Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet Explorer has stopped working

Started by Middlegrove , Jun 04 2011 07:59 AM

This topic is locked

#16
Middlegrove

Posted 13 June 2011 - 05:05 PM

Member

Topic Starter
Member
67 posts

Same problem. After about 30-some percent of Kaspersky scan I get a window "Windows has encountered a critical problem and will restart in one minute."

#17
Render

Posted 13 June 2011 - 05:26 PM

Trusted Helper

Malware Removal
4,195 posts

OK. Please proceed with this:

Posted Image

GMER Rootkit Scanner

Download GMER from HERE.
Extract the contents of zipped file to your desktop.
Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

#18
Middlegrove

Posted 13 June 2011 - 06:44 PM

Member

Topic Starter
Member
67 posts

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 20:41:01
Windows 6.1.7600
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???t????????????????????text?r??????0f??????????t???????????????????????? ???????t?????t?????????????????????????s???????t??????????????? ???????t???????????p????????(???????1?????ProfSvc_Group????t???????????????????????????|??????? ???????t???????????`????????(? ??????1?????????????????????????t???????????????????{?{?{???t?t1????t??? ???????t???????????r????????(????????????????????????????????????????????????????????t1????t?t?t?t????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????r????????(???????6?????????S???????????????????????G????????????{?{???????t1??t???t???t???t6??t????????? ???????t?????t?????o????????(?????????????? ???????t???????????t????????B???????1??????!????????????????????????e????????????????????????????e????????????????????????????????????????????????????????? ???????t???????????t????????B????? ??????????????????????????????????e?????????????????????????????????t???t?t?t???!????????????????????????e?????? ?????????????????????t???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????? ?????????????????????0????????????&???????????????????????6-21-2006???????????????????????????????? ?????????????????????0?????????????????????????????????????????????????????B???????????n??%m??6.1.7600.16385????????:[email protected],%msft%;Microsoft??????<?????????????????????? ??????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????????????*6to4mp?????????????????????????????????????????????????????????????????Type????????????????????? ????????????????????????????$?N?:?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0058?20????N?????????????????{D90B3561-67F0-4A60-AF73-944068D44C68}???????????????????e???????????????????s??????????????? ???????-???????????????????9??????????? ?????? ?)?????????? ?????????????????????0??????????l?&???????????????????????? ?????????????????????0??????*?4??? ????????????????????l??????????????????4????i????????????4??????r??ri??Local Area Connection* 52???????????????????????????2????7?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????~???k??? ???????j?????k?????k?????????????? ???????R??????????????????s????? ???????k???????????k??????????b????????????m?m????LegacyDriver?-????(??????????????????z???????????i?k?k?k????s????k?????????;?;???l?l,%?????k?&???????3????N??l???1????Dl32???l?l,%?????????????????|????WUDFRd?????????????????????s?????k??text?}???????k???????e??????????????t????????????????k??????????? ???????j?????k?????k?????????????? ???????C???? ???????k???????????k??????????`??????????????k?&?????k?&??????????????s????????????a???n???k???k????N??????}????D??????l?l?????k??????????????????????Microsoft????l?l??????X??k????????????X??????????????????????5?????????????????????????????????????????????????s?????????@??????s???????????????????????????? ???????j?????k?????k????????????"? ???????O???? ???????j?????k?????k?????????????? ???????L???NativeWifiP??????k??? ???????k???????????k??????????^????????????????????????????k??? ???????j?????k?????k????????????1? ???????V??????????????????????????k?&?????k?&???k?k?k?k?????k??@ne
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???t?????????????|???????????t??????????????PEAUTH??????????? ???????n?????t????????????????:????????S??system32\DRIVERS\pci.sys??????N??????7???????2??tunnel???????????????????????????o?o?u???u???????????????????????????z????`??t?????????n?????????z??????????????????????????????6-21-2006????????????|???6????8??t????????h?????5.1?????????????????????*6to4mp?????????????????????????? ???????t???????????????????????????????e??@%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????????????????P??u?????????n??????N??????d??????????Performance Counters for Windows Driver????????????????g?????????????????????????????????s??????????????????Ta??????????????????????????????????t?????????????????????%?????????????????????????C:\ProgramData\Microsoft\MF??????????/???????????????????????????????7%??????????????~??10.0.0.1?????????????????????????{?{????? ???????t???????????t?????????????? ????????????k?k?t?t?t?t?t?????t???t????? ???????n?????t????????????????X???????T???????????@%systemroot%\system32\srvsvc.dll,-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????|?|???t????????????????? ???????????????????????????????????????f????N??????F?????D4-??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ?????????????????????,????????z?????#??#??????????Microsoft 6to4 Adapter Driver???? ??????????????????tunnel???????????????????e??tunnel??e???? ????????????????????????"?????p?-???????????N???????????D?????Net?0???????????????????? ????????????????????????"?????p?(???????????X???????????????N??????&???????&??{4d36e972-e325-11ce-bfc1-08002be10318}???&???????????&???&??Net??&??? ???????&???????&??*6to4mp??&??? ????????????????????????????$?N?K?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0075??&???????????&????????????N???????????D?????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????? ??*6to4mp?????? ????????????????????????????$?N?6?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0054?ft??????????? ????????????N??????????????????????????????e???????????????????s??????????????ROOT\*6TO4MP\0049???nettun.inf???e??????????? ???????????????????s?0????????~??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????????m?????????????m????? ???????m?????m???????0???????????????????????m???m???m??-11c??? ???????m???????????l?0?????????????????????????j??????????????????????????????t??????m????? ???????m?????m???????0????????????&????????????????????n?????m???m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0001????????m????? ???????m?????m???????0????????????????????Microsoft???? ???????m???????????m?0??????????????????????N??n???4???????????????j???????e??.NT?8B?????????????m????? ???????m?????m???????0??????????????????????N???????????D?????? ???????m???????????m?0???????????????????????????????????????????????????????????????????????????m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????6.1.7600.16385????????6??????????????m?mMD?????????????????m????? ???????m?????m???????0?????????????????????????m??????s????????????????m??? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-950
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????????????????????????????????????????????????????????????????Generic volume shadow copy?tem??storage\volumesnapshot?2\s????*??????5??????????? ???k?????????o4m??tunnel??? ??Microsoft???????????????*i????????????`?????????????????????????? ???????9??????????? ???????_???????????????????_??????????????????????93???????????B??????????@usbprint.inf,%usbprint.devicedesc%;USB Printing Support?????????????????5??????????????????????????????????? ???????????????????????????????????????f??? ?????????????z???????0??L????????? ??????49A??? ?????????????????????0????????????&????????????????????8??????????? ?????????????????????0????????????????????????????? ???????????????????g?0????????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?ewa??????????? ?????????????????????0????????????????????? ???????????????????i?0????????????????????? ?????????????????????0????????????????????????????????????????? ???????????????????j?0????????????????????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???k????????????????????Network????????k????? ???????k?????k???????0??????????????????????$??k???????????k??? ???????k???????????j?0????????2???????????mrxsmb???????????k??????s????????k??????s????????m?????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????"????????????????????????????????????M???l??mferkdet?m???k???????????k?????k????? ???????k?????k???????0?????????????????????????????3???????k?k?k?k????????? ???????k???????????j?0????????(??????????????? ??????????s?????????k???D??sE???????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0???????????????????????????????????sN???? ???k?????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????$???????????? ???????j?????k??????????????????????????????Y??????????&?????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????j?0?????????????????????????????????????k?????k????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???k?????????/???????e????X??????????????????????l?l??????z???????????????????N??????????????????????????????????????????????????????????????l?l?????????????????????B??? ???????j?????k?????k??????????????????????? ???????k???????e??????????????????.NTAMD64????VolumeSnapshot???????????????????????????????????s??????AsyncMac?????????k??????s???{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s?????????k???:???????k?k?k?k????s??????k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k??? ???????k???????????k??????????N????????????g?k?k?k?????????????????2?????????k?&???l?l?????????????????k?l?k??? H??????????????????????????????????????????B?????s44??44???????????????????3????????????????P??u?????????e?????k??????????????volume.inf:MSFT.NTamd64:volume_install:6.1.7600.16385:storage\volume?????????????????????????????????????????k??????????volume_install???????????????????????????k???????????????????????????????k?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???o?????&???o???I???????????????????r??*6to4mp?????????????t????????????????????o????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????GUID_MFE_CONNECT_CALLOUT_V4???????GUID_MFE_CONNECT_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????es??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4?$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????x8??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???o?????o???????????????????????????????o??????????t????????p??????p???????????system32\DRIVERS\compbatt.sys?ompbatt.sys???????<????????????????????????o???????????????????????o??????p???System32\drivers\discache.sys?????????????????R??p????????h???????4??o????????h??????????o?????????e?????????o???s??ep??ep??????????ic???p???p???o?????????????????????????????????????????#[email protected],-23501???????????????????????????P??o?????????n????*6to4mp?????Video Init???????????????????????o??PerfMon_Collect??????&???o???????????????????????????&??????????????????????????????PerfMon_Close????????o???&???????????????????????????????&???????????????????????????????????????o??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501?????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????????p?????????n?????u???????????????u??fs???????????????????????????????????????????p?p?p??????????????????????????????????t????????????????j?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???oep??RpcSs?EventSystem????????&??????????????????????????????system32\DRIVERS\cdfs.sys???????????????????????E7?????????????g??????(??t?????????e????Boot File System??????????????????????????>??o?????????e????USB??????????????????????????????B???????????r?r?????????????????????????????????????????????????????????????????????????????????????????????????????????????i????????????????????????????GUID_MFE_CONNECT_CALLOUT_V6???????GUID_MFE_CONNECT_CALLOUT_V6??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????r????&????????????????????????????????4??o????????h?????????????????t??????????????????????????????????????????????????????????????????????e????????????Brother RemovableDisk(U)????system32\drivers\fltmgr.sys??????????????????????????????????????????????????o??Composite Bus Enumerator Driver?????System32\Drivers\dfsc.sys???FSFilter Infrastructure?????? ???i?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????el??????????????????nd??????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0109??????k?n????????????4C???????????????????????7???h???????????????????????????F??FF????N????????????D?????????????-??60??????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 [email protected],%6to4mp.displayname%;Microsoft 6to4 Adapter?al??Microsoft 6to4 Adapter #89?6?2??{4d36e972-e325-11ce-bfc1-08002be10318}\[email protected],%msft%;[email protected],%msft%;Microsoft?????k?t?t?s?????????????????????????????????????????????????t??@nettun.inf,%msft%;Microsoft?&??????????????????????????????????????????????????? ??X???????????x???{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0108?0????????????????????????????????????i??????????????????????????????????????????????@nettun.inf,%msft%;Microsoft??????~??????????????????????8??????-4??????????????????????IS???????????????????????????f???e?????????????????????????????????????????????????

---- EOF - GMER 1.0.15 ----

#19
Render

Posted 14 June 2011 - 09:00 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please do the following:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)
On completion reboot

Please download attachment cbs-log.zip to your desktop.
UnZip it to your desktop.
Right-click on cbs-log.bat icon and click on Run as administrator.
If User Account Control (UAC) window will open click on Yes button.
CBS.log file will be on your desktop.
Please upload that file here and post a link to it in your next reply.

#20
Middlegrove

Posted 14 June 2011 - 10:15 AM

Member

Topic Starter
Member
67 posts

where do I find attachment to cbs-log.zip?

#21
Render

Posted 14 June 2011 - 11:03 AM

Trusted Helper

Malware Removal
4,195 posts

Sorry. I forgot to attach a file. Here it is:

cbs-log.zip 216bytes 116 downloads

#22
Middlegrove

Posted 14 June 2011 - 11:29 AM

Member

Topic Starter
Member
67 posts

Command prompt window opens quickly -- says something about invalid number of parameters -- and then it closes.

#23
Render

Posted 14 June 2011 - 11:41 AM

Trusted Helper

Malware Removal
4,195 posts

Then using Windows Explorer navigate to c:\windows\logs\cbs folder. Copy file cbs.log file to your desktop. Please upload that file here and post a link to it in your next reply.

#24
Middlegrove

Posted 14 June 2011 - 01:27 PM

Member

Topic Starter
Member
67 posts

http://www.2shared.c...ZLhznWlcYnvfvRI

#25
Render

Posted 14 June 2011 - 01:43 PM

Trusted Helper

Malware Removal
4,195 posts

Thank you for log. Now please do the following:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection

<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#26
Middlegrove

Posted 14 June 2011 - 04:41 PM

Member

Topic Starter
Member
67 posts

I have mcafee security center, recently re-purchased/updated a week ago. instructions geekstogo posted to disable not really compatible. trying to find newer instructions on disabling it online. there is no "advanced menu (bottom mid left)" to start with. unless you know how to...

#27
Middlegrove

Posted 14 June 2011 - 04:53 PM

Member

Topic Starter
Member
67 posts

Render,

I believe I was able to disable McAfee. Double clicked on Combo-Fix, a window appeared that seemed to be scanning files and such, then it closed. The desktop icon for Combo-Fix is gone and there is no "C:Combo-Fix.txt"

#28
Render

Posted 14 June 2011 - 05:08 PM

Trusted Helper

Malware Removal
4,195 posts

Please re-run aswMBR.exe.
Click Scan.
Please tell me what buttons are available: Fix and/or FixMBR

#29
Middlegrove

Posted 14 June 2011 - 05:21 PM

Member

Topic Starter
Member
67 posts

FixMBR only

#30
Render

Posted 14 June 2011 - 06:34 PM

Trusted Helper

Malware Removal
4,195 posts

Please tell me if you have your original Windows CD/DVD available.

Do the following:

Step 1

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.
Under the Custom Scans/Fixes box copy and paste this in:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2011/06/02 12:40:20 | 000,000,000 | ---- | M] () -- C:\Windows\V7PTMPPR.SGTMP
[2011/05/31 16:34:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\~39575288

:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware.
Select the Update tab.
Click on Check for Updates button.
Click on OK.
Select the Scanner tab.
Select Perform quick scan, then click on Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for: