Solve : Another PC with issues? – InterviewSolution

InterviewSolution

1.	Solve : Another PC with issues?
Answer» Here is the log from SysProt AntiRootkit, Also I changed the email address name's to "****" in the hidden files for PRIVACY. Thanks for ur time SD SysProt AntiRootkit v1.0.1.0 by swatkat ************************************************************************************** ************************************************************************************** No Hidden Processes found ************************************************************************************** ************************************************************************************** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys Service Name: --- Module Base: 950B5000 Module End: 9517C000 Hidden: Yes ************************************************************************************** ************************************************************************************** SSDT: Function Name: ZwAssignProcessToJobObject Address: 9B2E2A60 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwClose Address: 9B2C7BF0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwConnectPort Address: 9B2E4920 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateFile Address: 9B2C3F60 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateKey Address: 9B2CF090 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateProcess Address: 9B2DB2B0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateProcessEx Address: 9B2DBBB0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateSection Address: 9B2C2D10 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateSymbolicLinkObject Address: 9B2CEE40 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwCreateThread Address: 9B2D9D70 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwDebugActiveProcess Address: 9B2E7F30 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwDeleteFile Address: 9B2CDB20 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwDeleteKey Address: 9B2D0900 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwDeleteValueKey Address: 9B2D73A0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwLoadDriver Address: 9B2D8BB0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwMakeTemporaryObject Address: 9B2CE6B0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwOpenFile Address: 9B2C6C10 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwOpenKey Address: 9B2CFFC0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwOpenProcess Address: 9CB9D8AC Driver Base: 9CB9D000 Driver End: 9CB9E000 Driver Name: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Function Name: ZwOpenSection Address: 9B2C3580 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwOpenThread Address: 9B2DD060 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwProtectVirtualMemory Address: 9B2E3DA0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwQueryDirectoryFile Address: 9B2C88A0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwQueryKey Address: 9B2D2750 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwQueryValueKey Address: 9B2D2FA0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwQueueApcThread Address: 9B2E1ED0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwRenameKey Address: 9B2D6590 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwReplaceKey Address: 9B2D4500 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwRequestPort Address: 9B2E6A50 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwRequestWaitReplyPort Address: 9B2E6D70 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwRestoreKey Address: 9B2D5D20 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSaveKey Address: 9B2D4C80 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSaveKeyEx Address: 9B2D54D0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSecureConnectPort Address: 9B2E5480 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSetContextThread Address: 9B2E1440 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSetInformationDebugObject Address: 9B2E8520 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSetInformationFile Address: 9B2C9BF0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSetSystemInformation Address: 9B2D81C0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSetValueKey Address: 9B2D3820 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSuspendProcess Address: 9B2E0190 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSuspendThread Address: 9B2E0AC0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwSystemDebugControl Address: 9B2E7770 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwTerminateProcess Address: 9CB9D812 Driver Base: 9CB9D000 Driver End: 9CB9E000 Driver Name: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys Function Name: ZwTerminateThread Address: 9B2DF620 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwUnloadDriver Address: 9B2D9530 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys Function Name: ZwWriteVirtualMemory Address: 9B2E32B0 Driver Base: 9B2C2000 Driver End: 9B36D000 Driver Name: \??\C:\WINDOWS\system32\drivers\SandBox.sys ************************************************************************************** ************************************************************************************** No Kernel Hooks found ************************************************************************************** ************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\******hotmail.com\SharingMetadata\********hotmail.com\DFSR\Staging\CS{025273A8-5F7F-66CA-6740-B03C5958DC83}\01\12-{025273A8-5F7F-66CA-6740-B03C5958DC83} Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\*******siamza.com\SharingMetadata\********hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\01\10-{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}-v1-{5671 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\******siamza.com\SharingMetadata\*******hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\11\16-{567158A5-A894-4BBE-8A59-2A7F60455919}-v11-{567 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\*****siamza.com\SharingMetadata\*****hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\12\17-{567158A5-A894-4BBE-8A59-2A7F60455919}-v12-{567 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\****siamza.com\SharingMetadata\*******hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\13\18-{567158A5-A894-4BBE-8A59-2A7F60455919}-v13-{567 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\******siamza.com\SharingMetadata\*****hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\14\19-{567158A5-A894-4BBE-8A59-2A7F60455919}-v14-{567 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\******siamza.com\SharingMetadata\*****hotmail.com\DFSR\Staging\CS{55E7C13D-B5FF-CAEC-2DBE-8B36F31D3538}\15\20-{567158A5-A894-4BBE-8A59-2A7F60455919}-v15-{567 Status: Hidden Object: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\*****siamza.com\SharingMetadata\******hotmail.com\DFSR\Staging\CS{59E314BE-E5D3-122F-C1F0-A1163A0734A0}\01\21-{59E314BE-E5D3-122F-C1F0-A1163A0734A0}-v Status: Hidden How are things working on the computer now?Seems to be working just fine now. Programs install just fine now.. Net works as fast as it can for the strength it is. And all the sounds and everything is ok now too... I got AVG to update, it took a long time but it finally updated, Might just be the internet here in Thailand. They have a lot of "control" or restrictions here on their net, also the SPEED isnt THAT FAST, but it works good enough for what I need. So I think things are good now.. Anything else you want me to do? If not thanks a million for your time and help with everything SuperDave.. I really apprciate what you all do here on CH. Which is why I make the TEXT "glow" because I really appreciate it... Thanks again. Also, AVG PC Analyzer picked up all this and suggest's I download this AVG PC tune up program to fix it all. It found like 500+ Registry errors, 200 junk files, 40 broken short cuts and 31% fragmentation... http://www.avg.com/ww.pc-tuneup-fix-errors-appf10?A=Mkw0IEw9OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5NyBJPTc3LTQ3ODUwNzEzNyBMbmc9dXMgVj0xMDAxMTQ0IE9TVj01LjEuMjYwMCBPUz1XWFBQWDg2IFNTUD0yLjA&cmpid=inc_analyzer_fix Would you recommend I download the one day trial and use it, or maybe some other program to fix these issues?? Oh and I will run windows Defrag lol Thanks SuperDaveNO - do not use ANY registry cleaners or fixers. Just forget those "errors" - they are nothing.Please heed Allan's advice about Registry Cleaners. They are bad news. Let's do some cleanup. Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box. * Now type commy /uninstall in the runbox * Make sure there's a space between commy and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ******************************** 1.Double click OTM to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. When finished exit out of OTM. ****************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or TWO. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ******************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start** •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

Discussion

No Comment Found

Related InterviewSolutions