Sorry if this is concise, I just spent an hour & a half writing a detailed description of my problem in detail, tried to submit, loaded attachments, and then POOF!!! Nothing. I lost all of it to cyberworld. I'm at my wits end, help ... please! I'm running windows xp sp 3 fully updated, 2 gb ram dual core, enclosed are attachments. Any and all help is appreciated, thank you.
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Please just copy and paste the reports we ask for in lew of attaching them, its easier for us to analyse
Just give me a brief description of what your experiencing
Hi, first a brief description of problem and stuff already done prior to posting my first question. I got a message after visiting a site that my HD & Ram memory were failing, I eaasily found the culprit and removed it (2 randomly named exe's located in apps/data folder). I then noticed I couldn't safely remove usb drives/sticks and msconfig said I needed admin rights to change services (only 1 user on this comp). Starting getting redirected to bad sites thru ie and firefox, and then couldn't run tools such as malwarebytes and prevx. Avast still worked, though in blocking mal sites it always seemed to reference Xdogcat.dll, this seemed an odd named file. I finally loaded rkill which allowed me to run Kasperskys TDSSKill which found an infected mbr, which I allowed it to fix. Things SEEM, ok now, but I'm sort of wary, moreso because I lost use of avast (I havent reinstalled yet because I had created my initial scan log, and tried to keep with the READ BEFORE info). BTW, I;m sorry about the attachments rather than pasting into post, I must have missed that part, sorry. Anyways, thats where I'm at now, so here's the scan you requested. Almost forgot, I'm running a dual boot 2 xp pro, if that matters (the second is used only to help fix problems such as this when the need arises). Thank you in advance for any and all help, it's very much appreciated.
aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-26 03:01:02
03:01:02.890 OS Version: Windows 5.1.2600 Service Pack 3
03:01:02.890 Number of processors: 2 586 0x170A
03:01:02.890 ComputerName: FRED UserName:
03:01:03.546 Initialize success
03:12:32.921 AVAST engine defs: 12012600
03:12:46.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:12:46.187 Disk 0 Vendor: TOSHIBA_MK8034GSX AH303B Size: 76319MB BusType: 3
03:12:46.203 Disk 0 MBR read successfully
03:12:46.203 Disk 0 MBR scan
03:12:46.234 Disk 0 Windows XP default MBR code
03:12:46.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20481 MB offset 63
03:12:46.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6149 MB offset 41945715
03:12:46.265 Disk 0 Partition - 00 0F Extended LBA 49685 MB offset 54540682
03:12:46.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14331 MB offset 54540745
03:12:46.265 Disk 0 Partition - 00 05 Extended 35353 MB offset 83891430
03:12:46.296 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 35353 MB offset 83891493
03:12:46.296 Disk 0 scanning sectors +156296385
03:12:46.343 Disk 0 scanning C:\WINDOWS\system32\drivers
03:12:58.015 Service scanning
03:12:59.250 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
03:12:59.296 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
03:12:59.859 Modules scanning
03:13:13.046 Disk 0 trace - called modules:
03:13:13.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
03:13:13.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6df030]
03:13:13.062 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x8a6e0c58]
03:13:13.062 5 hpdskflt.sys[ba3395ae] -> nt!IofCallDriver -> \Device\0000008a[0x8a7801f8]
03:13:13.062 7 ACPI.sys[b9e57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6a9940]
03:13:13.781 AVAST engine scan C:\WINDOWS
03:13:17.921 AVAST engine scan C:\WINDOWS\system32
03:15:42.703 AVAST engine scan C:\WINDOWS\system32\drivers
03:15:56.031 AVAST engine scan C:\Documents and Settings\Valued Customer
03:17:07.562 AVAST engine scan C:\Documents and Settings\All Users
03:18:36.578 Scan finished successfully
03:33:57.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
03:33:57.593 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.