xmlc:\documents and settings\Owner\Application Data\PriceGong\Data\n.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\o.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\p.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\q.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\r.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\s.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\t.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\u.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\v.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\w.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\wlu.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\x.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\y.txtc:\documents and settings\Owner\Application Data\PriceGong\Data\z.txtc:\documents and settings\Owner\WINDOWSc:\windows\system32\_003790_.tmp.dll..((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))..2011-08-01 04:22 . 2011-08-01 09:18 -------- d-----w- c:\windows\system32\NtmsData2011-08-01 03:39 . 2011-08-01 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}2011-08-01 03:12 . 2011-08-01 03:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira2011-08-01 02:53 . 2011-08-01 12:00 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-08-01 02:53 . 2011-08-01 12:00 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-08-01 02:53 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2011-08-01 02:53 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2011-08-01 02:52 . 2011-08-01 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira2011-08-01 02:52 . 2011-08-01 02:52 -------- d-----w- c:\program files\Avira2011-07-31 16:22 . 2011-07-31 16:22 -------- d-----w- c:\program files\Defraggler2011-07-30 18:17 . 2011-08-01 03:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~12011-07-30 17:04 . 2011-07-30 17:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2011-07-30 17:04 . 2011-07-30 17:08 -------- d-----w- c:\program files\SpywareBlaster2011-07-30 16:34 . 2011-07-30 16:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-07-30 16:34 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-30 16:34 . 2011-07-30 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-07-30 16:34 . 2011-07-30 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-30 16:34 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-30 16:13 . 2011-07-30 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue2011-07-30 16:13 . 2011-07-30 18:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~02011-07-30 16:13 . 2011-07-30 16:13 -------- d-----w- c:\program files\Uniblue2011-07-30 16:12 . 2011-07-30 16:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware2011-07-29 00:11 . 2011-07-29 00:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla2011-07-28 23:06 . 2011-07-30 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software2011-07-28 23:06 . 2011-07-28 23:06 -------- d-----w- c:\program files\AVAST Software2011-07-28 22:56 . 2011-07-28 22:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files2011-07-28 22:53 . 2011-07-28 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2011-07-20 20:41 . 2011-07-20 20:41 -------- d-----w- c:\program files\Hasbro Interactive2011-07-07 20:33 . 2011-07-07 20:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mapit_12011-07-05 20:47 . 2011-07-05 20:47 -------- d-----w- c:\program files\Conduit2011-07-05 20:46 . 2011-08-03 23:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mapit_12011-07-05 20:46 . 2011-07-05 20:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-06-22 22:01 . 2011-06-22 22:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2011-06-17 12:36 . 2011-06-17 12:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-02 14:02 . 2003-09-25 16:35 1858944 ----a-w- c:\windows\system32\win32k.sys..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..Cryptography Services Error !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5f7c10d-2f86-4e99-90da-25f8b0400992}]2011-05-09 09:49 176936 ----a-w- c:\program files\Mapit_1\prxtbMapi.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{d5f7c10d-2f86-4e99-90da-25f8b0400992}"= "c:\program files\Mapit_1\prxtbMapi.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{d5f7c10d-2f86-4e99-90da-25f8b0400992}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D5F7C10D-2F86-4E99-90DA-25F8B0400992}"= "c:\program files\Mapit_1\prxtbMapi.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{d5f7c10d-2f86-4e99-90da-25f8b0400992}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768].c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360].[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [6/22/2011 6:01 PM 53816]R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [6/13/2011 10:42 AM 57144]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [6/22/2011 6:01 PM 66360]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [6/22/2011 6:01 PM 158904]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/31/2011 10:53 PM 136360]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [6/22/2011 6:01 PM 870200]S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [8/17/2005 3:43 PM 477696].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/?fr=fptb-attuInternet Settings,ProxyOverride = *.localuSearchAssistant = TCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-08-03 20:34Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2011-08-03 20:40:54ComboFix-quarantined-files.txt 2011-08-04 00:40.Pre-Run: 2,918,690,816 bytes freePost-Run: 3,087,454,208 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn.- - End Of File - - 0C10C28911393155AC6AC929B970D2C1~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Owner at 21:51:56 on 2011-08-03Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.58 [GMT -4:00].AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Lexmark 2300 Series\lxcgmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\lxcgcoms.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?fr=fptb-attuInternet Settings,ProxyOverride = *.localuSearchAssistant = BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe SearchBHO: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - c:\program files\mapit_1\prxtbMapi.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: Mapit 1 Toolbar: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - c:\program files\mapit_1\prxtbMapi.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270249044166DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{05E83518-DBD2-48E8-8FAE-1C2AB1E9B618} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E22594C9-FADE-40A1-BB1E-2232D4FDE047} : DhcpNameServer = 192.168.1.254Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLNotify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.============= SERVICES / DRIVERS ===============.R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-31 11608]R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-31 136360]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-31 269480]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-31 66616]S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2005-8-17 477696].=============== Created Last 30 ================.2011-08-04 00:11:08 -------- d-sha-r- C:\cmdcons2011-08-03 23:34:27 98816 ----a-w- c:\windows\sed.exe2011-08-03 23:34:27 518144 ----a-w- c:\windows\SWREG.exe2011-08-03 23:34:27 256000 ----a-w- c:\windows\PEV.exe2011-08-03 23:34:27 208896 ----a-w- c:\windows\MBR.exe2011-08-01 04:22:13 -------- d-----w- c:\windows\system32\NtmsData2011-08-01 03:39:17 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}2011-08-01 03:12:16 -------- d-----w- c:\documents and settings\owner\application data\Avira2011-08-01 02:53:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-08-01 02:52:56 -------- d-----w- c:\program files\Avira2011-08-01 02:52:56 -------- d-----w- c:\documents and settings\all users\application data\Avira2011-07-31 16:22:19 -------- d-----w- c:\program files\Defraggler2011-07-30 18:17:05 -------- dc-h--w- c:\documents and settings\all users\application data\~12011-07-30 17:04:21 -------- d-----w- c:\program files\SpywareBlaster2011-07-30 16:34:53 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2011-07-30 16:34:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-30 16:34:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-07-30 16:34:18 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-30 16:34:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-07-30 16:13:48 -------- d-----w- c:\documents and settings\owner\application data\Uniblue2011-07-30 16:13:19 -------- dc-h--w- c:\documents and settings\all users\application data\~02011-07-30 16:13:18 -------- d-----w- c:\program files\Uniblue2011-07-30 16:12:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware2011-07-29 00:11:50 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla2011-07-28 23:06:26 -------- d-----w- c:\program files\AVAST Software2011-07-28 23:06:26 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2011-07-28 22:56:13 -------- d--h--w- c:\documents and settings\all users\application data\Common Files2011-07-28 22:53:45 -------- d-----w- c:\documents and settings\all users\application data\MFAData2011-07-20 20:41:13 -------- d-----w- c:\program files\Hasbro Interactive2011-07-05 20:47:07 -------- d-----w- c:\program files\Conduit2011-07-05 20:46:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mapit_12011-07-05 20:46:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit.==================== Find3M ====================.2011-06-22 22:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2011-06-17 12:36:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 21:53:45.67 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2011 Staff ID:462402 Share Posted August 5, 2011 Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
pcemkr Posted August 8, 2011 Author ID:463218 Share Posted August 8, 2011 Having an issue loading/installing ESET...getting message that says its trying to access an add-on that is needed, but the add-on is disabled.I am unable to locate/identify which add-on is needed to enable it. Any ideas?Also, thought it may be administrator priviledges issue, but it is setup as admin.~thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2011 Staff ID:464450 Share Posted August 10, 2011 Hi,Try this instead:Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
pcemkr Posted August 11, 2011 Author ID:464827 Share Posted August 11, 2011 I am unable to run F-Scanner.when it tries to run, it sys there is an unknown error and gives me a messge: "The executable file required to run F-Secure Online Scanner is invalid. The file may have been removed or corrupted. Please restart your web browser and try running F-Secure Online Scanner again."I have rebooted IE several times and made sure anything related to Java is enabled.Any ideas? Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2011 Staff ID:465971 Share Posted August 15, 2011 Hmm. Click Start --> Run, enter cmd.exe, and press EnterIn the black box that appears, enter this command exactly as shown:chkdsk>"%userprofile%\desktop\chkdsk.txt"Press Enter. When it finishes, open chkdsk.txt on your Desktop and post its contents here.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 24, 2011 Staff ID:469110 Share Posted August 24, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
pcemkr Posted August 29, 2011 Author ID:470481 Share Posted August 29, 2011 Yes, sorry...had some things come up and keep me away for a bit....am working on it now & will have a reply to you ASAP!Thanks for your patience & sorry for the delay. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2011 Staff ID:470483 Share Posted August 29, 2011 Thanks for letting me know. Link to post Share on other sites More sharing options...
pcemkr Posted August 29, 2011 Author ID:470489 Share Posted August 29, 2011 You are most welcome!Quick question: have the chkdsk running...not sure how long it takes, but it has been running for about 30-45 minutes now and not .txt yet...cursor is flashing by C:\Documents and Settings\Owner...does that mean it's still running?? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 1, 2011 Staff ID:471487 Share Posted September 1, 2011 Yes let it run.. Link to post Share on other sites More sharing options...
pcemkr Posted September 3, 2011 Author ID:472331 Share Posted September 3, 2011 ok...running Link to post Share on other sites More sharing options...
pcemkr Posted September 4, 2011 Author ID:472751 Share Posted September 4, 2011 Here is an update:I let the chkdsk run again as you said...left it running all day yesterday & when I checked it there was a message about an IE add-on that asked if I wanted it to have access to it (permanently allow or perm block-I blocked) and there was another message that said it was low on virtual memory (I apologize, I did not write the whole message :-/). Note: IE was openI decided to allow it to run again today (w/ IE closed) to see if it would duplicate any of the errors and finally give me the .txt report for you. So far it has been running for 7 hours with the cursor flashing after the line C:\Documents and Settings\Owner>I have checked the command you gave (chkdsk>"%userprofile%\desktop\chkdsk.txt") to ensure I entered it correctly and will continue to let it run until the report shows or I hear back from you.Thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted September 5, 2011 Staff ID:472803 Share Posted September 5, 2011 Double-click chkdsk.txt on your Desktop and see what it says. Link to post Share on other sites More sharing options...
pcemkr Posted September 5, 2011 Author ID:472805 Share Posted September 5, 2011 Wow...do I feel silly...it was there, I just overlooked it. Here it is:The type of the file system is NTFS.WARNING! F parameter not specified.Running CHKDSK in read-only mode.CHKDSK is verifying files (stage 1 of 3)...0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. File verification completed.CHKDSK is verifying indexes (stage 2 of 3)...0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. Correcting error in index $I30 for file 13320.Correcting error in index $I30 for file 13320.10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Index verification completed.Errors found. CHKDSK cannot continue in read-only mode. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 7, 2011 Staff ID:473714 Share Posted September 7, 2011 Now run this command in cmd.exe:chkdsk /r>"%userprofile%\desktop\chkdsk2.txt"When it finishes (it will take longer), open chkdsk2.txt on your Desktop and post its contents here. Link to post Share on other sites More sharing options...
pcemkr Posted September 9, 2011 Author ID:474306 Share Posted September 9, 2011 Here is what it came up with:The type of the file system is NTFS.Cannot lock current drive.Chkdsk cannot run because the volume is in use by anotherprocess. Would you like to schedule this volume to bechecked the next time the system restarts? (Y/N) *Ran it twice...first run an Apple download box showed up & thought it interfered with the process, so ran it a second time and got the same message. Not sure how to select Yes to schedule on the nest startup within this message. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 13, 2011 Staff ID:475493 Share Posted September 13, 2011 Hi,If you press Y then Enter, reboot and let it run. Let me know what it says. Link to post Share on other sites More sharing options...
pcemkr Posted September 14, 2011 Author ID:475881 Share Posted September 14, 2011 So I pressed Y, rebooted & let it run...it ran for a long time and looked like it "fixed" several items...when I came back to the computer, it looked as if it had rebooted and the following message box was on the screen:WINDOWS PRODUCT ACTIVATION:Since Windows was first activated on this computer, the hardware on the computer has changed significantly. Due to these changes, Windows must be reactivated within 3 days. Do you want to reactivate Windows now?I said NO and allowed it to continue with the startup.I had some trouble opening IE on the computer...it froze up then would not allow me to close out of IE.I tried to Shut Down, no luck there either.I resorted to a hard reboot and when it came back up, the same Windows Product Activation box came up...I said NO again, then it took a long time for the system to startup.Now there are a set of keys in the lower right corner (toolbar) and a message pops up that says "3 days to reactivate Windows"...do I want to reactivate?What next? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 16, 2011 Staff ID:476484 Share Posted September 16, 2011 Hi,Call the number provided and have Microsoft activate it for you. Link to post Share on other sites More sharing options...
pcemkr Posted September 17, 2011 Author ID:476839 Share Posted September 17, 2011 Done! (That was easy! )What next?Hi,Call the number provided and have Microsoft activate it for you. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 18, 2011 Staff ID:476971 Share Posted September 18, 2011 How are things running now? What issues remain? Link to post Share on other sites More sharing options...
pcemkr Posted September 19, 2011 Author ID:477416 Share Posted September 19, 2011 How are things running now? What issues remain?Computer seems to booting up more quickly.Should I try running the ESET Online Scanner again?The system is still severely fragmented. When I run a defrag, it tells me there is only 8% available to run the defrag & needs 15% to run effectively. I'm not sure why it's so fragmented...there are a few games loaded on the system, but not much more than that.Could there be viruses, etc.? I am running MBAM again and will let you know if anything turns up with that.Once the system is clean, I would like to ensure that an Anti-spyware program is installed & actively running, so if you can let me know if MBAM or whatever is best, that would be great!Also, having trouble accessing things like Yahoo (most other's seem ok)...it's giving an error message that it is unable to connect.Thank you!UPDATE: MBAM scan did NOT find anything malicious. Link to post Share on other sites More sharing options...
Recommended Posts