Internet Explorer has stopped working
Started by
Middlegrove
, Jun 04 2011 07:59 AM
#16
Posted 13 June 2011 - 05:05 PM
#17
Posted 13 June 2011 - 05:26 PM
OK. Please proceed with this:
GMER Rootkit Scanner
NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
GMER Rootkit Scanner
- Download GMER from HERE.
- Extract the contents of zipped file to your desktop.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
- Please copy and paste the report into your Post.
Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
#18
Posted 13 June 2011 - 06:44 PM
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 20:41:01
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t????????????????????text?r??????0f??????????t???????????????????????? ???????t?????t?????????????????????????s???????t??????????????? ???????t???????????p????????(???????1?????ProfSvc_Group????t???????????????????????????|??????? ???????t???????????`????????(? ??????1?????????????????????????t???????????????????{?{?{???t?t1????t??? ???????t???????????r????????(????????????????????????????????????????????????????????t1????t?t?t?t????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????r????????(???????6?????????S???????????????????????G????????????{?{???????t1??t???t???t???t6??t????????? ???????t?????t?????o????????(?????????????? ???????t???????????t????????B???????1??????!????????????????????????e????????????????????????????e????????????????????????????????????????????????????????? ???????t???????????t????????B????? ??????????????????????????????????e?????????????????????????????????t???t?t?t???!????????????????????????e?????? ?????????????????????t???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????? ?????????????????????0????????????&???????????????????????6-21-2006???????????????????????????????? ?????????????????????0?????????????????????????????????????????????????????B???????????n??%m??6.1.7600.16385????????:[email protected],%msft%;Microsoft??????<?????????????????????? ??????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????????????*6to4mp?????????????????????????????????????????????????????????????????Type????????????????????? ????????????????????????????$?N?:?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0058?20????N?????????????????{D90B3561-67F0-4A60-AF73-944068D44C68}???????????????????e???????????????????s??????????????? ???????-???????????????????9??????????? ?????? ?)?????????? ?????????????????????0??????????l?&???????????????????????? ?????????????????????0??????*?4??? ????????????????????l??????????????????4????i????????????4??????r??ri??Local Area Connection* 52???????????????????????????2????7?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????~???k??? ???????j?????k?????k?????????????? ???????R??????????????????s????? ???????k???????????k??????????b????????????m?m????LegacyDriver?-????(??????????????????z???????????i?k?k?k????s????k?????????;?;???l?l,%?????k?&???????3????N??l???1????Dl32???l?l,%?????????????????|????WUDFRd?????????????????????s?????k??text?}???????k???????e??????????????t????????????????k??????????? ???????j?????k?????k?????????????? ???????C???? ???????k???????????k??????????`??????????????k?&?????k?&??????????????s????????????a???n???k???k????N??????}????D??????l?l?????k??????????????????????Microsoft????l?l??????X??k????????????X??????????????????????5?????????????????????????????????????????????????s?????????@??????s???????????????????????????? ???????j?????k?????k????????????"? ???????O???? ???????j?????k?????k?????????????? ???????L???NativeWifiP??????k??? ???????k???????????k??????????^????????????????????????????k??? ???????j?????k?????k????????????1? ???????V??????????????????????????k?&?????k?&???k?k?k?k?????k??@ne
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???t?????????????|???????????t??????????????PEAUTH??????????? ???????n?????t????????????????:????????S??system32\DRIVERS\pci.sys??????N??????7???????2??tunnel???????????????????????????o?o?u???u???????????????????????????z????`??t?????????n?????????z??????????????????????????????6-21-2006????????????|???6????8??t????????h?????5.1?????????????????????*6to4mp?????????????????????????? ???????t???????????????????????????????e??@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????????????????P??u?????????n??????N??????d??????????Performance Counters for Windows Driver????????????????g?????????????????????????????????s??????????????????Ta??????????????????????????????????t?????????????????????%?????????????????????????C:\ProgramData\Microsoft\MF??????????/???????????????????????????????7%??????????????~??10.0.0.1?????????????????????????{?{????? ???????t???????????t?????????????? ????????????k?k?t?t?t?t?t?????t???t????? ???????n?????t????????????????X???????T???????????@%systemroot%\system32\srvsvc.dll,-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????|?|???t????????????????? ???????????????????????????????????????f????N??????F?????D4-??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ?????????????????????,????????z?????#??#??????????Microsoft 6to4 Adapter Driver???? ??????????????????tunnel???????????????????e??tunnel??e???? ????????????????????????"?????p?-???????????N???????????D?????Net?0???????????????????? ????????????????????????"?????p?(???????????X???????????????N??????&???????&??{4d36e972-e325-11ce-bfc1-08002be10318}???&???????????&???&??Net??&??? ???????&???????&??*6to4mp??&??? ????????????????????????????$?N?K?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0075??&???????????&????????????N???????????D?????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????? ??*6to4mp?????? ????????????????????????????$?N?6?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0054?ft??????????? ????????????N??????????????????????????????e???????????????????s??????????????ROOT\*6TO4MP\0049???nettun.inf???e??????????? ???????????????????s?0????????~??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????m?????????????m????? ???????m?????m???????0???????????????????????m???m???m??-11c??? ???????m???????????l?0?????????????????????????j??????????????????????????????t??????m????? ???????m?????m???????0????????????&????????????????????n?????m???m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0001????????m????? ???????m?????m???????0????????????????????Microsoft???? ???????m???????????m?0??????????????????????N??n???4???????????????j???????e??.NT?8B?????????????m????? ???????m?????m???????0??????????????????????N???????????D?????? ???????m???????????m?0???????????????????????????????????????????????????????????????????????????m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????6.1.7600.16385????????6??????????????m?mMD?????????????????m????? ???????m?????m???????0?????????????????????????m??????s????????????????m??? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-950
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????????????????????????????????????????Generic volume shadow copy?tem??storage\volumesnapshot?2\s????*??????5??????????? ???k?????????o4m??tunnel??? ??Microsoft???????????????*i????????????`?????????????????????????? ???????9??????????? ???????_???????????????????_??????????????????????93???????????B??????????@usbprint.inf,%usbprint.devicedesc%;USB Printing Support?????????????????5??????????????????????????????????? ???????????????????????????????????????f??? ?????????????z???????0??L????????? ??????49A??? ?????????????????????0????????????&????????????????????8??????????? ?????????????????????0????????????????????????????? ???????????????????g?0????????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?ewa??????????? ?????????????????????0????????????????????? ???????????????????i?0????????????????????? ?????????????????????0????????????????????????????????????????? ???????????????????j?0????????????????????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???k????????????????????Network????????k????? ???????k?????k???????0??????????????????????$??k???????????k??? ???????k???????????j?0????????2???????????mrxsmb???????????k??????s????????k??????s????????m?????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????"????????????????????????????????????M???l??mferkdet?m???k???????????k?????k????? ???????k?????k???????0?????????????????????????????3???????k?k?k?k????????? ???????k???????????j?0????????(??????????????? ??????????s?????????k???D??sE???????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0???????????????????????????????????sN???? ???k?????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????$???????????? ???????j?????k??????????????????????????????Y??????????&?????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????j?0?????????????????????????????????????k?????k????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?????????/???????e????X??????????????????????l?l??????z???????????????????N??????????????????????????????????????????????????????????????l?l?????????????????????B??? ???????j?????k?????k??????????????????????? ???????k???????e??????????????????.NTAMD64????VolumeSnapshot???????????????????????????????????s??????AsyncMac?????????k??????s???{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s?????????k???:???????k?k?k?k????s??????k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k??? ???????k???????????k??????????N????????????g?k?k?k?????????????????2?????????k?&???l?l?????????????????k?l?k??? H??????????????????????????????????????????B?????s44??44???????????????????3????????????????P??u?????????e?????k??????????????volume.inf:MSFT.NTamd64:volume_install:6.1.7600.16385:storage\volume?????????????????????????????????????????k??????????volume_install???????????????????????????k???????????????????????????????k?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???o?????&???o???I???????????????????r??*6to4mp?????????????t????????????????????o????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????GUID_MFE_CONNECT_CALLOUT_V4???????GUID_MFE_CONNECT_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????es??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4?$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????x8??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???o?????o???????????????????????????????o??????????t????????p??????p???????????system32\DRIVERS\compbatt.sys?ompbatt.sys???????<????????????????????????o???????????????????????o??????p???System32\drivers\discache.sys?????????????????R??p????????h???????4??o????????h??????????o?????????e?????????o???s??ep??ep??????????ic???p???p???o?????????????????????????????????????????#[email protected],-23501???????????????????????????P??o?????????n????*6to4mp?????Video Init???????????????????????o??PerfMon_Collect??????&???o???????????????????????????&??????????????????????????????PerfMon_Close????????o???&???????????????????????????????&???????????????????????????????????????o??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501?????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????????p?????????n?????u???????????????u??fs???????????????????????????????????????????p?p?p??????????????????????????????????t????????????????j?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???oep??RpcSs?EventSystem????????&??????????????????????????????system32\DRIVERS\cdfs.sys???????????????????????E7?????????????g??????(??t?????????e????Boot File System??????????????????????????>??o?????????e????USB??????????????????????????????B???????????r?r?????????????????????????????????????????????????????????????????????????????????????????????????????????????i????????????????????????????GUID_MFE_CONNECT_CALLOUT_V6???????GUID_MFE_CONNECT_CALLOUT_V6??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????r????&????????????????????????????????4??o????????h?????????????????t??????????????????????????????????????????????????????????????????????e????????????Brother RemovableDisk(U)????system32\drivers\fltmgr.sys??????????????????????????????????????????????????o??Composite Bus Enumerator Driver?????System32\Drivers\dfsc.sys???FSFilter Infrastructure?????? ???i?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????el??????????????????nd??????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0109??????k?n????????????4C???????????????????????7???h???????????????????????????F??FF????N????????????D?????????????-??60??????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 [email protected],%6to4mp.displayname%;Microsoft 6to4 Adapter?al??Microsoft 6to4 Adapter #89?6?2??{4d36e972-e325-11ce-bfc1-08002be10318}\[email protected],%msft%;[email protected],%msft%;Microsoft?????k?t?t?s?????????????????????????????????????????????????t??@nettun.inf,%msft%;Microsoft?&??????????????????????????????????????????????????? ??X???????????x???{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0108?0????????????????????????????????????i??????????????????????????????????????????????@nettun.inf,%msft%;Microsoft??????~??????????????????????8??????-4??????????????????????IS???????????????????????????f???e?????????????????????????????????????????????????
---- EOF - GMER 1.0.15 ----
Rootkit scan 2011-06-13 20:41:01
Windows 6.1.7600
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t????????????????????text?r??????0f??????????t???????????????????????? ???????t?????t?????????????????????????s???????t??????????????? ???????t???????????p????????(???????1?????ProfSvc_Group????t???????????????????????????|??????? ???????t???????????`????????(? ??????1?????????????????????????t???????????????????{?{?{???t?t1????t??? ???????t???????????r????????(????????????????????????????????????????????????????????t1????t?t?t?t????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????r????????(???????6?????????S???????????????????????G????????????{?{???????t1??t???t???t???t6??t????????? ???????t?????t?????o????????(?????????????? ???????t???????????t????????B???????1??????!????????????????????????e????????????????????????????e????????????????????????????????????????????????????????? ???????t???????????t????????B????? ??????????????????????????????????e?????????????????????????????????t???t?t?t???!????????????????????????e?????? ?????????????????????t???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????? ?????????????????????0????????????&???????????????????????6-21-2006???????????????????????????????? ?????????????????????0?????????????????????????????????????????????????????B???????????n??%m??6.1.7600.16385????????:[email protected],%msft%;Microsoft??????<?????????????????????? ??????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????????????*6to4mp?????????????????????????????????????????????????????????????????Type????????????????????? ????????????????????????????$?N?:?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0058?20????N?????????????????{D90B3561-67F0-4A60-AF73-944068D44C68}???????????????????e???????????????????s??????????????? ???????-???????????????????9??????????? ?????? ?)?????????? ?????????????????????0??????????l?&???????????????????????? ?????????????????????0??????*?4??? ????????????????????l??????????????????4????i????????????4??????r??ri??Local Area Connection* 52???????????????????????????2????7?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????~???k??? ???????j?????k?????k?????????????? ???????R??????????????????s????? ???????k???????????k??????????b????????????m?m????LegacyDriver?-????(??????????????????z???????????i?k?k?k????s????k?????????;?;???l?l,%?????k?&???????3????N??l???1????Dl32???l?l,%?????????????????|????WUDFRd?????????????????????s?????k??text?}???????k???????e??????????????t????????????????k??????????? ???????j?????k?????k?????????????? ???????C???? ???????k???????????k??????????`??????????????k?&?????k?&??????????????s????????????a???n???k???k????N??????}????D??????l?l?????k??????????????????????Microsoft????l?l??????X??k????????????X??????????????????????5?????????????????????????????????????????????????s?????????@??????s???????????????????????????? ???????j?????k?????k????????????"? ???????O???? ???????j?????k?????k?????????????? ???????L???NativeWifiP??????k??? ???????k???????????k??????????^????????????????????????????k??? ???????j?????k?????k????????????1? ???????V??????????????????????????k?&?????k?&???k?k?k?k?????k??@ne
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???t?????????????|???????????t??????????????PEAUTH??????????? ???????n?????t????????????????:????????S??system32\DRIVERS\pci.sys??????N??????7???????2??tunnel???????????????????????????o?o?u???u???????????????????????????z????`??t?????????n?????????z??????????????????????????????6-21-2006????????????|???6????8??t????????h?????5.1?????????????????????*6to4mp?????????????????????????? ???????t???????????????????????????????e??@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????????????????P??u?????????n??????N??????d??????????Performance Counters for Windows Driver????????????????g?????????????????????????????????s??????????????????Ta??????????????????????????????????t?????????????????????%?????????????????????????C:\ProgramData\Microsoft\MF??????????/???????????????????????????????7%??????????????~??10.0.0.1?????????????????????????{?{????? ???????t???????????t?????????????? ????????????k?k?t?t?t?t?t?????t???t????? ???????n?????t????????????????X???????T???????????@%systemroot%\system32\srvsvc.dll,-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????|?|???t????????????????? ???????????????????????????????????????f????N??????F?????D4-??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ?????????????????????,????????z?????#??#??????????Microsoft 6to4 Adapter Driver???? ??????????????????tunnel???????????????????e??tunnel??e???? ????????????????????????"?????p?-???????????N???????????D?????Net?0???????????????????? ????????????????????????"?????p?(???????????X???????????????N??????&???????&??{4d36e972-e325-11ce-bfc1-08002be10318}???&???????????&???&??Net??&??? ???????&???????&??*6to4mp??&??? ????????????????????????????$?N?K?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0075??&???????????&????????????N???????????D?????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????? ??*6to4mp?????? ????????????????????????????$?N?6?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0054?ft??????????? ????????????N??????????????????????????????e???????????????????s??????????????ROOT\*6TO4MP\0049???nettun.inf???e??????????? ???????????????????s?0????????~??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????m?????????????m????? ???????m?????m???????0???????????????????????m???m???m??-11c??? ???????m???????????l?0?????????????????????????j??????????????????????????????t??????m????? ???????m?????m???????0????????????&????????????????????n?????m???m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0001????????m????? ???????m?????m???????0????????????????????Microsoft???? ???????m???????????m?0??????????????????????N??n???4???????????????j???????e??.NT?8B?????????????m????? ???????m?????m???????0??????????????????????N???????????D?????? ???????m???????????m?0???????????????????????????????????????????????????????????????????????????m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????6.1.7600.16385????????6??????????????m?mMD?????????????????m????? ???????m?????m???????0?????????????????????????m??????s????????????????m??? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-950
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????????????????????????????????????????Generic volume shadow copy?tem??storage\volumesnapshot?2\s????*??????5??????????? ???k?????????o4m??tunnel??? ??Microsoft???????????????*i????????????`?????????????????????????? ???????9??????????? ???????_???????????????????_??????????????????????93???????????B??????????@usbprint.inf,%usbprint.devicedesc%;USB Printing Support?????????????????5??????????????????????????????????? ???????????????????????????????????????f??? ?????????????z???????0??L????????? ??????49A??? ?????????????????????0????????????&????????????????????8??????????? ?????????????????????0????????????????????????????? ???????????????????g?0????????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?ewa??????????? ?????????????????????0????????????????????? ???????????????????i?0????????????????????? ?????????????????????0????????????????????????????????????????? ???????????????????j?0????????????????????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???k????????????????????Network????????k????? ???????k?????k???????0??????????????????????$??k???????????k??? ???????k???????????j?0????????2???????????mrxsmb???????????k??????s????????k??????s????????m?????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????"????????????????????????????????????M???l??mferkdet?m???k???????????k?????k????? ???????k?????k???????0?????????????????????????????3???????k?k?k?k????????? ???????k???????????j?0????????(??????????????? ??????????s?????????k???D??sE???????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0???????????????????????????????????sN???? ???k?????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????$???????????? ???????j?????k??????????????????????????????Y??????????&?????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????j?0?????????????????????????????????????k?????k????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?????????/???????e????X??????????????????????l?l??????z???????????????????N??????????????????????????????????????????????????????????????l?l?????????????????????B??? ???????j?????k?????k??????????????????????? ???????k???????e??????????????????.NTAMD64????VolumeSnapshot???????????????????????????????????s??????AsyncMac?????????k??????s???{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s?????????k???:???????k?k?k?k????s??????k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k??? ???????k???????????k??????????N????????????g?k?k?k?????????????????2?????????k?&???l?l?????????????????k?l?k??? H??????????????????????????????????????????B?????s44??44???????????????????3????????????????P??u?????????e?????k??????????????volume.inf:MSFT.NTamd64:volume_install:6.1.7600.16385:storage\volume?????????????????????????????????????????k??????????volume_install???????????????????????????k???????????????????????????????k?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???o?????&???o???I???????????????????r??*6to4mp?????????????t????????????????????o????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????GUID_MFE_CONNECT_CALLOUT_V4???????GUID_MFE_CONNECT_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????es??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4?$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????x8??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???o?????o???????????????????????????????o??????????t????????p??????p???????????system32\DRIVERS\compbatt.sys?ompbatt.sys???????<????????????????????????o???????????????????????o??????p???System32\drivers\discache.sys?????????????????R??p????????h???????4??o????????h??????????o?????????e?????????o???s??ep??ep??????????ic???p???p???o?????????????????????????????????????????#[email protected],-23501???????????????????????????P??o?????????n????*6to4mp?????Video Init???????????????????????o??PerfMon_Collect??????&???o???????????????????????????&??????????????????????????????PerfMon_Close????????o???&???????????????????????????????&???????????????????????????????????????o??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501?????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????????p?????????n?????u???????????????u??fs???????????????????????????????????????????p?p?p??????????????????????????????????t????????????????j?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???oep??RpcSs?EventSystem????????&??????????????????????????????system32\DRIVERS\cdfs.sys???????????????????????E7?????????????g??????(??t?????????e????Boot File System??????????????????????????>??o?????????e????USB??????????????????????????????B???????????r?r?????????????????????????????????????????????????????????????????????????????????????????????????????????????i????????????????????????????GUID_MFE_CONNECT_CALLOUT_V6???????GUID_MFE_CONNECT_CALLOUT_V6??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????r????&????????????????????????????????4??o????????h?????????????????t??????????????????????????????????????????????????????????????????????e????????????Brother RemovableDisk(U)????system32\drivers\fltmgr.sys??????????????????????????????????????????????????o??Composite Bus Enumerator Driver?????System32\Drivers\dfsc.sys???FSFilter Infrastructure?????? ???i?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????el??????????????????nd??????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0109??????k?n????????????4C???????????????????????7???h???????????????????????????F??FF????N????????????D?????????????-??60??????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 [email protected],%6to4mp.displayname%;Microsoft 6to4 Adapter?al??Microsoft 6to4 Adapter #89?6?2??{4d36e972-e325-11ce-bfc1-08002be10318}\[email protected],%msft%;[email protected],%msft%;Microsoft?????k?t?t?s?????????????????????????????????????????????????t??@nettun.inf,%msft%;Microsoft?&??????????????????????????????????????????????????? ??X???????????x???{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0108?0????????????????????????????????????i??????????????????????????????????????????????@nettun.inf,%msft%;Microsoft??????~??????????????????????8??????-4??????????????????????IS???????????????????????????f???e?????????????????????????????????????????????????
---- EOF - GMER 1.0.15 ----
#19
Posted 14 June 2011 - 09:00 AM
Hi,
Please do the following:
Please do the following:
- Go to Start > All Programs > Accessories
- Right click Command Prompt and select Run as administrator
- When the prompt opens type the following bolded text and press enter
sfc /scannow (Note: There is a space between sfc and /scannow)
- On completion reboot
- Please download attachment cbs-log.zip to your desktop.
- UnZip it to your desktop.
- Right-click on cbs-log.bat icon and click on Run as administrator.
- If User Account Control (UAC) window will open click on Yes button.
- CBS.log file will be on your desktop.
- Please upload that file here and post a link to it in your next reply.
#20
Posted 14 June 2011 - 10:15 AM
where do I find attachment to cbs-log.zip?
#21
Posted 14 June 2011 - 11:03 AM
#22
Posted 14 June 2011 - 11:29 AM
Command prompt window opens quickly -- says something about invalid number of parameters -- and then it closes.
#24
Posted 14 June 2011 - 01:27 PM
#25
Posted 14 June 2011 - 01:43 PM
Thank you for log. Now please do the following:
Please download ComboFix from Here or Here to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
Please download ComboFix from Here or Here to your Desktop.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
#26
Posted 14 June 2011 - 04:41 PM
I have mcafee security center, recently re-purchased/updated a week ago. instructions geekstogo posted to disable not really compatible. trying to find newer instructions on disabling it online. there is no "advanced menu (bottom mid left)" to start with. unless you know how to...
#27
Posted 14 June 2011 - 04:53 PM
Render,
I believe I was able to disable McAfee. Double clicked on Combo-Fix, a window appeared that seemed to be scanning files and such, then it closed. The desktop icon for Combo-Fix is gone and there is no "C:Combo-Fix.txt"
I believe I was able to disable McAfee. Double clicked on Combo-Fix, a window appeared that seemed to be scanning files and such, then it closed. The desktop icon for Combo-Fix is gone and there is no "C:Combo-Fix.txt"
#28
Posted 14 June 2011 - 05:08 PM
- Please re-run aswMBR.exe.
- Click Scan.
- Please tell me what buttons are available: Fix and/or FixMBR
#29
Posted 14 June 2011 - 05:21 PM
FixMBR only
#30
Posted 14 June 2011 - 06:34 PM
Please tell me if you have your original Windows CD/DVD available.
Do the following:
Step 1
We need to run an OTL Fix
Step 2
Malwarebytes' Anti-Malware
I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
When completed the above, please post back the following in the order asked for:
Do the following:
Step 1
We need to run an OTL Fix
- Please right click on on your desktop and click on Run as administrator.
- Under the Custom Scans/Fixes box copy and paste this in:
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2011/06/02 12:40:20 | 000,000,000 | ---- | M] () -- C:\Windows\V7PTMPPR.SGTMP
[2011/05/31 16:34:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\~39575288
:Files
ipconfig /flushdns /c
:Reg
:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
- Click on button.
- OTL may ask to reboot the machine. Please do so if asked.
- Click on button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Step 2
Malwarebytes' Anti-Malware
I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
- Open Malwarebytes' Anti-Malware.
- Select the Update tab.
- Click on Check for Updates button.
- Click on OK.
- Select the Scanner tab.
- Select Perform quick scan, then click on Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
When completed the above, please post back the following in the order asked for:
- OTL fix log
- MBAM log
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users