Author Topic: adobe flash misbehaving (Read 33352 times)

kamikaze33 · « **Reply #15 on:** August 05, 2011, 03:55:16 PM »

ComboFix 11-08-02.03 - Joel 08/04/2011 18:11:42.1.2 - x86 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2047.1466 [GMT -6:00]
ComboFix Log

Running from: k:\computer restoration\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
K:\Autorun.inf
k:\programs\Steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-03 00:07 . 2011-08-03 00:26   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-08-02 12:27 . 2011-08-02 12:27   --------   d-----w-   c:\program files\NirSoft
2011-08-02 12:24 . 2011-08-02 12:24   1606368   ----a-w-   c:\windows\system32\drivers\athw.sys
2011-08-02 10:28 . 2011-07-20 15:44   6881616   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EA13145-693C-41A8-A926-B051183C4FF8}\mpengine.dll
2011-07-25 22:37 . 2011-07-25 22:38   --------   d-----w-   c:\users\Joel\AppData\Local\Realtime Soft
2011-07-25 22:20 . 2011-07-25 22:20   --------   d-----w-   c:\users\Joel\AppData\Roaming\Realtime Soft
2011-07-25 22:19 . 2011-07-29 00:20   --------   d-----w-   c:\program files\UltraMon
2011-07-25 22:19 . 2011-07-25 22:19   --------   d-----w-   c:\programdata\Realtime Soft
2011-07-24 22:13 . 2011-07-24 22:13   --------   d-----w-   c:\windows\system32\sda
2011-07-24 22:13 . 2011-07-24 22:13   9888360   ----a-w-   c:\windows\system32\RtsUStoricon.dll
2011-07-24 22:12 . 2011-07-24 22:12   197224   ----a-w-   c:\windows\system32\drivers\RtsUStor.sys
2011-07-24 22:12 . 2011-07-24 22:12   313960   ----a-w-   c:\windows\system32\RtsUStor.dll
2011-07-24 22:08 . 2011-07-24 22:07   485920   ----a-w-   c:\windows\system32\nvuninst.exe
2011-07-24 22:07 . 2011-07-24 22:07   485920   ----a-w-   c:\windows\system32\nvunrm.exe
2011-07-24 22:07 . 2011-07-24 22:07   287392   ----a-w-   c:\windows\system32\drivers\nvmf6232.sys
2011-07-24 22:07 . 2011-07-24 22:07   898048   ----a-w-   c:\windows\system32\fdco2.dll
2011-07-24 22:07 . 2011-07-24 22:07   155648   ----a-w-   c:\windows\system32\nvconrm.dll
2011-07-24 21:26 . 2011-07-24 21:26   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 21:13 . 2011-07-24 21:13   --------   d-----w-   c:\programdata\UAB
2011-07-24 21:12 . 2011-07-24 21:12   --------   d-----w-   c:\users\Joel\AppData\Local\PC_Drivers_Headquarters
2011-07-24 20:55 . 2011-08-03 01:55   --------   d-----w-   c:\users\UpdatusUser
2011-07-24 20:55 . 2011-08-02 06:15   --------   d-----w-   c:\programdata\NVIDIA
2011-07-24 20:55 . 2011-05-25 06:09   66664   ----a-w-   c:\windows\system32\nvshext.dll
2011-07-24 20:55 . 2011-05-25 06:09   615528   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-07-24 20:55 . 2011-05-25 06:09   2557544   ----a-w-   c:\windows\system32\nvsvc.dll
2011-07-24 20:55 . 2011-05-25 06:09   111208   ----a-w-   c:\windows\system32\nvmctray.dll
2011-07-24 20:55 . 2011-05-25 06:09   3693672   ----a-w-   c:\windows\system32\nvcpl.dll
2011-07-24 20:55 . 2011-05-25 06:09   543336   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2011-07-24 20:54 . 2011-07-24 20:54   --------   d-----w-   c:\programdata\NVIDIA Corporation
2011-07-24 20:53 . 2011-05-25 06:09   899688   ----a-w-   c:\windows\system32\nvdispco3220150.dll
2011-07-24 20:53 . 2011-05-25 06:09   865896   ----a-w-   c:\windows\system32\nvgenco322090.dll
2011-07-24 20:53 . 2011-05-25 06:09   57960   ----a-w-   c:\windows\system32\OpenCL.dll
2011-07-24 20:53 . 2011-05-25 06:09   16456296   ----a-w-   c:\windows\system32\nvoglv32.dll
2011-07-24 20:53 . 2011-05-25 06:09   10589800   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2011-07-24 20:53 . 2011-05-25 06:09   5301352   ----a-w-   c:\windows\system32\nvcuda.dll
2011-07-24 20:53 . 2011-05-25 06:09   2804328   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-07-24 20:53 . 2011-05-25 06:09   2335848   ----a-w-   c:\windows\system32\nvapi.dll
2011-07-24 20:53 . 2011-05-25 06:09   2082408   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-07-24 20:53 . 2011-05-25 06:09   13011560   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-07-24 20:53 . 2011-07-24 20:56   --------   d-----w-   c:\program files\NVIDIA Corporation
2011-07-24 20:50 . 2011-07-24 20:50   --------   d-----w-   C:\NVIDIA
2011-07-24 20:46 . 2011-07-24 20:46   --------   d-----w-   c:\program files\SystemRequirementsLab
2011-07-24 20:37 . 2011-07-24 20:37   --------   d-----w-   c:\programdata\PC Drivers HeadQuarters
2011-07-24 20:34 . 2011-07-24 20:56   --------   d--h--w-   c:\program files\InstallShield Installation Information
2011-07-24 20:33 . 2006-08-30 17:49   16496   ------w-   c:\windows\system32\drivers\NVXBAR.SYS
2011-07-24 20:32 . 2006-08-30 17:49   141582   ------w-   c:\windows\system32\drivers\NVCAP.SYS
2011-07-24 20:32 . 2006-08-30 17:49   29696   ------w-   c:\windows\system32\FILTER.AX
2011-07-24 20:31 . 2011-07-24 20:32   --------   d-----w-   c:\program files\Common Files\InstallShield
2011-07-24 19:15 . 2011-07-24 19:15   --------   d-----w-   c:\program files\Common Files\Java
2011-07-24 06:45 . 2011-07-24 06:45   388096   ----a-r-   c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 06:11 . 2011-07-24 06:11   --------   d-----w-   c:\users\Joel\AppData\Roaming\Malwarebytes
2011-07-24 06:09 . 2011-07-07 01:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 06:09 . 2011-07-24 06:09   --------   d-----w-   c:\programdata\Malwarebytes
2011-07-24 06:08 . 2011-07-07 01:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-23 21:30 . 2011-07-23 21:30   --------   d-----w-   c:\users\Joel\AppData\Roaming\SUPERAntiSpyware.com
2011-07-23 21:30 . 2011-07-23 21:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-23 21:14 . 2011-07-23 21:14   --------   d-----w-   c:\program files\CCleaner
2011-07-23 18:56 . 2011-07-23 21:14   --------   d-----w-   c:\programdata\OnlineArmor
2011-07-23 18:56 . 2011-07-23 18:56   --------   d-----w-   c:\users\Joel\AppData\Roaming\OnlineArmor
2011-07-23 18:52 . 2011-04-06 19:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-07-23 18:52 . 2011-04-06 19:01   29312   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-07-23 18:52 . 2011-04-06 19:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-07-23 18:52 . 2011-04-06 19:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-07-23 18:33 . 2011-07-23 18:33   --------   d-----w-   c:\programdata\Uniblue
2011-07-23 17:53 . 2011-07-23 17:53   --------   d-----w-   c:\program files\CPUID
2011-07-23 17:53 . 2010-11-09 21:35   21992   ----a-w-   c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-22 02:52 . 2011-07-22 02:52   --------   d-----w-   c:\users\Joel\AppData\Roaming\Uniblue
2011-07-22 02:52 . 2011-07-22 02:52   --------   d-----w-   c:\program files\Uniblue
2011-07-22 02:51 . 2011-07-23 18:32   --------   d-----w-   c:\users\Joel\AppData\Local\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51   --------   d-----w-   c:\users\Joel\AppData\Roaming\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51   --------   d-----w-   c:\program files\WinSCP
2011-07-14 22:19 . 2011-08-02 06:16   --------   d-----w-   c:\program files\Yontoo Layers Runtime
2011-07-13 03:09 . 2011-06-11 02:37   2332672   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 19:14 . 2010-12-02 02:49   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-28 03:00 . 2011-06-15 02:01   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-05-25 06:09 . 2009-06-10 21:19   11992680   ----a-w-   c:\windows\system32\nvd3dum.dll
2011-05-25 06:09 . 2011-07-24 20:53   12392   ----a-w-   c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 10:35 . 2011-06-29 23:27   294912   ----a-w-   c:\windows\system32\umpnpmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2010-11-14 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-07 22:03   194848   ----a-w-   c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"SpybotSD TeaTimer"="k:\computer restoration\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-03-30 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-10 3622184]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"@OnlineArmor GUI"="k:\computer restoration\Online Armor\oaui.exe" [2011-04-06 2477032]
"Malwarebytes' Anti-Malware"="k:\computer restoration\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - k:\programs\Program Files\MagicDisc\MagicDisc.exe [2007-5-8 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "k:\comput~1\ONLINE~1\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0aswBoot.exe /M:d580b26028a
.
R1 aswSP;aswSP;

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
R1 SASDIFSV;SASDIFSV;k:\computer restoration\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;k:\computer restoration\SASKUTIL.SYS

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 aswFsBlk;aswFsBlk;

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 MBAMService;MBAMService;k:\computer restoration\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 OAcat;Online Armor Helper Service;k:\computer restoration\Online Armor\OAcat.exe [2011-04-06 381512]
R2 SBSDWSCService;SBSD Security Center Service;k:\computer restoration\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;k:\computer restoration\Online Armor\oasrv.exe [2011-04-06 4326472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-04-06 29312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1343400]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-24 197224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-22 17:22]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Steam - k:\programs\Steam\Steam.exe
AddRemove-Magic ISO Maker v5.5 (build 0261) - k:\progra~1\MagicISO\UNWISE.EXE
AddRemove-MagicDisc 2.7.106 - k:\progra~1\MAGICD~1\UNWISE.EXE
AddRemove-Steam App 400 - k:\programs\Steam\steam.exe
AddRemove-Steam App 620 - k:\programs\Steam\steam.exe
AddRemove-Steam App 629 - k:\programs\Steam\steam.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - k:\computer restoration\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-04 18:20:07
ComboFix-quarantined-files.txt 2011-08-05 00:20
.
Pre-Run: 162,554,998,784 bytes free
Post-Run: 162,449,031,168 bytes free
.
- - End Of File - - DB65B44EBD27546F62D54842A3EAC6ED

SuperDave · « **Reply #16 on:** August 05, 2011, 05:35:25 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Folder::
c:\program files\Yontoo Layers Runtime

DirLook::
c:\windows\system32\sda
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

kamikaze33 · « **Reply #17 on:** August 05, 2011, 08:55:36 PM »

i still cannot disable avast. I am doing exactly what you are supposed to do. Initially it isnt even showing up in the system tray (i am running in safe mode), sop i open it, then minimize it to the tray, disable all shields (untill next restart), and try to run combofix. Avast is telling me the shields are disabled, but combofix continually says avast shields are still up and running.

kamikaze33 · « **Reply #18 on:** August 05, 2011, 08:58:38 PM »

EDIT:

Under Task Manager > Services, avast Web, Mail and Antivirus services are all showing up if that helps

kamikaze33 · « **Reply #19 on:** August 06, 2011, 12:33:52 PM »

heres the log i got while still having the problems with disabling avast

ComboFix 11-08-05.03 - Joel 08/05/2011 21:00:14.2.2 - x86 NETWORK
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2047.1446 [GMT -6:00]
Running from: k:\computer restoration\ComboFix.exe
Command switches used :: k:\computer restoration\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yontoo Layers Runtime
c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 03:06 . 2011-08-06 03:24   --------   d-----w-   c:\users\Joel\AppData\Local\temp
2011-08-03 00:07 . 2011-08-03 00:26   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-08-02 12:27 . 2011-08-02 12:27   --------   d-----w-   c:\program files\NirSoft
2011-08-02 12:24 . 2011-08-02 12:24   1606368   ----a-w-   c:\windows\system32\drivers\athw.sys
2011-08-02 10:28 . 2011-07-20 15:44   6881616   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EA13145-693C-41A8-A926-B051183C4FF8}\mpengine.dll
2011-07-25 22:37 . 2011-07-25 22:38   --------   d-----w-   c:\users\Joel\AppData\Local\Realtime Soft
2011-07-25 22:20 . 2011-07-25 22:20   --------   d-----w-   c:\users\Joel\AppData\Roaming\Realtime Soft
2011-07-25 22:19 . 2011-07-29 00:20   --------   d-----w-   c:\program files\UltraMon
2011-07-25 22:19 . 2011-07-25 22:19   --------   d-----w-   c:\programdata\Realtime Soft
2011-07-24 22:13 . 2011-07-24 22:13   --------   d-----w-   c:\windows\system32\sda
2011-07-24 22:13 . 2011-07-24 22:13   9888360   ----a-w-   c:\windows\system32\RtsUStoricon.dll
2011-07-24 22:12 . 2011-07-24 22:12   197224   ----a-w-   c:\windows\system32\drivers\RtsUStor.sys
2011-07-24 22:12 . 2011-07-24 22:12   313960   ----a-w-   c:\windows\system32\RtsUStor.dll
2011-07-24 22:08 . 2011-07-24 22:07   485920   ----a-w-   c:\windows\system32\nvuninst.exe
2011-07-24 22:07 . 2011-07-24 22:07   485920   ----a-w-   c:\windows\system32\nvunrm.exe
2011-07-24 22:07 . 2011-07-24 22:07   287392   ----a-w-   c:\windows\system32\drivers\nvmf6232.sys
2011-07-24 22:07 . 2011-07-24 22:07   898048   ----a-w-   c:\windows\system32\fdco2.dll
2011-07-24 22:07 . 2011-07-24 22:07   155648   ----a-w-   c:\windows\system32\nvconrm.dll
2011-07-24 21:26 . 2011-07-24 21:26   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 21:13 . 2011-07-24 21:13   --------   d-----w-   c:\programdata\UAB
2011-07-24 21:12 . 2011-07-24 21:12   --------   d-----w-   c:\users\Joel\AppData\Local\PC_Drivers_Headquarters
2011-07-24 20:55 . 2011-08-03 01:55   --------   d-----w-   c:\users\UpdatusUser
2011-07-24 20:55 . 2011-08-02 06:15   --------   d-----w-   c:\programdata\NVIDIA
2011-07-24 20:55 . 2011-05-25 06:09   66664   ----a-w-   c:\windows\system32\nvshext.dll
2011-07-24 20:55 . 2011-05-25 06:09   615528   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-07-24 20:55 . 2011-05-25 06:09   2557544   ----a-w-   c:\windows\system32\nvsvc.dll
2011-07-24 20:55 . 2011-05-25 06:09   111208   ----a-w-   c:\windows\system32\nvmctray.dll
2011-07-24 20:55 . 2011-05-25 06:09   3693672   ----a-w-   c:\windows\system32\nvcpl.dll
2011-07-24 20:55 . 2011-05-25 06:09   543336   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2011-07-24 20:54 . 2011-07-24 20:54   --------   d-----w-   c:\programdata\NVIDIA Corporation
2011-07-24 20:53 . 2011-05-25 06:09   899688   ----a-w-   c:\windows\system32\nvdispco3220150.dll
2011-07-24 20:53 . 2011-05-25 06:09   865896   ----a-w-   c:\windows\system32\nvgenco322090.dll
2011-07-24 20:53 . 2011-05-25 06:09   57960   ----a-w-   c:\windows\system32\OpenCL.dll
2011-07-24 20:53 . 2011-05-25 06:09   16456296   ----a-w-   c:\windows\system32\nvoglv32.dll
2011-07-24 20:53 . 2011-05-25 06:09   10589800   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2011-07-24 20:53 . 2011-05-25 06:09   5301352   ----a-w-   c:\windows\system32\nvcuda.dll
2011-07-24 20:53 . 2011-05-25 06:09   2804328   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-07-24 20:53 . 2011-05-25 06:09   2335848   ----a-w-   c:\windows\system32\nvapi.dll
2011-07-24 20:53 . 2011-05-25 06:09   2082408   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-07-24 20:53 . 2011-05-25 06:09   13011560   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-07-24 20:53 . 2011-07-24 20:56   --------   d-----w-   c:\program files\NVIDIA Corporation
2011-07-24 20:50 . 2011-07-24 20:50   --------   d-----w-   C:\NVIDIA
2011-07-24 20:46 . 2011-07-24 20:46   --------   d-----w-   c:\program files\SystemRequirementsLab
2011-07-24 20:37 . 2011-07-24 20:37   --------   d-----w-   c:\programdata\PC Drivers HeadQuarters
2011-07-24 20:34 . 2011-07-24 20:56   --------   d--h--w-   c:\program files\InstallShield Installation Information
2011-07-24 20:33 . 2006-08-30 17:49   16496   ------w-   c:\windows\system32\drivers\NVXBAR.SYS
2011-07-24 20:32 . 2006-08-30 17:49   141582   ------w-   c:\windows\system32\drivers\NVCAP.SYS
2011-07-24 20:32 . 2006-08-30 17:49   29696   ------w-   c:\windows\system32\FILTER.AX
2011-07-24 20:31 . 2011-07-24 20:32   --------   d-----w-   c:\program files\Common Files\InstallShield
2011-07-24 19:15 . 2011-07-24 19:15   --------   d-----w-   c:\program files\Common Files\Java
2011-07-24 06:45 . 2011-07-24 06:45   388096   ----a-r-   c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 06:11 . 2011-07-24 06:11   --------   d-----w-   c:\users\Joel\AppData\Roaming\Malwarebytes
2011-07-24 06:09 . 2011-07-07 01:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 06:09 . 2011-07-24 06:09   --------   d-----w-   c:\programdata\Malwarebytes
2011-07-24 06:08 . 2011-07-07 01:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-23 21:30 . 2011-07-23 21:30   --------   d-----w-   c:\users\Joel\AppData\Roaming\SUPERAntiSpyware.com
2011-07-23 21:30 . 2011-07-23 21:30   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-23 21:14 . 2011-07-23 21:14   --------   d-----w-   c:\program files\CCleaner
2011-07-23 18:56 . 2011-07-23 21:14   --------   d-----w-   c:\programdata\OnlineArmor
2011-07-23 18:56 . 2011-07-23 18:56   --------   d-----w-   c:\users\Joel\AppData\Roaming\OnlineArmor
2011-07-23 18:52 . 2011-04-06 19:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-07-23 18:52 . 2011-04-06 19:01   29312   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-07-23 18:52 . 2011-04-06 19:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-07-23 18:52 . 2011-04-06 19:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-07-23 18:33 . 2011-07-23 18:33   --------   d-----w-   c:\programdata\Uniblue
2011-07-23 17:53 . 2011-07-23 17:53   --------   d-----w-   c:\program files\CPUID
2011-07-23 17:53 . 2010-11-09 21:35   21992   ----a-w-   c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-22 02:52 . 2011-07-22 02:52   --------   d-----w-   c:\users\Joel\AppData\Roaming\Uniblue
2011-07-22 02:52 . 2011-07-22 02:52   --------   d-----w-   c:\program files\Uniblue
2011-07-22 02:51 . 2011-07-23 18:32   --------   d-----w-   c:\users\Joel\AppData\Local\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51   --------   d-----w-   c:\users\Joel\AppData\Roaming\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51   --------   d-----w-   c:\program files\WinSCP
2011-07-13 03:09 . 2011-06-11 02:37   2332672   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 19:14 . 2010-12-02 02:49   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-28 03:00 . 2011-06-15 02:01   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-05-25 06:09 . 2009-06-10 21:19   11992680   ----a-w-   c:\windows\system32\nvd3dum.dll
2011-05-25 06:09 . 2011-07-24 20:53   12392   ----a-w-   c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 10:35 . 2011-06-29 23:27   294912   ----a-w-   c:\windows\system32\umpnpmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\sda ----
.
2011-07-24 22:13 . 2011-07-24 22:13   75880   ----a-w-   c:\windows\system32\sda\SDRTCPRM.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"SpybotSD TeaTimer"="k:\computer restoration\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-03-30 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-10 3622184]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="k:\computer restoration\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - k:\programs\Program Files\MagicDisc\MagicDisc.exe [2007-5-8 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0aswBoot.exe /M:d580b26028a
.
R1 SASDIFSV;SASDIFSV;k:\computer restoration\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;k:\computer restoration\SASKUTIL.SYS

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;k:\computer restoration\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1343400]
S1 aswSP;aswSP;

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SBSDWSCService;SBSD Security Center Service;k:\computer restoration\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-04-06 29312]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-24 197224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-22 17:22]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4304)
c:\windows\system32\prnfldr.dll
c:\windows\system32\dxp.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\System32\wscinterop.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
k:\computer restoration\Online Armor\OAcat.exe
k:\computer restoration\Online Armor\oasrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
k:\computer restoration\Online Armor\oaui.exe
k:\computer restoration\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
k:\computer restoration\Online Armor\OADump.exe
.
**************************************************************************
.
Completion time: 2011-08-05 21:45:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 03:44
ComboFix2.txt 2011-08-05 00:20
.
Pre-Run: 162,532,835,328 bytes free
Post-Run: 162,204,516,352 bytes free
.
- - End Of File - - A14753E3C83777F172C62377BB54CF85

SuperDave · « **Reply #20 on:** August 06, 2011, 05:49:19 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\sda\SDRTCPRM.dll

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
***************************************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

kamikaze33 · « **Reply #21 on:** August 07, 2011, 12:36:08 PM »

Jotti

http://virusscan.jotti.org/en/scanresult/507f8203dc80563ebde2cd72e29805865217e2d2

kamikaze33 · « **Reply #22 on:** August 07, 2011, 12:51:38 PM »

from safemode, i was unable to:

-start Online Armor (or to even check if i could disable it for that matter).
-most likely disable avast again, i followed the instructions but like i mentioned above regardless of what i click it still appears to be running both antivirus and firewall functions
-i think my trial of MBAM has run out, i could not find how to disable it (if it was even running at all from safe mode to begin with)
-i could not run RootRepeal. when i go under REPORT and click SCAN i get the following error-dialogue boxes:
(when clicking RootRepeal.exe)>FOPS - DeviceIoControl Error! Error Code = 0xc0000024
Extended Info (0x00000124)
(after clicking SCAN)> Could not initialize driver! Please contact the author!
>Error dumping SSDT (0xc0000024)!
>Attempt to read from address: 0x00000004)
>DeviceIoControl Error! Error Code = 0x0

SuperDave · « **Reply #23 on:** August 07, 2011, 01:08:06 PM »

Sorry. I forgot this is a 64 bit machine. Please try this.

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

kamikaze33 · « **Reply #24 on:** August 07, 2011, 01:17:44 PM »

Rooter keeps crashing as well; Windows explorer is telling me the program has stopped working and prompts me to close it once i have clicked Scan.

At the top of the window where it says Rooter v1.0.2 it also says Os detected: [32_bits] Windows 7 if that helps

SuperDave · « **Reply #25 on:** August 07, 2011, 04:33:46 PM »

Ok. Let's try another one.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

kamikaze33 · « **Reply #26 on:** August 07, 2011, 09:45:40 PM »

Ok so when i try to create the log now, it says it failed to start because i need to run it as an administrator. When i rightclick it, and do that, i still get the same error message. Then when i click Scan it appears to have frozen (there is nothing appearing under that same screen that would otherwise indicate it is scanning anything) and it freezes up. Would it almost be worth it to try and run my computer normally despite the fact that it crashed within a half hour of the 20% of successful boots? Safemode doesnt seem to be doing me any favors really.

Here is the log as is:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #27 on:** August 08, 2011, 05:09:02 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

kamikaze33 · « **Reply #28 on:** August 10, 2011, 04:08:41 PM »

(scan is still running; entering 47th hour, >2,800,000 files scanned, 42 threats found so far...)

SuperDave · « **Reply #29 on:** August 10, 2011, 05:32:01 PM »

Whoa. That's way too long. Please abort it and try again. If it still doesn't work, please try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Computer Hope Forum

News:

Author Topic: adobe flash misbehaving (Read 33352 times)

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving

kamikaze33

Re: adobe flash misbehaving

SuperDave

Re: adobe flash misbehaving