Need help - XP Pro x64 Edition Ver 2003.

**ken545** · 2012-06-19, 13:04

Hey, sorry for being brief as I was out the door heading for work and sometimes my internet access at work is iffy

The reason I had you run the System Restore program is because there where bad entries in there that would have been reinstalled if you decided to use this program to restore your computer to an earlier date, what I had you do is to flush out all the old restore points and create a new one.

Everything running OK ?

**joselepiu** · 2012-06-19, 14:36

Is still the same... really really slow... the boot time... the web surfing... & in general still really slow...

**ken545** · 2012-06-19, 18:10

Lets try 2 different scanners

Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

**joselepiu** · 2012-06-20, 08:41

The GMER Rootkit Scanner log came out empty...

Here is the other one (MBRCheck.exe)...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional x64 Edition
Windows Information: Service Pack 2 (build 3790)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 117):
0x01000000 \WINDOWS\system32\ntoskrnl.exe
0x00800000 \WINDOWS\system32\hal.dll
0x993FB000 \WINDOWS\system32\KDCOM.DLL
0x9940B000 \WINDOWS\system32\BOOTVID.dll
0x98F9E000 ACPI.sys
0x9941B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0x98F7D000 pci.sys
0x9942B000 isapnp.sys
0x99AB7000 compbatt.sys
0x997FB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0x99802000 pciide.sys
0x9943B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0x98F67000 MountMgr.sys
0x98F27000 ftdisk.sys
0x99809000 dmload.sys
0x98EE0000 dmio.sys
0x98E95000 volsnap.sys
0x9944B000 PartMgr.sys
0x98E68000 atapi.sys
0x98E3B000 nvata64.sys
0x98E26000 disk.sys
0x98E09000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0x98DCB000 fltmgr.sys
0x98DA8000 sr.sys
0x9945B000 PxHlpa64.sys
0x98D74000 KSecDD.sys
0x98C6F000 Ntfs.sys
0x98C09000 NDIS.sys
0x98BD5000 Mup.sys
0x9946B000 crcdisk.sys
0x9947B000 avgrkx64.sys
0x9948B000 avgidsha.sys
0x99165000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x9749F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0x9747C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0x9959B000 \SystemRoot\system32\DRIVERS\watchdog.sys
0x99960000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x97442000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x995AB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x970F7000 \SystemRoot\system32\drivers\ALCWDM64.SYS
0x970B7000 \SystemRoot\system32\drivers\portcls.sys
0x9706E000 \SystemRoot\system32\drivers\ks.sys
0x99967000 \SystemRoot\system32\drivers\ksthunk.sys
0x995BB000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0x96F00000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0x995CB000 \SystemRoot\system32\DRIVERS\fdc.sys
0x96EDD000 \SystemRoot\system32\DRIVERS\serial.sys
0x995DB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x96EB8000 \SystemRoot\system32\DRIVERS\parport.sys
0x96E9B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x995EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x995FB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9979B000 \SystemRoot\system32\DRIVERS\audstub.sys
0x96E75000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9960B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x96DA9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x96D95000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x96D72000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9961B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x96D52000 \SystemRoot\system32\DRIVERS\psched.sys
0x96D3C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0x9962B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0x9963B000 \SystemRoot\system32\DRIVERS\raspti.sys
0x96CE5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x96CCF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x99BC9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96CB4000 \SystemRoot\system32\DRIVERS\update.sys
0x9964B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x96CA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x964FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x99BCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x99178000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0x994CB000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x994DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9971B000 \SystemRoot\System32\Drivers\Null.SYS
0x999EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x994EB000 \SystemRoot\System32\drivers\vga.sys
0x994FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0x9950B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9951B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x95C6F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9952B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x95C44000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x95B4F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x95B11000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x95AB0000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x9918B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95A56000 \SystemRoot\system32\DRIVERS\netbt.sys
0x95A09000 \SystemRoot\System32\drivers\afd.sys
0x9919E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x959B8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x958A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x991B1000 \SystemRoot\System32\Drivers\Fips.SYS
0x997DB000 \??\C:\WINDOWS\system32\drivers\BIOS64.sys
0x9585A000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x9953B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95845000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9954B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9955B000 \SystemRoot\system32\DRIVERS\HidBatt.sys
0x956BA000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95CA3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xFF000000 \SystemRoot\System32\win32k.sys
0x95C83000 \SystemRoot\System32\drivers\Dxapi.sys
0xFE000000 \SystemRoot\System32\drivers\dxg.sys
0xFE028000 \SystemRoot\System32\nv4_disp.dll
0xFEAC5000 \SystemRoot\System32\ATMFD.DLL
0x96E05000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x941D5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x996CB000 \SystemRoot\system32\DRIVERS\CdaC15BA.sys
0x996FB000 \SystemRoot\system32\DRIVERS\CdaD10BA.sys
0x93F97000 \SystemRoot\System32\Drivers\HTTP.sys
0x93E84000 \SystemRoot\system32\DRIVERS\srv.sys
0x93CC0000 \SystemRoot\system32\drivers\wdmaud.sys
0x93C95000 \SystemRoot\system32\drivers\sysaudio.sys
0x95D13000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x924E4000 \SystemRoot\system32\drivers\kmixer.sys
0x77EC0000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
276 C:\WINDOWS\system32\smss.exe
556 csrss.exe
592 C:\WINDOWS\system32\winlogon.exe
644 C:\WINDOWS\system32\services.exe
656 C:\WINDOWS\system32\lsass.exe
864 C:\WINDOWS\system32\svchost.exe
944 svchost.exe
988 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1088 svchost.exe
1264 C:\WINDOWS\system32\spoolsv.exe
1392 svchost.exe
1444 C:\Program Files (x86)\APC PowerChute Personal Edition\mainserv.exe
1480 C:\Program Files (x86)\AVG2012\avgwdsvc.exe
1564 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
1712 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1764 C:\WINDOWS\system32\nvsvc64.exe
1916 daemonu.exe
160 svchost.exe
2172 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
2296 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
2588 wmiprvse.exe
1588 alg.exe
1596 C:\WINDOWS\system32\wscntfy.exe
976 C:\WINDOWS\explorer.exe
2936 C:\WINDOWS\soundman.exe
2108 C:\WINDOWS\system32\rundll32.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2692 C:\WINDOWS\system32\rundll32.exe
2188 C:\WINDOWS\SysWOW64\ctfmon.exe
736 C:\WINDOWS\system32\rundll32.exe
740 C:\WINDOWS\SysWOW64\rundll32.exe
1468 C:\Program Files (x86)\AVG2012\avgtray.exe
1580 C:\Program Files (x86)\AVG Secure Search\vprot.exe
1400 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2304 C:\Program Files (x86)\APC PowerChute Personal Edition\apcsystray.exe
3976 C:\WINDOWS\system32\notepad.exe
1680 C:\Documents and Settings\D\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!

**ken545** · 2012-06-20, 10:02

Looks like your fine, at this point I dont believe your problem is malware related, if you post in the windows forum I suggested they can run you through some tests to check the health of your hard drive and also maybe sort out programs that can be causing your slow boot time.

http://forums.whatthetech.com/index.php?showforum=119

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**joselepiu** · 2012-06-20, 10:47

Well, thanks...

Been getting help from the forum you suggested, will see what happens...

Thanks...

**ken545** · 2012-06-20, 12:51

Your Welcome,

Ken

Thread: Need help - XP Pro x64 Edition Ver 2003.

Thread Tools

Display

Still the same...

New Log...

Thanks...

Posting Permissions