Jump to content

Change Mode

help&get_help_motive

Members
  • Content Count

    122
  • Joined

  • Last visited

About help&get_help_motive

  • Rank
    Member
  • Birthday 11/25/1986

Contact Methods

  • Website URL
    http://

Profile Information

  • Interests
    nEthing to do with fixing computer hardware

Previous Fields

  • System Specifications:
    System Information Available Hard Drive Space = 70 GB Operating System = Microsoft* Windows* XP Build Number = 2600 System Memory = 510 MB Processor Processor Family = Intel(R) Pentium(R) 4 CPU 2.80GHz Bus Speed = 800 MHz Processor L1 Cache = Data Cache 8KB, Execution Trace Cache 12K Micro-ops Processor L2 Cache = Advanced Transfer Cache 512 KB
  • Teams:
    PC Builders Club
  1. Hi TomK, Thanks for all your help and specially JonTom. This threat can be closed as resolved. Thanks again
  2. Hi TomK, The system is running fine, AGV Scan did not show any Virus. Have a look at this log from before. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: Hitachi_HTS543232L9A300 rev.FB4OC4FC -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82E7B458] -> \Device\Harddisk0\DR0[0x86717528] 3 CLASSPNP[0x8C9BC59E] -&
  3. Hi Tomk, System is running slower then before. But the main thing is, is there any viruses left in the system? Do you see the scans with any threat?? What about the wininit.exe explorer.exe i use this laptop to buy products off the Internet. Thanks
  4. Hi TomK here is the latest combofix log ComboFix 10-11-27.01 - Nisha 03/12/2010 0:08.3.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3544.2665 [GMT 0:00] Running from: c:\users\Nisha\Desktop\TomK.exe . ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))) . 2010-12-03 00:14 . 2010-12-03 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-03 00:14 . 2010-12-03 00:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-12-02 00:21 . 2010-12-02 00:21 -------
  5. Hi Tomk, It's working, I installed avg pc tuneup, that application was interfering with combofix, as soon as the combofix scan completes I will post the log Thanks
  6. Hi Tomk It still did not work, combobox (saved as TomK) gave me the same AVG error. have a look at the AVG remover log, see if it will help at all. 2010-12-02 23:52:01,740 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013) 2010-12-02 23:52:01,771 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013) 2010-12-02 23:52:01,771 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d) 2010-12-02 23:52:01,771 WARN AvgDir param empty. 2010-12-02 23:52:01,771 WARN AvgDataDir param empty.
  7. Hi TomK, Deleted the previous copy, emptied the recycle bin, downloaded a new combofix saved as TomK, ran ok and it said AVG is still running. I have not reinstalled it yet.
  8. Hi Tomk_ DDS log as requested DDS (Ver_10-11-10.01) - NTFSx86 Run by Nisha at 20:31:53.81 on 02/12/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3544.2676 [GMT 0:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windo
  9. Hi Tomk_ Removed old copies of Combofix, emptied Recycle Bin, Disabled AVG Security suite, Ran ComboFix As Admin Only showed me A progress bar and no logs. then uninstalled AVG altogether, downloaded another fresh copy of combofix, got the same result. ran AVG remover restarted PC and then tried combofix again, again only the progress bar and no logs. Thanks for your reply
  10. hi JonTom here is the screenshot of the scan results, there was no option for "list of viruses" and i could not find "export to txt" file. Unfortunately the system is gone significantly slow. i checked the Task manager, cant see any file using up excessive amount of CPU. Thanks
  11. Hi i dont how i managed to do that. C:\Windows\ERDNT\cache\wininit.exe http://www.virustotal.com/file-scan/report.html?id=f6b4d18fa0d3c4958711ac0d476c21a6fdf2897f989a0ad290b43f463dd8b5b0-1291159752
  12. Hi JonTom I only noticed screen flickers today, and no they dont happen without running scans. logs from VirusTotal C:\Windows\ERDNT\cache\wininit.exe http://www.virustotal.com/file-scan/report.html?id=f6b4d18fa0d3c4958711ac0d476c21a6fdf2897f989a0ad290b43f463dd8b5b0-1291074521 C:\Windows\winsxs\Backup\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13_wininit.exe_7a527f28 http://www.virustotal.com/file-scan/report.html?id=f6b4d18fa0d3c4958711ac0d476c21a6fdf2897f989a0ad290b43f463dd8b5b0-1291074857 Thanks
  13. Hi I just noticed that during the scans Desktop refreshes or quickly flickrs, is it normal?? here is the log SystemLook 04.09.10 by jpshortstuff Log created at 19:11 on 29/11/2010 by Nisha Administrator - Elevation successful ========== filefind ========== Searching for "*Wininit*" C:\Users\Nisha\Documents\Nisha\Nisha\Uni\Level1\MG1052.IntroductionToAccounting\bookeeping\userinfo\afterini\wininit.ini --a---- 61 bytes [00:57 05/06/2010] [14:41 31/01/2006] 32D2278014FF897CA815A038F12960A6 C:\Users\Nisha\Documents\Nisha\Nisha\Uni\Level1\MG1052.IntroductionToAccoun
  14. Rootkit Unhooker RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows 7 Version 6.1.7600 Number of processors #2 ============================================== >Drivers ============================================== 0x92A2E000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x82E3F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System) 0x82E3F000 PnpManager 4259840 bytes 0x82E3F000 RAW 4259840 bytes 0x82E3
×
×
  • Create New...