Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer keeps freezing& XP won't upgrade to SP3

Started by tuxedobob , Nov 07 2010 09:26 PM

This topic is locked

#61
emeraldnzl

Posted 21 November 2010 - 08:55 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Logon to the Recovery Console. This should have been installed when you downloaded ComboFix.

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.

Posted Image

Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entry, and press 'Enter':

fixmbr

After that run MBRCheck again. If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#62
tuxedobob

Posted 21 November 2010 - 09:23 PM

Member

Topic Starter
Member
64 posts

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00001bfc

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AEF000 \WINDOWS\system32\KDCOM.DLL
0xF79FF000 \WINDOWS\system32\BOOTVID.dll
0xF75A0000 ACPI.sys
0xF7AF1000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF758F000 pci.sys
0xF75EF000 isapnp.sys
0xF75FF000 ohci1394.sys
0xF760F000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7BB7000 pciide.sys
0xF786F000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7AF3000 viaide.sys
0xF7AF5000 intelide.sys
0xF761F000 MountMgr.sys
0xF7570000 ftdisk.sys
0xF7877000 PartMgr.sys
0xF762F000 VolSnap.sys
0xF7558000 atapi.sys
0xF7535000 fasttx2k.sys
0xF751D000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF763F000 disk.sys
0xF764F000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74FD000 fltmgr.sys
0xF74EB000 sr.sys
0xF749C000 bdfsfltr.sys
0xF765F000 PxHelp20.sys
0xF7485000 KSecDD.sys
0xF73F8000 Ntfs.sys
0xF73CB000 NDIS.sys
0xF787F000 viaagp1.sys
0xF766F000 SISAGPX.sys
0xF73B1000 Mup.sys
0xF769F000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF783F000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF68E9000 \SystemRoot\System32\DRIVERS\vtmini.sys
0xF68D5000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF679F000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF78C7000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78CF000 \SystemRoot\system32\drivers\Afc.sys
0xF784F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF785F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF677C000 \SystemRoot\System32\DRIVERS\ks.sys
0xF6DC3000 \SystemRoot\System32\Drivers\ArcCD.SYS
0xF78E7000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF6DB3000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF78EF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6758000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF78F7000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF652B000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6507000 \SystemRoot\system32\drivers\portcls.sys
0xF6DA3000 \SystemRoot\system32\drivers\drmk.sys
0xF6D93000 \SystemRoot\System32\DRIVERS\fetnd5bv.sys
0xF6D83000 \SystemRoot\System32\DRIVERS\serial.sys
0xF6924000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF64CC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7CFA000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF6D73000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF6920000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF64B5000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF6D63000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF6D53000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78FF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF64A4000 \SystemRoot\System32\DRIVERS\psched.sys
0xF6D43000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7917000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF791F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF6D33000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7927000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF792F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7B53000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6446000 \SystemRoot\System32\DRIVERS\update.sys
0xF7AB7000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF76AF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76CF000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7B55000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7B61000 \??\C:\WINDOWS\system32\drivers\bdrawpr.sys
0xF7B63000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CC3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B65000 \SystemRoot\System32\Drivers\Beep.SYS
0xF793F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7947000 \SystemRoot\System32\drivers\vga.sys
0xF7B67000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7B6B000 \SystemRoot\System32\Drivers\ArcRec.SYS
0xF794F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7957000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7389000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF53EB000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5392000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF5374000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xF534C000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF532A000 \SystemRoot\System32\drivers\afd.sys
0xF76EF000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7385000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xF52FF000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF528F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF770F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5269000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF771F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF772F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF517D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF795F000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF796F000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF797F000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF5436000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF777F000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF542E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF798F000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF779F000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5102000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF5426000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF50EA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B1F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7355000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79DF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C90000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0762000 \SystemRoot\system32\DRIVERS\Trufos.sys
0xF0752000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF05E5000 \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
0xF0468000 \SystemRoot\system32\drivers\wdmaud.sys
0xF058D000 \SystemRoot\system32\drivers\sysaudio.sys
0xF5231000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF02FD000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B7F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFDCD000 \SystemRoot\System32\DRIVERS\srv.sys
0xEFA61000 \SystemRoot\system32\DRIVERS\bdfm.sys
0xEFA48000 \SystemRoot\system32\DRIVERS\BDHV.SYS
0xEF8C7000 \SystemRoot\System32\Drivers\HTTP.sys
0xEED6C000 \SystemRoot\system32\drivers\kmixer.sys
0xEFC49000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
608 C:\WINDOWS\system32\smss.exe
676 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\svchost.exe
1000 svchost.exe
1104 C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
1168 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1436 svchost.exe
1692 C:\WINDOWS\system32\spoolsv.exe
1696 C:\WINDOWS\explorer.exe
288 C:\WINDOWS\system\hpsysdrv.exe
164 C:\hp\KBD\kbd.exe
376 svchost.exe
392 C:\WINDOWS\system32\VTTimer.exe
400 C:\WINDOWS\AGRSMMSG.exe
496 C:\WINDOWS\ALCXMNTR.EXE
536 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
556 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
584 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
428 C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
404 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
828 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
956 C:\Program Files\QuickTime\QTTask.exe
808 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1220 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
1256 C:\Program Files\iTunes\iTunesHelper.exe
1312 C:\Program Files\uTorrent\uTorrent.exe
1380 C:\Program Files\Bonjour\mDNSResponder.exe
1480 C:\Program Files\AirVideoServer\AirVideoServer.exe
1524 C:\Program Files\Java\jre6\bin\jqs.exe
2116 C:\WINDOWS\system32\svchost.exe
2780 C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
3524 C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
1628 C:\Program Files\iPod\bin\iPodService.exe
3028 alg.exe
2084 C:\WINDOWS\system32\ctfmon.exe
2756 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3124 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3880 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1372 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3612 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3328 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2200 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`052ac000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\M: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP1203N, Rev: TL100-24
PhysicalDrive5 Model Number: SAMSUNGHD103SI, Rev:

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B
931 GB \\.\PhysicalDrive5 MBR Code Faked!
SHA1: 85C7754E15D46294C6A1AE6CA8884547848F5237

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: c:\mbrdump.dmpDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

#63
emeraldnzl

Posted 21 November 2010 - 09:28 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Please download bootkit remover to your desktop.

Extract Remover.exe to your desktop
Double click Remover.exe to run it
It will show a Black screen with some data on it
Right click on the screen and select > Select All
Press Control+C
Open notepad and press Control+V
Post the log back here

This is a rar file if you do not have a program to open it then download and install peazip

#64
tuxedobob

Posted 21 November 2010 - 09:53 PM

Member

Topic Starter
Member
64 posts

#65
tuxedobob

Posted 21 November 2010 - 09:58 PM

Member

Topic Starter
Member
64 posts

It won't let me copy the file so I have attached a screenshot so you can see what it says.

Attached Thumbnails

#66
emeraldnzl

Posted 21 November 2010 - 10:10 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Looks alright. Let's try ESET again.

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Click Start and if your security program asks you if you want to allow the program, click yes.
If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
Copy and paste that log as a reply to this topic

#67
tuxedobob

Posted 22 November 2010 - 11:55 AM

Member

Topic Starter
Member
64 posts

Hi there, The scanner just finished and came up with zero infected items. I looked to see if there was a log under ESET and nothing got generated.

#68
emeraldnzl

Posted 22 November 2010 - 01:22 PM

GeekU Instructor

GeekU Moderator
20,051 posts

How is your machine now?

#69
tuxedobob

Posted 22 November 2010 - 02:11 PM

Member

Topic Starter
Member
64 posts

Thank you thank you thank you. Everything is working fantastic now!!!!!!!

#70
emeraldnzl

Posted 22 November 2010 - 03:03 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again tuxedobob,

We have a couple of last steps to perform and then you're all set. Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Step 2

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. The folders/files for MBRCheck and Bootkit remover can be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here Java Runtime Environment (JDK) Update
Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

Reboot your computer.
You also need to uininstall older versions of Java.
Click Start > Control Panel > Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:

TFC.exe

---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
Malwarebytes
SuperAntiSpyWare

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

#71
tuxedobob

Posted 22 November 2010 - 03:25 PM

Member

Topic Starter
Member
64 posts

Thanks so much. I'm actually away until wednesdy so I will do all of this on Wednesday morning. Lately I've been using chrome which is a lot faster than IE. I'll let you know I get on

Again, thank you so much

#72
emeraldnzl

Posted 22 November 2010 - 05:25 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Your very welcome

I will keep this topic open for a day or two in case any issues develop.

#73
tuxedobob

Posted 24 November 2010 - 12:42 PM

Member

Topic Starter
Member
64 posts

Everything is working as clean as a whistle now!!!!! Thanks so much!

#74
emeraldnzl

Posted 24 November 2010 - 12:47 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.