Redirect

GMER

Note about this tool:

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  
• No matter what is in the log, please post all the information/contents of the log.
  
• These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

DragonMaster Jay wrote:

GMER

Note about this tool:

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  
• No matter what is in the log, please post all the information/contents of the log.
  
• These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

this keeps freezing i have ran it several times and everytime i run it, it freezes :sad:

Uncheck devices, and try again, please.

will do

ok

its a no go i did what you said and it just keeps freezing and stays frozen

no matter how many times i try it

Please download Norman Malware Cleaner and save to your desktop.
alternate download link

• Double-click on Norman_Malware_Cleaner.exe to start the program.
  
• Read the End User License Agreement and click the Accept button to open the scanning window.
  
• Click Start Scan to begin.
  
• In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  
• After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  

Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Norman Malware Cleaner
Version 1.8.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/10/21 19:07:10

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/10/21 19:07:10, Variants: 7865045

Scan started: 2010/10/23 12:43:27

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user: JOELEE\Joe


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 297ms


Scanning running processes and process memory...

Number of processes/threads found: 3324
Number of processes/threads scanned: 3324
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 45s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\aaw7boot.logd Settingses (Error opening file: Not found)

C:\amc6371.exesd Settings (Error opening file: Not found)

C:\AUTOEXEC.BAKe (Error opening file: Not found)

C:\AUTOEXEC.DOSgsSettings (Error opening file: Not found)

C:\Boot.bak.dllicy (Error opening file: Not found)

C:\boot.iniexelys (Error opening file: Not found)

C:\BOOTLOG.PRVedll (Error opening file: Not found)

C:\BOOTLOG.TXTs (Error opening file: Not found)

C:\BOOTSECT.DOSd Settings (Error opening file: Not found)

C:\caavsetup.log9bdca46cde987beba (Error opening file: Not found)

C:\caavsetupLog.txtttings (Error opening file: Not found)

C:\CLASSES.1STetup_Tool.exe (Error opening file: Not found)

C:\cmldrents and Settings (Error opening file: Not found)

C:\command.comngs (Error opening file: Not found)

C:\CONFIG.BAKmc (Error opening file: Not found)

C:\CONFIG.DOSelertiesttf (Error opening file: Not found)

C:\CONFIG.SYSssr (Error opening file: Not found)

C:\data371.exesd Settings (Error opening file: Not found)

C:\decoder.DEPKe (Error opening file: Not found)

C:\decoder.exeT (Error opening file: Not found)

C:\DETLOG.TXTOSgsSettings (Error opening file: Not found)

C:\Documents and Settings\Default User\NTUSER.DATysy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\desktop.inieicy (Error opening file: Not found)

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini Datattings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.dat.LOGSettings (Error opening file: Not found)

C:\Documents and Settings\NetworkService\ntuser.initsbd44c9ed0b (Error opening file: Not found)

C:\Documents and Settings\smoke s.aiysy (Error opening file: Not found)

C:\gmer.txtion Data (Error opening file: Not found)

C:\hiberfil.sysd Settings (Error opening file: Not found)

C:\hpfr5100.loge (Error opening file: Not found)

C:\image.nrgxeT (Error opening file: Not found)

C:\Install CompuServe7.0\browser.iniog9bdca46cde987beba (Error opening file: Not found)

C:\Install CompuServe7.0\gecko.exeni Datattings (Error opening file: Not found)

C:\io.sysoftSTetup_Tool.exe (Error opening file: Not found)

C:\license.txtLOGSettings (Error opening file: Not found)

C:\midi studio 2004.Key0 (Error opening file: Not found)

C:\MMJB Emanual V1.chmB5E1-96FAEADFB79D.dat (Error opening file: Not found)

C:\mp3 ripper.zipSettings (Error opening file: Not found)

C:\mp3wavc_dm.exebdca46cde987beba (Error opening file: Not found)

C:\MP3_0905_2417.exetings (Error opening file: Not found)

C:\MSDOS.---inamperve70.exe (Error opening file: Not found)

C:\MSDOS.SYSSTetup_Tool.exe (Error opening file: Not found)

C:\NETLOG.TXTmngs (Error opening file: Not found)

C:\net_save.dnay (Error opening file: Not found)

C:\ntdetect.comgs (Error opening file: Not found)

C:\ntldrREGdSelertiesttf (Error opening file: Not found)

C:\pagefile.sysData (Error opening file: Not found)

C:\Program Files\desktop.initeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\DVDParse.DLLrebdca46cde987beba (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Name.ini_2417.exetings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Order.urltware Updateexe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Procedure.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Ver.iniloadsOGSettings (Error opening file: Not found)

C:\Program Files\Free Convert MPEG WMV AVI 3GP MP4 to FLV Converter\Xill.urlnitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.exetware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\setup.ilg.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}\_setup.dlldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.cabSelertiesttf (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\data1.hdrienceSettingses (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\layout.binysData (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exeniteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.ilgiles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.inixeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.inxnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.iss and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{929408E6-D265-4174-805F-81D1D914E2A4}\setup.inx-D33B-433A-956E-B2F236468B56}LV Converter (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{C78BF2F4-C158-4179-A958-64EB7DF0BB7F}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\0x0409.iniiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\ISSetup.dlles (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.exexeT (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\Setup.ilgnmpuServe2000 (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.ini and Settings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{CC23F0EF-15E9-4264-8165-272A5AA2B873}\setup.isnnieicy (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.cabtware Updateexe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\data1.hdr.iniup_Tool.exe (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exeldsOGSettings (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.ilgitsbd44c9ed0b (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.ini-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.inxdnay (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\changes.rtfareSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dllF-E292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe4-68D7-4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllEA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeld Installation Information (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exexetings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllre Updateexe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\unins000.msgOGSettings (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dlli-8350-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\extra.cabiiteAtReboot.bat (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\instmsia.exes (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\LICENSE.TXT292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Naifiltr.catA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\NaiFiltr.infd Installation Information (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\Readme.txte.exexetings (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.exedllre Updateexe (Error opening file: Not found)

C:\Program Files\McAfee VirusScan Home Edition 7.02 Demo 30\setup.inidatiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Microsoft CAPICOM 2.1.0.2\readme.txtxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVApp.logExplorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVError.logsData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\AVVirus.logteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\CfgWiz.datxes (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\COUNTRY.DATe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\defloc.datfrontpage000 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\end_user.txticy (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.dat265-4174-805F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\exclude.defareSettings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\EXCLUDEL.DATodec Packles (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\FILTER.DATGamesnti-Malware (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVOPTS.BAK292-434B-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.datefox4D39-960E-C38F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navopts.deftA8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.tplfd Installation Information (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\navsess.txt.exexetings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\NAVW32.GID ZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\QuarOpts.datiup_Tool.exe (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.datstrumentsings (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\savrt.defg.ocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SAVRT32(2).DLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\scancfg.datVirus(2) (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\SRTLEXCL.DATPICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtlexcl.defScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.datlorertingses (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\srtsexcl.defData (Error opening file: Not found)

C:\Program Files\Norton AntiVirus(2)\VERSION.DATteAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\advcheck.dlllorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\aports.dllefData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\blindman.exeeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\FOPEXBVKBL.scry (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\KKSCLVVPDQQDB.scrsB-9661-3858F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\messages.zres8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\OptOut.inierd Installation Information (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDFiles.exeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDMain.exeAssemblies.exe (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SDUpdate.exeumentsings (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\sqlite3.dllarch & Destroy (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Tools.dlldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.datlorertingses (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.exeData (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\unins000.msgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\UninsSrv.dlliguration.ini (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\Update.exedll (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\VYEXLHNLUTWPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Spybot - Search & Destroy\ZYYSJVDFNUSNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\archive.memocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\fname.memexeLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\setup.txtllarch & Destroy (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\vdmx.cfg.exePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Visual Discomix DJ Basic\VDMX.OPNldefScan Home Edition 7.02 Demo 30 (Error opening file: Not found)

C:\Program Files\Windows Media Player\custsat.dllNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\dlimport.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\eula.txt.def (Error opening file: Not found)

C:\Program Files\Windows Media Player\LegitLibM.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\MM Jukebox Plus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\mplayer2.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\mpvis.dll Informationation Information (Error opening file: Not found)

C:\Program Files\Windows Media Player\msoobci.dll.exexetings (Error opening file: Not found)

C:\Program Files\Windows Media Player\music.bmpxeZoneUpdateexe (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDRMV2.ZIPeumentsings (Error opening file: Not found)

C:\Program Files\Windows Media Player\NPDS.ZIPmemocx44c9ed0b (Error opening file: Not found)

C:\Program Files\Windows Media Player\npdsplay.dllLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\Program Files\Windows Media Player\npwmsdrm.dllrch & Destroy (Error opening file: Not found)

C:\Program Files\Windows Media Player\pidgen.dllxePICOM 2.1.0.2 (Error opening file: Not found)

C:\Program Files\Windows Media Player\setup_wm.exelorertingses (Error opening file: Not found)

C:\Program Files\Windows Media Player\Thumbs.dbmsgeAtReboot.bat (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmdbexport.exePlayer (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmlaunch.exeontpage000 (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpband.dllPXPFMK.scr05F-81D1D914E2A4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpenc.exelNMCA.scrngs (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmplayer.exeodec Packles (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpns.dll.dllesnti-Malware (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnscfg.exelus Upgrade.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpnssci.dlllus Upgrade.WAV8F0C1AC3BA}at (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpshare.exes8-40D0-ADF3-D4C1B86FAEA4} (Error opening file: Not found)

C:\Program Files\Windows Media Player\wmpvis.dllInformationation Information (Error opening file: Not found)

C:\S50main.mi4lLL-11D3-B0BF-080009FB4A19} (Error opening file: Not found)

C:\SETUPLOG.TXTrch & Destroy (Error opening file: Not found)

C:\Shortcut to RUNNIG RIOT (C).lnk.02 Demo 30 (Error opening file: Not found)

C:\ST5UNST.LOGelorertingses (Error opening file: Not found)

C:\SUHDLOG.DATorksa (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\fifo.logelf-Extractorde.mp358F5D7BF63}LV Converter (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_driver.cfguildertings (Error opening file: Not found)

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\_filelst.cfgoneUpdateexe (Error opening file: Not found)

C:\win2.log.log (Error opening file: Not found)

C:\YServer.txtllesnti-Malware (Error opening file: Not found)

Scanning: E:\*.*

E:\pedro house\04 MUSIC IS THE KEY.mp3F-81D1D914E2A4} (Error opening file: Not found)

E:\pedro house\32 HERE WE GO.mp3E YOU.mp3 (Error opening file: Not found)

E:\pedro house\6-What Turns Me On-Red Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\7-Swinging-Dj Sound.mp3Dog.mp3he Hooligans.mp3 (Error opening file: Not found)

E:\pedro house\Adonis No Way Back.mp3e.mp3 (Error opening file: Not found)

E:\pedro house\Classics-Pineapples - Come On Closer.mp3ovin-(Strictly Rhythm).mp3 (Error opening file: Not found)

E:\pedro house\Debbie Deb When I Hear Music.mp3Ultimix).MP3 (Error opening file: Not found)

E:\pedro house\Den Harrow Megamix '99.mp300.mp3 (Error opening file: Not found)

E:\pedro house\Dont Call Me Baby-Madison Ave.mp3ght(dominatrix12inch).mp3 (Error opening file: Not found)

E:\pedro house\Farley jackmaster funk_jack the bass.mp3Love Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Feel My Mother f*** Bass-Paul Johnson.mp3e Can't Turn Around.mp3 (Error opening file: Not found)

E:\pedro house\Fresh The Real Love.mp3s.mp3 (Error opening file: Not found)

E:\pedro house\Gerardo Rico Suave.mp3o My Eyes.mp3 (Error opening file: Not found)

E:\pedro house\Go-Troy brown.mp3ember.mp3 (Error opening file: Not found)

E:\pedro house\Thumbs.dbrown.mp3ember.mp3 (Error opening file: Not found)

E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP454\change.logni (Error opening file: Not found)

E:\System Volume Information\_restore{F2F6889F-4C22-4172-BE13-5C8630D49D6E}\RP312\change.logntSize (Error opening file: Not found)

E:\TYRA FROM SAIGON\6329_117573507306_552812306_2768689_2208365_n.jpg.jpg (Error opening file: Not found)

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 916
Number of archives unpacked: 0
Number of files scanned: 683
Number of files not scanned: 233
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1m 41s

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Right-click on the file and select Extract All...
  
• Choose a location to save extracted files and keep pressing Next until Finish.
  
• Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete the folder RenewMyDNS.

hey this shows personal stuff like ip address and such

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows XP [Version 5.1.2600]


``````````Network and DNS Information``````````




Windows IP Configuration



Host Name . . . . . . . . . . . . : JOELEE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100)

Physical Address. . . . . . . . . : 00-E0-81-00-5E-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.72.134

68.87.77.134

Lease Obtained. . . . . . . . . . : Monday, October 25, 2010 11:01:00 AM

Lease Expires . . . . . . . . . . : Tuesday, October 26, 2010 11:01:00 AM




Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.





``````````Speed-test - Ping``````````


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50

Reply from 67.195.160.76: bytes=32 time=47ms TTL=50

Reply from 67.195.160.76: bytes=32 time=45ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 47ms, Average = 46ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=89ms TTL=114

Reply from 64.202.189.170: bytes=32 time=91ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114

Reply from 64.202.189.170: bytes=32 time=87ms TTL=114



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 91ms, Average = 88ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=49ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243

Reply from 69.63.189.16: bytes=32 time=46ms TTL=243



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 49ms, Average = 46ms



Pinging google.com [74.125.95.99] with 32 bytes of data:



Reply from 74.125.95.99: bytes=32 time=25ms TTL=53

Reply from 74.125.95.99: bytes=32 time=22ms TTL=53

Reply from 74.125.95.99: bytes=32 time=24ms TTL=53

Reply from 74.125.95.99: bytes=32 time=21ms TTL=53



Ping statistics for 74.125.95.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 25ms, Average = 23ms


********************
EOF

Not to worry, it is not your IP address of your computer. It is only the IP addresses of the companies tested in the ping test, or the DNS servers you have. Luckily your DNS servers are owned by Comcast.

I was looking for a hacker there, but found nothing.

Is your computer still having redirects?

no but pop ups in the browser

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4957

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/26/2010 10:23:00 PM
mbam-log-2010-10-26 (22-23-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 279156
Time elapsed: 2 hour(s), 58 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Guest\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\temp\0.016503196824546484.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

but i am still having problems :sad:

now i have no sound im being told there are no active mixer devices available

and i always had sound

Looks like the malware killed sound.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

ok

it wont let me post the report

if i copy and paste the report and hit send it just wont go threw

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.

will do

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 3, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 16:14:05
Records in database: 4203178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 189398
Threats found: 4
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 09:28:30


File name / Threat / Threats count
C:\WINDOWS\system32\cryptnet32.dll/C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd Infected: Trojan-Downloader.Java.Agent.hx 1
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe Infected: Trojan.Win32.FakeAv.phm 1
C:\WINDOWS\system32\cryptnet32.dll Infected: Trojan.Win32.Delf.aeyp 1
C:\WINDOWS\Temp\_52.tmp Infected: Trojan-Dropper.Win32.Delf.gqd 1

Selected area has been scanned.

:sad:

I was on vacation all week. Apparently the other helpers did not see this thread.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

# Fake antivirus alerts or the icon in the system tray


and firefox keeps crashing

and did kaspersky remove anything?

i see it found stuff but did it remove it?

Clean files with OTM

Please download OTM

• Save it to your desktop.
  
• Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):
  

  
  :files
  C:\WINDOWS\system32\cryptnet32.dll
  C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd
  C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe
  C:\WINDOWS\system32\cryptnet32.dll
  C:\WINDOWS\Temp\_52.tmp
  
  :Commands
  [emptytemp]
  [purity]
  [Reboot]

  
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

All processes killed
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cryptnet32.dll
C:\WINDOWS\system32\cryptnet32.dll moved successfully.
C:\Documents and Settings\Guest\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-641eeccd moved successfully.
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1849\A0361961.exe moved successfully.
File/Folder C:\WINDOWS\system32\cryptnet32.dll not found.
C:\WINDOWS\Temp\_52.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 17402 bytes
->Temporary Internet Files folder emptied: 451934 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 17206651 bytes
->Flash cache emptied: 1113 bytes

User: Joe
->Temp folder emptied: 1821936782 bytes
->Temporary Internet Files folder emptied: 5250115 bytes
->Java cache emptied: 3073529 bytes
->FireFox cache emptied: 108919898 bytes
->Flash cache emptied: 80602 bytes

User: LocalService
->Temp folder emptied: 69832 bytes
->Temporary Internet Files folder emptied: 15357442 bytes
->Flash cache emptied: 33267 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 50418025 bytes
->Java cache emptied: 38 bytes
->Flash cache emptied: 73262 bytes

%systemdrive% .tmp files removed: 16777216 bytes
%systemroot% .tmp files removed: 1460996 bytes
%systemroot%\System32 .tmp files removed: 4182033 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17044036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26550860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 23601860 bytes
RecycleBin emptied: 1147527267 bytes

Total Files Cleaned = 3,109.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11092010_112424

Files moved on Reboot...

Registry entries deleted on Reboot...




as soon as mozilla opened i got a Fake antivirus alerts

Investigate MBR/Check for TDL4

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

i downloaded GMER ran it then when i tried to get the report quik flash then blue screen of death a think now windows will not start

i tried to start it in all safe modes but no good is it dead?

Why did you download/run GMER? I said to download the Stealth MBR Rootkit/TDL4 Detector.

Do you have a XP cd or the Recovery Console installed?

Xp cd no Recovery Console. Not sure how would I find out from the state its in?

I did run the mbr from the link you posted

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, please do the following:

Please run Stealth MBR Rootkit Detector

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

if i dont have the cd are there any other options?

Yes. Would you rather burn a Recovery disc?

well i have no choice where would i find it?

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the
program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created
RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed
drop-down menu, choose the top 8X setting. Format should have "Mode 1"
selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart. Boot to the CD and enter the Recovery Console.

When there, do this:

type in "fixmbr" and hit Enter.



Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally this time.

ITS BACK !!! WOOOHOOO

Excellent. Now see if you can run this scan...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

RUNNING

ok

C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1860\A0388227.exe a variant of Win32/Adware.FakeAntiSpy.M application cleaned by deleting - quarantined
C:\System Volume Information\_restore{1820F488-9212-4A2F-9198-DF89AD58E60C}\RP1860\A0388228.dll Win32/Lukicsel.O trojan cleaned by deleting - quarantined

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

so far so good i will keep you posted thank you

Let me know of any more redirects or fake alerts.

Tell me in two days how it is going. If good, we will clean it all up.

Going good? Time to clean up?