Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer has stopped working


  • This topic is locked This topic is locked

#16
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Same problem. After about 30-some percent of Kaspersky scan I get a window "Windows has encountered a critical problem and will restart in one minute."
  • 0

Advertisements


#17
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please proceed with this:

Posted Image GMER Rootkit Scanner

  • Download GMER from HERE.
  • Extract the contents of zipped file to your desktop.
  • Double click GMER.exe.

    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

Posted Image

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
  • Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • 0

#18
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-13 20:41:01
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ???t????????????????????text?r??????0f??????????t???????????????????????? ???????t?????t?????????????????????????s???????t??????????????? ???????t???????????p????????(???????1?????ProfSvc_Group????t???????????????????????????|??????? ???????t???????????`????????(? ??????1?????????????????????????t???????????????????{?{?{???t?t1????t??? ???????t???????????r????????(????????????????????????????????????????????????????????t1????t?t?t?t????? ???????t???????????t?,??????(?????????????????????????????????????????????????????? ???????t???????????r????????(???????6?????????S???????????????????????G????????????{?{???????t1??t???t???t???t6??t????????? ???????t?????t?????o????????(?????????????? ???????t???????????t????????B???????1??????!????????????????????????e????????????????????????????e????????????????????????????????????????????????????????? ???????t???????????t????????B????? ??????????????????????????????????e?????????????????????????????????t???t?t?t???!????????????????????????e?????? ?????????????????????t???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????? ?????????????????????0????????????&???????????????????????6-21-2006???????????????????????????????? ?????????????????????0?????????????????????????????????????????????????????B???????????n??%m??6.1.7600.16385????????:[email protected],%msft%;Microsoft??????<?????????????????????? ??????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????????????????????????????????????*6to4mp?????????????????????????????????????????????????????????????????Type????????????????????? ????????????????????????????$?N?:?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0058?20????N?????????????????{D90B3561-67F0-4A60-AF73-944068D44C68}???????????????????e???????????????????s??????????????? ???????-???????????????????9??????????? ?????? ?)?????????? ?????????????????????0??????????l?&???????????????????????? ?????????????????????0??????*?4??? ????????????????????l??????????????????4????i????????????4??????r??ri??Local Area Connection* 52???????????????????????????2????7?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ?????~???k??? ???????j?????k?????k?????????????? ???????R??????????????????s????? ???????k???????????k??????????b????????????m?m????LegacyDriver?-????(??????????????????z???????????i?k?k?k????s????k?????????;?;???l?l,%?????k?&???????3????N??l???1????Dl32???l?l,%?????????????????|????WUDFRd?????????????????????s?????k??text?}???????k???????e??????????????t????????????????k??????????? ???????j?????k?????k?????????????? ???????C???? ???????k???????????k??????????`??????????????k?&?????k?&??????????????s????????????a???n???k???k????N??????}????D??????l?l?????k??????????????????????Microsoft????l?l??????X??k????????????X???????????????????[email protected]??????s???????????????????????????? ???????j?????k?????k????????????"? ???????O???? ???????j?????k?????k?????????????? ???????L???NativeWifiP??????k??? ???????k???????????k??????????^????????????????????????????k??? ???????j?????k?????k????????????1? ???????V??????????????????????????k?&?????k?&[email protected]
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ???t?????????????|???????????t??????????????PEAUTH??????????? ???????n?????t????????????????:????????S??system32\DRIVERS\pci.sys??????N??????7???????2??tunnel???????????????????????????o?o?u???u???????????????????????????z????`??t?????????n?????????z??????????????????????????????6-21-2006????????????|???6????8??t????????h?????5.1?????????????????????*6to4mp?????????????????????????? [email protected]%SystemRoot%\system32\drivers\partmgr.sys,-100???????????????????????????P??u?????????n??????N??????d??????????Performance Counters for Windows Driver????????????????g?????????????????????????????????s??????????????????Ta??????????????????????????????????t?????????????????????%?????????????????????????C:\ProgramData\Microsoft\MF??????????/???????????????????????????????7%??????????????~??10.0.0.1?????????????????????????{?{????? ???????t???????????t?????????????? ????????????k?k?t?t?t?t?t?????t???t????? [email protected]%systemroot%\system32\srvsvc.dll,-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????????|?|???t????????????????? ???????????????????????????????????????f????N??????F?????D4-??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????? ?????????????????????,????????z?????#??#??????????Microsoft 6to4 Adapter Driver???? ??????????????????tunnel???????????????????e??tunnel??e???? ????????????????????????"?????p?-???????????N???????????D?????Net?0???????????????????? ????????????????????????"?????p?(???????????X???????????????N??????&???????&??{4d36e972-e325-11ce-bfc1-08002be10318}???&???????????&???&??Net??&??? ???????&???????&??*6to4mp??&??? ????????????????????????????$?N?K?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0075??&???????????&????????????N???????????D?????{4d36e972-e325-11ce-bfc1-08002be10318}??????? ??????????????? ??*6to4mp?????? ????????????????????????????$?N?6?????????{4d36e972-e325-11ce-bfc1-08002be10318}\0054?ft??????????? ????????????N??????????????????????????????e???????????????????s??????????????ROOT\*6TO4MP\0049???nettun.inf???e??????????? ???????????????????s?0????????~??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????????m?????????????m????? ???????m?????m???????0???????????????????????m???m???m??-11c??? ???????m???????????l?0?????????????????????????j??????????????????????????????t??????m????? ???????m?????m???????0????????????&????????????????????n?????m???m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-9505-00c04f79deaf}\0001????????m????? ???????m?????m???????0????????????????????Microsoft???? ???????m???????????m?0??????????????????????N??n???4???????????????j???????e??.NT?8B?????????????m????? ???????m?????m???????0??????????????????????N???????????D?????? ???????m???????????m?0???????????????????????????????????????????????????????????????????????????m????? ???????m?????m???????0????????????????????? ???????m???????????m?0????????????????????6.1.7600.16385????????6??????????????m?mMD?????????????????m????? ???????m?????m???????0?????????????????????????m??????s????????????????m??? ???????m???????????m?0????????????????????{533c5b84-ec70-11d2-950
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\[email protected] ????????????????????????????????????????????????????????????????Generic volume shadow copy?tem??storage\volumesnapshot?2\s????*??????5??????????? ???k?????????o4m??tunnel??? ??Microsoft???????????????*i????????????`?????????????????????????? ???????9??????????? ???????_???[email protected]usbprint.inf,%usbprint.devicedesc%;USB Printing Support?????????????????5??????????????????????????????????? ???????????????????????????????????????f??? ?????????????z???????0??L????????? ??????49A??? ?????????????????????0????????????&????????????????????8??????????? ?????????????????????0????????????????????????????? ???????????????????g?0????????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?ewa??????????? ?????????????????????0????????????????????? ???????????????????i?0????????????????????? ?????????????????????0????????????????????????????????????????? ???????????????????j?0????????????????????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???k????????????????????Network????????k????? ???????k?????k???????0??????????????????????$??k???????????k??? ???????k???????????j?0????????2???????????mrxsmb???????????k??????s????????k??????s????????m?????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????"????????????????????????????????????M???l??mferkdet?m???k???????????k?????k????? ???????k?????k???????0?????????????????????????????3???????k?k?k?k????????? ???????k???????????j?0????????(??????????????? ??????????s?????????k???D??sE???????????k?????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0???????????????????????????????????sN???? ???k?????????????????????????k????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????$???????????? ???????j?????k??????????????????????????????Y??????????&?????k????? ???????k?????k???????0???????????????????????k???k???k???k???k???k???k???k???k????????????? ???????k???????????j?0?????????????????????????????????????k?????k????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???k?????????/???????e????X??????????????????????l?l??????z???????????????????N??????????????????????????????????????????????????????????????l?l?????????????????????B??? ???????j?????k?????k??????????????????????? ???????k???????e??????????????????.NTAMD64????VolumeSnapshot???????????????????????????????????s??????AsyncMac?????????k??????s???{8ECC055D-047F-11D1-A537-0000F8753ED1}?????????????????????s?????????k???:???????k?k?k?k????s??????k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???k?p????????????????????????X??l???&???&??Tcpip????????????????l?l????.NTAMD64?????????k???l?l?e???????r??????p???????????????s????????????s?????sis??Volume???????????????????????????????????????????????????????????????????????????k?k?k???????j???????e???????????????????????????????????????3???????k??????????LegacyDriver?????????????????p???p???????????????????????????????????????g???????????j???????e???k?k?k?k?????????????????????????????????????????????????m?m??????????????????????N??k????????D?????volsnap??????????????????k???????????????????????????????????????????????k??? ???????k???????????k??????????N????????????g?k?k?k?????????????????2?????????k?&???l?l?????????????????k?l?k??? H??????????????????????????????????????????B?????s44??44???????????????????3????????????????P??u?????????e?????k??????????????volume.inf:MSFT.NTamd64:volume_install:6.1.7600.16385:storage\volume?????????????????????????????????????????k??????????volume_install???????????????????????????k???????????????????????????????k?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o?????&???o???I???????????????????r??*6to4mp?????????????t????????????????????o????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????GUID_MFE_CONNECT_CALLOUT_V4???????GUID_MFE_CONNECT_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????es??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4?$???$?GUID_MFE_CONNECT_DISCARD_CALLOUT_V4??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????x8??????????????????????????????????????????????????????????????????????????????????????????????????????????????????$???$?GUID_MFE_CONNECT_DISCARD_
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o?????o???????????????????????????????o??????????t????????p??????p???????????system32\DRIVERS\compbatt.sys?ompbatt.sys???????<????????????????????????o???????????????????????o??????p???System32\drivers\discache.sys?????????????????R??p????????h???????4??o????????h??????????o?????????e?????????o???s??ep??ep??????????ic???p???p???o?????????????????????????????????????????#[email protected],-23501???????????????????????????P??o?????????n????*6to4mp?????Video Init???????????????????????o??PerfMon_Collect??????&???o???????????????????????????&??????????????????????????????PerfMon_Close????????o???&???????????????????????????????&???????????????????????????????????????[email protected]FirewallAPI.dll,-23501?????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????????p?????????n?????u???????????????u??fs???????????????????????????????????????????p?p?p??????????????????????????????????t????????????????j?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???oep??RpcSs?EventSystem????????&??????????????????????????????system32\DRIVERS\cdfs.sys???????????????????????E7?????????????g??????(??t?????????e????Boot File System??????????????????????????>??o?????????e????USB??????????????????????????????B???????????r?r?????????????????????????????????????????????????????????????????????????????????????????????????????????????i????????????????????????????GUID_MFE_CONNECT_CALLOUT_V6???????GUID_MFE_CONNECT_CALLOUT_V6??????????????????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P??????????? ???????????r????&????????????????????????????????4??o????????h?????????????????t??????????????????????????????????????????????????????????????????????e????????????Brother RemovableDisk(U)????system32\drivers\fltmgr.sys??????????????????????????????????????????????????o??Composite Bus Enumerator Driver?????System32\Drivers\dfsc.sys???FSFilter Infrastructure?????? ???i?????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\[email protected] ????el??????????????????nd??????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0109??????k?n????????????4C???????????????????????7???h???????????????????????????F??FF????N????????????D?????????????-??60??????????????[email protected],%6to4mp.displayname%;Microsoft 6to4 [email protected],%6to4mp.displayname%;Microsoft 6to4 Adapter?al??Microsoft 6to4 Adapter #89?6?2??{4d36e972-e325-11ce-bfc1-08002be10318}\[email protected],%msft%;[email protected],%msft%;Microsoft?[email protected]nettun.inf,%msft%;Microsoft?&??????????????????????????????????????????????????? ??X???????????x???{4d36e972-e325-11ce-bfc1-08002be10318}??????{4d36e972-e325-11ce-bfc1-08002be10318}\0108?0????????????????????[email protected]nettun.inf,%msft%;Microsoft??????~??????????????????????8??????-4??????????????????????IS???????????????????????????f???e?????????????????????????????????????????????????

---- EOF - GMER 1.0.15 ----
  • 0

#19
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following:

  • Go to Start > All Programs > Accessories
  • Right click Command Prompt and select Run as administrator
  • When the prompt opens type the following bolded text and press enter

    sfc /scannow (Note: There is a space between sfc and /scannow)
  • On completion reboot

  • Please download attachment cbs-log.zip to your desktop.
  • UnZip it to your desktop.
  • Right-click on cbs-log.bat icon and click on Run as administrator.
  • If User Account Control (UAC) window will open click on Yes button.
  • CBS.log file will be on your desktop.
  • Please upload that file here and post a link to it in your next reply.

  • 0

#20
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
where do I find attachment to cbs-log.zip?
  • 0

#21
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Sorry. I forgot to attach a file. Here it is: Attached File  cbs-log.zip   216bytes   103 downloads
  • 0

#22
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Command prompt window opens quickly -- says something about invalid number of parameters -- and then it closes.
  • 0

#23
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Then using Windows Explorer navigate to c:\windows\logs\cbs folder. Copy file cbs.log file to your desktop. Please upload that file here and post a link to it in your next reply.
  • 0

#24
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
http://www.2shared.c...ZLhznWlcYnvfvRI
  • 0

#25
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Thank you for log. Now please do the following:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image

<li>It is important you rename Combofix during the download, but not after.
<li>Please do not rename Combofix to other names, but only to the one indicated.
<li>Close any open browsers.
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection

<li>Double click on combo-Fix.exe & follow the prompts.
<li>When finished, it will produce a report for you.
<li>Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

Advertisements


#26
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I have mcafee security center, recently re-purchased/updated a week ago. instructions geekstogo posted to disable not really compatible. trying to find newer instructions on disabling it online. there is no "advanced menu (bottom mid left)" to start with. unless you know how to...
  • 0

#27
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Render,

I believe I was able to disable McAfee. Double clicked on Combo-Fix, a window appeared that seemed to be scanning files and such, then it closed. The desktop icon for Combo-Fix is gone and there is no "C:Combo-Fix.txt"
  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please re-run aswMBR.exe.
  • Click Scan.
  • Please tell me what buttons are available: Fix and/or FixMBR

Posted Image
  • 0

#29
Middlegrove

Middlegrove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
FixMBR only
  • 0

#30
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please tell me if you have your original Windows CD/DVD available.

Do the following:

Step 1

We need to run an OTL Fix

  • Please right click on Posted Image on your desktop and click on Run as administrator.
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    [2011/06/02 12:40:20 | 000,000,000 | ---- | M] () -- C:\Windows\V7PTMPPR.SGTMP
    [2011/05/31 16:34:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\~39575288

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • MBAM log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP