Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Helpme220 on October 18, 2011, 08:06:03 AM
-
Hello, My fiancee and I just opened a new business, I was setting up or office computer and we already have avirus. the webrowser will not connect to secure sites. I am running microsoft secirity essential , also I am running zone alarm for firewall. I believe in my rushing to get it up and running I clicked on a java update and got infected.This is a brand new compaq presario CQ57 running windows 7 . It has 2 gb of ram and 250 for the harddrive. I have used you guys before and have always been the greatest help. I started with internet explorer because the web browser software works better with it .When I started experiencing issues i downloaded safari. Both browsers would not connect to secure sites. I ran everthing you guys asked to run here are the logs .Also as soon as it happened I ran a hijackthis , so I have that log also If you would like
Thank you for your help
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/18/2011 at 08:07 AM
Application Version : 5.0.1134
Core Rules Database Version : 7809
Trace Rules Database Version: 5621
Scan type : Complete Scan
Total Scan Time : 01:50:20
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 652
Memory threats detected : 0
Registry items scanned : 69835
Registry threats detected : 0
File items scanned : 115067
File threats detected : 0
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.1.7601 Service Pack 1
10/17/2011 6:21:45 PM
mbam-log-2011-10-17 (18-21-45).txt
Scan type: Quick Scan
Objects scanned: 76969
Time elapsed: 4 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Yogaborn at 8:56:45 on 2011-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.704 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{708D7C27-4961-4CAA-A759-9482F82BBE80}\95F4741424F425E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E99281A5-CFB5-42F8-B773-86188358DBF2} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-7-27 945200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-7-27 463408]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-27 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-1 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-27 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-2-15 822264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2011-7-27 126904]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2011-10-18 10:02:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\offreg.dll
2011-10-17 22:58:19 -------- d-----w- C:\Users\Yogaborn\AppData\Local\CrashDumps
2011-10-17 22:57:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-17 22:57:23 -------- d-----w- C:\ProgramData\SUPERSetup
2011-10-17 22:48:21 -------- d-----w- C:\Program Files\CCleaner
2011-10-17 22:24:50 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-17 22:24:50 -------- d-----w- C:\Windows\System32\Wat
2011-10-17 21:34:07 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-10-17 21:33:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-17 21:32:43 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\SUPERAntiSpyware.com
2011-10-17 21:32:43 -------- d-----w- C:\Program Files (x86)\SUPERAntiSpyware
2011-10-17 21:32:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29:24 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\Malwarebytes
2011-10-17 21:29:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-17 21:29:00 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-17 21:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:10:33 -------- d-----w- C:\Users\Yogaborn\AppData\Local\Apple Computer
2011-10-16 20:05:04 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21916713-46F5-43E4-B890-7EED73234696}\mpengine.dll
2011-10-16 20:02:43 -------- d-----w- C:\Program Files\Bonjour
2011-10-16 20:02:43 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-16 20:01:36 -------- d-----w- C:\Users\Yogaborn\AppData\Local\Apple
2011-10-16 13:51:31 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-10-16 13:51:31 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-10-16 13:51:31 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-10-16 13:51:31 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-10-16 13:51:30 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-16 13:51:30 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-10-16 13:51:29 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-10-16 13:51:29 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-10-16 13:50:36 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-10-16 13:50:35 605552 ----a-w- C:\Windows\System32\winload.exe
2011-10-16 13:50:35 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-10-16 13:50:35 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-10-16 13:50:35 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-10-16 13:50:35 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-10-16 13:50:34 642944 ----a-w- C:\Windows\System32\winload.efi
2011-10-16 13:48:08 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-16 13:48:08 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48:08 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-10-16 13:44:57 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-10-16 13:44:57 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-10-16 13:42:19 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-10-16 13:42:17 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-10-16 13:42:17 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-10-16 13:35:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-10-16 13:33:24 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33:23 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-10-16 13:33:09 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-10-16 13:33:09 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-10-16 13:33:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-10-16 13:33:09 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-10-16 13:31:53 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-10-16 13:31:23 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-16 13:31:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-16 13:31:22 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-16 13:31:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-16 13:29:46 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-16 13:28:52 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-16 13:28:51 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-16 13:28:51 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-16 13:28:50 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-16 13:26:22 2871808 ----a-w- C:\Windows\explorer.exe
2011-10-16 13:26:21 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-10-16 13:26:06 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-10-16 13:26:06 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-10-16 13:26:06 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-10-16 13:22:52 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-10-16 13:22:51 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-10-16 13:22:51 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-10-16 13:22:51 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-10-16 13:22:51 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-10-16 13:22:42 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-10-16 13:22:42 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-10-16 13:22:12 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D
2011-10-14 21:21:30 -------- d-----w- C:\Users\Yogaborn\AppData\Local\Diagnostics
2011-10-14 21:13:57 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\CheckPoint
2011-10-14 20:58:47 -------- d-----w- C:\Program Files\CheckPoint
2011-10-14 20:57:30 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
2011-10-14 20:57:27 -------- d-----w- C:\Windows\SysWow64\ZoneLabs
2011-10-14 20:57:19 458840 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
2011-10-14 20:56:34 458840 ------w- C:\Windows\System32\drivers\vsdatant.sys
2011-10-14 20:56:31 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-10-14 20:55:46 -------- d-----w- C:\ProgramData\CheckPoint
2011-10-14 20:55:43 -------- d-----w- C:\Windows\Internet Logs
2011-10-14 20:10:24 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09:09 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-14 20:05:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-14 20:03:19 -------- d-----w- C:\Users\Yogaborn\AppData\Local\AMD
2011-10-14 20:02:43 -------- d-----w- C:\Users\Yogaborn\AppData\Local\ATI
2011-10-14 20:02:31 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\PictureMover
2011-10-14 20:01:40 -------- d-----w- C:\Users\Yogaborn\AppData\Local\BMExplorer
2011-10-14 20:01:28 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\Synaptics
2011-10-14 20:00:03 -------- d-----w- C:\Users\Yogaborn\AppData\Roaming\hpqlog
2011-10-14 19:59:54 -------- d-----w- C:\Users\Yogaborn\AppData\Local\RemEngine
2011-10-14 19:53:46 -------- d-----w- C:\Users\Yogaborn\AppData\Local\Hewlett-Packard
2011-10-14 19:53:26 -------- d-----w- C:\Users\Yogaborn\AppData\Local\Hewlett-Packard_Company
2011-10-14 19:51:06 -------- d-----w- C:\Users\Yogaborn\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-10-18 12:44:30 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-27 11:00:01 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-27 10:47:14 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 8:59:04.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2011 3:50:04 PM
System Uptime: 10/18/2011 6:02:02 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 195.272 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.724 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 10/14/2011 3:52:00 PM - First_User_Boot
RP4: 10/14/2011 4:07:00 PM - Windows Update
RP5: 10/16/2011 4:03:03 PM - Installed Safari
RP6: 10/17/2011 5:17:48 PM - Windows Update
RP7: 10/18/2011 8:42:16 AM - Installed Java(TM) 6 Update 27 (64-bit)
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
HijackThis 2.0.2
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Safari
SUPERAntiSpyware Free Edition
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/18/2011 6:13:43 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072ee2 Error description: The operation timed out
10/18/2011 6:08:07 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
10/18/2011 6:05:25 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/18/2011 6:04:17 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
10/18/2011 6:03:17 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:37:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
10/17/2011 6:33:03 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
10/17/2011 6:28:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/17/2011 6:27:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
10/17/2011 6:26:32 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 6:26:32 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:37:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
10/17/2011 5:33:59 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
10/17/2011 5:33:59 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/17/2011 5:32:56 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
10/17/2011 5:32:55 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
10/17/2011 5:24:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/17/2011 5:23:52 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
10/17/2011 5:17:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
10/17/2011 12:33:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.
10/16/2011 9:09:18 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1674.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
10/16/2011 8:59:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/16/2011 5:41:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
10/16/2011 2:57:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/16/2011 10:14:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.1674.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80072ee2 Error description: The operation timed out
10/14/2011 5:16:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/14/2011 5:16:22 PM, Error: Service Control Manager [7022] - The AMD FUEL Service service hung on starting.
10/14/2011 5:14:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/14/2011 5:11:36 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer WIN-JT0CBKGICFJ using any of the configured protocols.
10/14/2011 5:00:20 PM, Error: Service Control Manager [7030] - The ZoneAlarm Toolbar IswSvc service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/14/2011 4:57:45 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
Thank you
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The logs show that you have two AV programs and two Firewalls on your computer. Please make sure that only one of each is activated at any time.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: IESpeakDoc - No File
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
You may uninstall Java(TM) 6 Update 22. It is no longer needed.
*************************************************
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .
-
Hey dave, thank you for your help. followed your instructions here are the two logs. Just to let you know when I tried to unistall Java 22 it wouldnt unistall and kept asking me if I wanted this program to update . I said no and ran the other log . Hope i did this correctly , look forwrd to hearing from you .
========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 10182011_214209
MiniToolBox by Farbar
Ran by Yogaborn (administrator) on 18-10-2011 at 21:50:15
Windows 7 Home Premium Service Pack 1 (X64)
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
::1 localhost
127.0.0.1 localhost
========================= IP Configuration: ================================
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Yogaborn-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 3C-D9-2B-2B-6B-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : D0-DF-9A-89-0B-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : D0-DF-9A-88-9C-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8455:925c:c388:85a0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 18, 2011 9:26:34 PM
Lease Expires . . . . . . . . . . : Wednesday, October 19, 2011 9:26:33 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 248569754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-C1-A1-8A-D0-DF-9A-88-9C-0B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{708D7C27-4961-4CAA-A759-9482F82BBE80}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:ca7:9ad:bbf6:3812(Preferred)
Link-local IPv6 Address . . . . . : fe80::ca7:9ad:bbf6:3812%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1
Name: google.com
Addresses: 74.125.73.104
74.125.73.105
74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103
Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=122ms TTL=50
Reply from 74.125.73.104: bytes=32 time=72ms TTL=50
Ping statistics for 74.125.73.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 122ms, Average = 97ms
Server: UnKnown
Address: 192.168.1.1
Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=154ms TTL=55
Reply from 72.30.2.43: bytes=32 time=116ms TTL=55
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 116ms, Maximum = 154ms, Average = 135ms
Pinging 127.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
===========================================================================
Interface List
15...3c d9 2b 2b 6b 52 ......Realtek PCIe FE Family Controller
13...d0 df 9a 89 0b 9b ......Bluetooth Device (Personal Area Network)
11...d0 df 9a 88 9c 0b ......Atheros AR9285 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:ca7:9ad:bbf6:3812/128
On-link
11 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::ca7:9ad:bbf6:3812/128
On-link
11 281 fe80::8455:925c:c388:85a0/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
System errors:
=============
Error: (10/18/2011 09:41:19 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (10/18/2011 09:41:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (10/18/2011 09:37:37 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.113.1787.0
Update Source: %NT AUTHORITY59
Update Stage: 3.0.8402.00
Source Path: 3.0.8402.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (10/18/2011 09:32:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/18/2011 09:32:08 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/18/2011 09:32:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/18/2011 09:29:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (10/18/2011 09:26:58 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
Feature: %%835
Error Code: 0x80004005
Error description: Unspecified error
Reason: %%842
Microsoft Office Sessions:
=========================
Error: (10/18/2011 09:50:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:49:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:49:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:48:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:48:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:48:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:48:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:47:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
Error: (10/18/2011 09:47:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.
========================= Memory info: ===================================
Percentage of memory in use: 67%
Total physical RAM: 1642.9 MB
Available physical RAM: 532.29 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1678.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.12 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:218.76 GB) (Free:194.36 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.83 GB) (Free:1.72 GB) NTFS
4 Drive f: (ROBSHIT) (Removable) (Total:1.89 GB) (Free:1.58 GB) FAT
5 Drive g: (ROBSHIT 2) (Removable) (Total:3.74 GB) (Free:0.07 GB) FAT32
========================= Users: ========================================
User accounts for \\YOGABORN-HP
Administrator Guest Yogaborn
**** End of log ****
Cross my fingers
Rob
-
There doesn't appear to be anything wrong with your internet connection.
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
Hello, I ran security check , here is the log. I tried running combofix several times and it would always get stuck on completed scan 48 then do nothing for like half an hour . Hope i'm not doing anything wrong. I disabled all my protection and followed instructions . >:(
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
ZoneAlarm
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 22
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````
Hope you can help
Thank you for your time
Rob
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Delete your copy of ComboFix from your desktop or just drag it into your Recycling bin.
Download ComboFix by sUBs from one of the below links. You must rename it before saving it!
Important! You MUST save ComboFix to your desktop
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Rename ComboFix to Combo-Fix before saving it to the desktop.
(http://img708.imageshack.us/img708/6562/cf1.gif)
(http://img708.imageshack.us/img708/6739/cf2.gif)
Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click on Combo-Fix.exe & follow the prompts.
Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
When the scan completes it will open a text window.
Post the contents of that log in your next reply.
Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
-
I 've tried running combo fix , I get top completed scan 48 and then it stops runs for about half an hour and no text log. I have disabled my firewall and microsoft essential . Please let me know what I could possibly be doing wrong
Thank you again
-
Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat
Navigate to Start --> Run, and enter the following command exactly as shown:
"%userprofile%\desktop\blackpudding.bat" /killall
See if ComboFix will run now
-
Here you go
Blackpudding.bat is not valid Win 32 app
Whatever that means
We will keep trying
Thank you for your help
-
Ok. Please boot in Safe Mode and try running ComboFix from there.
Safe Mode (http://www.computerhope.com/issues/chsafe.htm#03)
-
It worked here we go
ComboFix 11-10-24.04 - Yogaborn 10/25/2011 18:40:34.8.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.1137 [GMT -4:00]
Running from: c:\users\Yogaborn\Desktop\blackpudding.bat.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 22:49 . 2011-10-25 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 22:32 . 2011-10-25 22:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\offreg.dll
2011-10-23 22:11 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B13DC33-BF30-4599-B1B4-D53C7E3DAF12}\mpengine.dll
2011-10-17 22:57 . 2011-10-17 22:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-17 22:57 . 2011-10-17 22:57 -------- d-----w- c:\programdata\SUPERSetup
2011-10-17 22:48 . 2011-10-17 22:48 -------- d-----w- c:\program files\CCleaner
2011-10-17 22:24 . 2011-10-17 22:24 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-17 22:24 . 2011-10-17 22:24 -------- d-----w- c:\windows\system32\Wat
2011-10-17 21:34 . 2011-10-17 21:34 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-10-17 21:33 . 2011-10-17 21:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- c:\program files (x86)\SUPERAntiSpyware
2011-10-17 21:32 . 2011-10-17 21:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-17 21:29 . 2011-10-17 21:29 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 21:29 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 21:28 . 2011-10-18 12:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-16 20:04 . 2011-10-16 20:04 -------- d-----w- c:\program files (x86)\Safari
2011-10-16 20:04 . 2011-10-16 20:04 -------- d-----w- c:\programdata\Apple Computer
2011-10-16 20:02 . 2011-10-16 20:02 -------- d-----w- c:\program files\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-16 20:02 . 2011-10-16 20:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-10-16 20:01 . 2011-10-16 20:01 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-10-16 20:01 . 2011-10-16 20:01 -------- d-----w- c:\programdata\Apple
2011-10-16 13:51 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2011-10-16 13:51 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-10-16 13:51 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-10-16 13:51 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-10-16 13:51 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-10-16 13:51 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-10-16 13:51 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-10-16 13:50 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-10-16 13:50 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-10-16 13:50 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-10-16 13:50 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-10-16 13:50 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-10-16 13:50 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-10-16 13:50 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-10-16 13:48 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-16 13:48 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-16 13:48 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-16 13:46 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-16 13:44 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-10-16 13:44 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-10-16 13:42 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-16 13:42 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-16 13:42 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-10-16 13:35 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-16 13:33 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-10-16 13:33 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-10-16 13:33 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-10-16 13:33 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-10-16 13:33 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-10-16 13:31 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-16 13:31 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-16 13:31 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-16 13:31 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-16 13:31 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-16 13:29 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-16 13:28 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-16 13:28 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-16 13:28 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-16 13:26 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-10-16 13:26 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-10-16 13:26 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-10-16 13:26 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-16 13:26 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-10-16 13:23 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-10-16 13:23 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-10-14 20:58 . 2011-10-14 20:58 -------- d-----w- c:\program files\CheckPoint
2011-10-14 20:57 . 2011-03-18 05:24 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-10-14 20:57 . 2011-03-18 05:24 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-10-14 20:57 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-10-14 20:57 . 2011-10-14 21:00 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-10-14 20:57 . 2010-05-15 20:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-10-14 20:56 . 2010-05-15 20:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-10-14 20:56 . 2011-10-14 20:56 -------- d-----w- c:\program files (x86)\Zone Labs
2011-10-14 20:55 . 2011-10-14 20:55 -------- d-----w- c:\programdata\CheckPoint
2011-10-14 20:55 . 2011-10-25 22:23 -------- d-----w- c:\windows\Internet Logs
2011-10-14 20:10 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-14 20:09 . 2011-10-14 20:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0618841-57E2-459B-8563-496CBB29D6AE}\gapaengine.dll
2011-10-14 20:05 . 2011-10-14 20:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-14 20:05 . 2011-10-14 20:05 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-14 19:53 . 2011-10-14 19:53 -------- d-----w- c:\users\Public\Symantec
2011-10-14 19:50 . 2011-10-14 20:00 -------- d-----w- c:\users\Yogaborn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:30 . 2011-04-11 18:48 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-14 19:51 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-01 138400]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-01 76448]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2769589679-632928384-3400369357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-25 18:54:05
ComboFix-quarantined-files.txt 2011-10-25 22:54
.
Pre-Run: 206,573,289,472 bytes free
Post-Run: 206,196,031,488 bytes free
.
- - End Of File - - F081C4A61ACC4341890E8249D3540735
Hope this work
Thank you
again
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
********************************************
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
-
Thank you dave, I wil run all this tonight and hopefully get the logs posted. One question, should I stay in safe mode while running these programs?
Let me know
Thank you again
-
One question, should I stay in safe mode while running these programs?
Let me know
Please try to run them in Normal Mode.
-
Heres the rooter log
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:218 Go - Free:192 Go )
D:\ [Fixed-NTFS] .. ( Total:13 Go - Free:1 Go )
E:\ [CD_Rom]
.
Scan : 17:03.44
Path : C:\Users\Yogaborn\Desktop\Rooter.exe
User : Yogaborn ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked ???? (288)
Locked ???? (452)
Locked ???? (544)
Locked ???? (552)
Locked ???? (608)
Locked ???? (628)
Locked ???? (656)
Locked ???? (664)
Locked ???? (776)
Locked ???? (852)
Locked ???? (900)
Locked ???? (992)
Locked ???? (304)
Locked ???? (424)
Locked ???? (380)
Locked ???? (1120)
Locked ???? (1212)
Locked ???? (1336)
Locked ???? (1420)
Locked ???? (1528)
Locked ???? (1536)
Locked ???? (1856)
Locked ???? (1956)
Locked ???? (2008)
Locked ???? (1380)
Locked ???? (1348)
Locked ???? (1232)
Locked ???? (1688)
Locked ???? (1684)
Locked ???? (1776)
Locked ???? (1708)
Locked ???? (1692)
Locked ???? (1912)
Locked ???? (1188)
Locked ???? (1752)
Locked ???? (2108)
Locked ???? (2164)
Locked ???? (2200)
Locked ???? (2292)
Locked ???? (2336)
Locked ???? (2360)
Locked ???? (2384)
Locked ???? (3004)
Locked ???? (3012)
Locked ???? (2260)
Locked ???? (2708)
Locked ???? (3200)
Locked ???? (1720)
Locked ???? (3456)
Locked ???? (3312)
Locked ???? (3624)
Locked ???? (1832)
Locked ???? (3668)
______ ???}?????? (2720)
Locked ???? (860)
______ ???}?????? (3904)
______ ???}?????? (2540)
______ ???}?????? (1364)
______ ???}?????? (1924)
______ ???}?????? (3544)
______ ???}?????? (2704)
______ ???}?????? (4088)
Locked ???? (3260)
______ C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (4248)
______ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (4512)
______ C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (4604)
______ ???}?????? (4612)
Locked ???? (5084)
______ ???}?????? (4448)
______ ???}?????? (5116)
______ ???}?????? (4944)
______ C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (5012)
Locked ???? (4664)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (5264)
Locked ???? (5784)
______ ???}?????? (6068)
______ ???}?????? (5336)
______ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (6108)
______ C:\Users\Yogaborn\Desktop\Rooter.exe (4016)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:208666624)
\Device\Harddisk0\Partition2 (Start_Offset:209715200 | Length:234893606912)
\Device\Harddisk0\Partition3 (Start_Offset:235103322112 | Length:14846787584)
\Device\Harddisk0\Partition4 (Start_Offset:249950109696 | Length:108191744)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:03.52
.
C:\Rooter$\Rooter_1.txt - (27/10/2011 | 17:03.52)
I ran the avenger , normal and in safe mode , wouldn't save the log
Let me know what I need to do to finish this
Thank you again for your help
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I'm ready to throw this thing in a river . Tried running Eset i get an unexpected error 3!!! i still have all my firewall and microsoft essential turned off. Sorry this took so long storm dropped us for days just got back online
What next am I doing something wrong thank you again for help.
-
I forgot to tell you at first the application said , esetsmartinstaller _enu.exe is not a valid Win32 application
-
I forgot to tell you at first the application said , esetsmartinstaller _enu.exe is not a valid Win32 application.
ESET is supposed to run on a 64 bit machine which, according to the logs, you have.
Please try this one.
Run the BitDefender Online scanner (http://www.bitdefender.com/scanner/online/free.html)
Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.
When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.
This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
Post the bdscan.txt file as an Attachment.
-
Ok , so I cannot get the link to work . I tried with safari and it was a no go just kept giving me the spinning icon. then I tried link form internet explorer nothing. then I went to www.bitdefender .com directly and tried a quick scan. It gave me this
Your browser has javascript disabled or another plugin/ software is blocking Javascript code. Please enable javascript in your browser or add bit defender.com to the exceptions list ?
Would this have something to do with my problem?
I'm sorry if i'm not doing everything correctly this is so frustrating
What should I do now ?
-
Please enable javascript in your browser or add bit defender.com to the exceptions list ?
Would this have something to do with my problem?
That could be the problem.
-
Okay i turn on java scripting and put bitdefender on my trusted sites. its a no go i can google bitdefender but then when i try to get the free online scanner i cant connect . It even said that my javascript was disable which it wasnt. I was wondering if a safe mode reboot to last know configuration would help . So I could at least try to run one of these programs . Also when I do get a website now and again, the pictures look weird like trasparent and some time just code looks like it comes up . also it opens two pages at the same time . this computer is screwed .
please help.
-
Ok. Let's see you can run this one.
Download Dr.Web CureIt to the desktop:
Dr WebCureIt (http://ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe)
- Double-click the launch.exe or cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, chose the Complete Scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow
(http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg)
at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look and see if you can click the following icon next to the files found:
(http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
- This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
-
ok, so itried your link to dr. web cure it , said could not find ftp. server . that was on infected computer. i tried link on my personal computer it sent me to umbdrive and some rumba site . Anyways I went on dr web cureit site download the online scanner on the noninfected computer put it on a thumbdrive
and downloaded it to my infected computer desktop. I ran express scan found nothing then I ran complete scan took all night I got this RTHDCPL.exe C;swsetup/drivers/audio probably backdoor trojan , I tried to select and cure would not give me that option so i moved it . I guess i should of deleted it but who knows . I am attaching the report . I know Its not exactly what you said to do but its something .
please let this help
RTHDCPL.exe;C:\SWSetup\Drivers\Audio\WDM;Probably BACKDOOR.Trojan;Moved.;
-
Please see if you can run ESET or BitDefender again.
-
I tried running both , eset still says it is a 32 bit application, and bit defender just spins and spins. also when i do get to to download most of the programs you give me to try they have a shied in front of the icon. combofix, eset, security check . and dr web cure , but rooter and javara don't does that have something to do with it . The shield is yellow and blue.
help
-
but rooter and javara don't does that have something to do with it . The shield is yellow and blue.
Can you give me a screenshot of that?
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
Let's run a few more scans to see what turns up.
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Here is my link to image shack of desktop
http://img214.imageshack.us/img214/9867/desktopaw.jpg
I tried running , ansMBR.exe said it wasn't a 32 bit win application
There was no shield on this one though
lets keep it going . I'm not lettting these bastards win
-
I can't really see what you're talking about in the screenshot.
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
okay so i downloaded the mbr , wouldn't run everything said mbr.exe is not valid Win 32 application. So then I went on my other computer and downloaded it to my thumbdrive . I then put it in the infected computer , when I dragged the Mbr to the desktop one of those yellow and blue shields I told you about pops up over the desktop icon . And also said , mbr.exe is not a valid Win 32 application. so then i ran the mbr right from the thumbdrive and it ran
here is the log
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ57 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 218):
0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
0x02C13000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00C84000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C91000 \SystemRoot\system32\PSHED.dll
0x00CA5000 \SystemRoot\system32\CLFS.SYS
0x00D03000 \SystemRoot\system32\CI.dll
0x00EF2000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F96000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA5000 \SystemRoot\system32\drivers\ACPI.sys
0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E13000 \SystemRoot\system32\drivers\pci.sys
0x00E46000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\drivers\compbatt.sys
0x00E71000 \SystemRoot\system32\drivers\BATTC.SYS
0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys
0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DC3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DDD000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00C2A000 \SystemRoot\system32\drivers\msahci.sys
0x00C35000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C45000 \SystemRoot\system32\DRIVERS\amd_sata.sys
0x010BE000 \SystemRoot\system32\DRIVERS\storport.sys
0x01121000 \SystemRoot\system32\DRIVERS\amd_xata.sys
0x0112E000 \SystemRoot\system32\drivers\amdxata.sys
0x01139000 \SystemRoot\system32\drivers\fltmgr.sys
0x01185000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01285000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
0x01414000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01353000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x015D2000 \SystemRoot\System32\drivers\pcw.sys
0x015E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CA000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018C5000 \SystemRoot\System32\drivers\tcpip.sys
0x01AC9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B13000 \SystemRoot\system32\drivers\volsnap.sys
0x01B5F000 \SystemRoot\System32\Drivers\spldr.sys
0x01B67000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BA1000 \SystemRoot\System32\Drivers\mup.sys
0x01BB3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BBC000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01800000 \SystemRoot\system32\drivers\disk.sys
0x01816000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01888000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0168B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018B2000 \SystemRoot\System32\Drivers\Null.SYS
0x018BB000 \SystemRoot\System32\Drivers\Beep.SYS
0x016BC000 \SystemRoot\System32\drivers\vga.sys
0x017BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017E2000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017F2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015ED000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01272000 \SystemRoot\System32\Drivers\Npfs.SYS
0x013B1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01014000 \SystemRoot\system32\drivers\afd.sys
0x02E31000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E76000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x02F0B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F14000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F3A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F50000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F5F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F7A000 \SystemRoot\system32\drivers\termdd.sys
0x02F8E000 \SystemRoot\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
0x03CBF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03CF5000 \SystemRoot\system32\drivers\NISx64\1201000.025\Ironx64.SYS
0x03D21000 \SystemRoot\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS
0x03D37000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D41000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03D9C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DA8000 \SystemRoot\system32\drivers\mssmbios.sys
0x03C00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
0x03C76000 \SystemRoot\System32\drivers\discache.sys
0x03C85000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CA3000 \SystemRoot\system32\drivers\blbdrive.sys
0x04058000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
0x04143000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04169000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0417E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04ADF000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03EB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03FA7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03FED000 \SystemRoot\system32\drivers\usbohci.sys
0x03E00000 \SystemRoot\system32\drivers\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x03E64000 \SystemRoot\system32\drivers\usbehci.sys
0x03E75000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05316000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03E99000 \SystemRoot\system32\drivers\CmBatt.sys
0x0534C000 \SystemRoot\system32\drivers\i8042prt.sys
0x03E9E000 \SystemRoot\system32\drivers\kbdclass.sys
0x04408000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04564000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04566000 \SystemRoot\system32\drivers\mouclass.sys
0x04575000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x0536A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x058B0000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05B52000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05B5F000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05B68000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05B78000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x05B7E000 \SystemRoot\system32\DRIVERS\ks.sys
0x05BC1000 \SystemRoot\system32\drivers\ksthunk.sys
0x05BC7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0585F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0587A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05BDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05BF7000 \SystemRoot\system32\drivers\swenum.sys
0x0589B000 \SystemRoot\system32\DRIVERS\btath_bus.sys
0x045CB000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x045DF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A00000 \SystemRoot\system32\drivers\usbhub.sys
0x04A5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05CB7000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05F4B000 \SystemRoot\system32\drivers\portcls.sys
0x05F88000 \SystemRoot\system32\drivers\drmk.sys
0x05FAA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05FB8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05FC2000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x05FD9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x05FEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C00000 \SystemRoot\system32\DRIVERS\btfilter.sys
0x05C48000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x026FF000 \SystemRoot\System32\Drivers\bthport.sys
0x0278B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x027A8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02600000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x0262C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x0263C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0265C000 \SystemRoot\system32\DRIVERS\btath_rcp.sys
0x02681000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0269A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04A6F000 \SystemRoot\system32\drivers\btath_a2dp.sys
0x02A8B000 \SystemRoot\system32\DRIVERS\btath_hcrp.sys
0x02AEE000 \SystemRoot\system32\DRIVERS\btath_flt.sys
0x02AFD000 \SystemRoot\system32\DRIVERS\btath_lwflt.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00830000 \SystemRoot\System32\ATMFD.DLL
0x02B1E000 \SystemRoot\system32\drivers\luafv.sys
0x02B41000 \SystemRoot\system32\drivers\WudfPf.sys
0x02B62000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02B77000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02BCA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02BDD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A00000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x056F0000 \SystemRoot\system32\drivers\HTTP.sys
0x057B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057D7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0562D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0567B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06C30000 \SystemRoot\system32\drivers\peauth.sys
0x06CD6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06CE1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06D12000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06D24000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07040000 \SystemRoot\System32\DRIVERS\srv.sys
0x070D8000 \??\C:\Windows\system32\drivers\mbam.sys
0x07187000 \SystemRoot\system32\DRIVERS\monitor.sys
0x07195000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x071B0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77BC0000 \Windows\System32\ntdll.dll
0x48100000 \Windows\System32\smss.exe
0xFFEE0000 \Windows\System32\apisetschema.dll
0xFF710000 \Windows\System32\autochk.exe
0xFFE50000 \Windows\System32\shlwapi.dll
0xFFC70000 \Windows\System32\setupapi.dll
0x77A60000 \Windows\System32\wininet.dll
0x77940000 \Windows\System32\kernel32.dll
0xFFBF0000 \Windows\System32\difxapi.dll
0xFFB50000 \Windows\System32\msvcrt.dll
0xFFB30000 \Windows\System32\sechost.dll
0xFFA50000 \Windows\System32\advapi32.dll
0x77D90000 \Windows\System32\normaliz.dll
0xFF840000 \Windows\System32\ole32.dll
0x77D80000 \Windows\System32\psapi.dll
0xFEAB0000 \Windows\System32\shell32.dll
0x777F0000 \Windows\System32\urlmon.dll
0xFEA40000 \Windows\System32\gdi32.dll
0xFE970000 \Windows\System32\usp10.dll
0xFE940000 \Windows\System32\imm32.dll
0x775E0000 \Windows\System32\iertutil.dll
0x774E0000 \Windows\System32\user32.dll
0xFE810000 \Windows\System32\rpcrt4.dll
0xFE770000 \Windows\System32\clbcatq.dll
0xFE760000 \Windows\System32\lpk.dll
0xFE700000 \Windows\System32\Wldap32.dll
0xFE6B0000 \Windows\System32\ws2_32.dll
0xFE5D0000 \Windows\System32\oleaut32.dll
0xFE530000 \Windows\System32\comdlg32.dll
0xFE420000 \Windows\System32\msctf.dll
0xFE410000 \Windows\System32\nsi.dll
0xFE3F0000 \Windows\System32\imagehlp.dll
0xFE380000 \Windows\System32\KernelBase.dll
0xFE340000 \Windows\System32\cfgmgr32.dll
0xFE1D0000 \Windows\System32\crypt32.dll
0xFE130000 \Windows\System32\comctl32.dll
0xFE110000 \Windows\System32\devobj.dll
0xFE0D0000 \Windows\System32\wintrust.dll
0xFE0C0000 \Windows\System32\msasn1.dll
0x77D70000 \Windows\SysWOW64\normaliz.dll
Processes (total 91):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
436 csrss.exe
532 C:\Windows\System32\wininit.exe
552 csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
648 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
996 C:\Windows\System32\atiesrxx.exe
304 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\atieclxx.exe
1320 C:\Windows\System32\svchost.exe
1400 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1564 C:\Windows\System32\wlanext.exe
1576 C:\Windows\System32\conhost.exe
1844 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1928 C:\Windows\System32\spoolsv.exe
1984 C:\Windows\System32\svchost.exe
1232 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1440 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1540 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1608 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
1288 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
1708 C:\Program Files\Bonjour\mDNSResponder.exe
1676 C:\Windows\System32\svchost.exe
1792 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1896 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1108 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1560 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2088 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
2144 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
2180 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2320 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2348 C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
2448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2176 C:\Windows\System32\svchost.exe
2888 C:\Windows\System32\taskhost.exe
2912 C:\Windows\System32\svchost.exe
3148 C:\Windows\System32\dwm.exe
3172 C:\Windows\explorer.exe
3236 C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
3372 WmiPrvSE.exe
3748 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
3636 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
3624 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3668 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3724 C:\Program Files\Microsoft Security Client\msseces.exe
3888 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
1296 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
4172 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
4192 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
4352 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4444 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4612 C:\Windows\System32\SearchIndexer.exe
5052 C:\Program Files\Windows Media Player\wmpnetwk.exe
5064 C:\Windows\System32\taskeng.exe
5116 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
352 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
4344 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2680 C:\Windows\System32\svchost.exe
2696 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3040 WmiPrvSE.exe
4928 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
4876 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5200 C:\Windows\System32\svchost.exe
5856 dllhost.exe
4416 C:\Windows\ehome\ehmsas.exe
5888 C:\Windows\System32\mspaint.exe
4244 C:\Program Files (x86)\Safari\Safari.exe
2992 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
156 C:\Windows\System32\wuauclt.exe
6052 C:\Windows\System32\audiodg.exe
6440 C:\Windows\servicing\TrustedInstaller.exe
5908 WUDFHost.exe
7000 C:\Windows\System32\SearchFilterHost.exe
5136 C:\Windows\System32\wbem\WMIADAP.exe
6428 C:\Windows\System32\SearchProtocolHost.exe
2256 dllhost.exe
1204 dllhost.exe
6660 F:\MBRCheck.exe
6980 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`bd400000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA1G
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
Done!
Hope this helps .
Thank you again for this saga of trying to get this computer to run
-
Please Boot to the System Recovery Options (http://www.sevenforums.com/tutorials/668-system-recovery-options.html)
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
On the System Recovery Options menu you will get the following options:
- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt
Choose Command Prompt
You should see X:\SOURCES>...
Execute the following commands in bold.
Press Enter after every one of them.
bootrec /fixmbr (<--- there is a "space" after "bootrec")
exit
Restart computer.
Post new aswMBR log.
-
okay so i tried downloading asw mbr again , wouldn t open up on desktop " not a win32 application". So i put the aswmbr on a stick and ran it from there . everytime i try to download anything to my desktop when I try to run it it says " not a win 32 application" here is the log
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-07 20:17:09
-----------------------------
20:17:09.799 OS Version: Windows x64 6.1.7601 Service Pack 1
20:17:09.799 Number of processors: 2 586 0x100
20:17:09.814 ComputerName: YOGABORN-HP UserName: Yogaborn
20:17:13.933 Initialize success
20:17:36.742 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
20:17:36.758 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 11
20:17:38.802 Disk 0 MBR read successfully
20:17:38.802 Disk 0 MBR scan
20:17:38.817 Disk 0 Windows 7 default MBR code
20:17:38.817 Service scanning
20:17:41.422 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:17:42.000 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
20:17:42.670 Modules scanning
20:17:42.670 Disk 0 trace - called modules:
20:17:42.702 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:17:42.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002427410]
20:17:42.733 3 CLASSPNP.SYS[fffff88001b8c43f] -> nt!IofCallDriver -> [0xfffffa800230eac0]
20:17:42.748 5 amd_xata.sys[fffff88001111900] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8001dfa250]
20:17:43.294 Scan finished successfully
20:18:54.087 Disk 0 MBR has been saved successfully to "C:\Users\Yogaborn\Desktop\MBR.dat"
20:18:54.118 The log file has been saved successfully to "C:\Users\Yogaborn\Desktop\aswMBR.txt"
hope this helps
-
forgot to say , i did reboot into system recovery options
choose command propmpt
got x:\ windows \systems32
not x:\sources>..
still ran bootrec/fixmbr
said operation completed successfully
aswmbe still would nor run from desk top
thank you
-
Try a repair install. XPrepairinstall (http://michaelstevenstech.com/XPrepairinstall.htm)
-
I'm a little confused , I have windows seven on this computer , why do an xp repair?
-
I'm a little confused , I have windows seven on this computer , why do an xp repair?
Sorry. Incorrect link. Please try this link. (http://www.itechtalk.com/thread2602.html)
-
What if i do not have a windows seven installation dvd ? I don't believe I was given one , the computer was just loaded with windows seven when i bought it .
-
You can create an OS DVD by downloading Windows 7 from this site. (http://www.smartestcomputing.us.com/topic/38032-windows-7-iso-direct-download-links/) You will need an ISO Burner to create the DVD.
CDBurnerXP (http://www.majorgeeks.com/CDBurnerXP_d4242.html) works on all operating systems from Microsoft Windows 2000 SP4 onwards.