InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 201. |
Solve : computer freezes when trying to install anything and opening folders? |
|
Answer» i turned my com on the other day and now when trying to install anything from comodo firewall to well just everything i have downloaded it freezes my whole pc . i have tried downloading hijackthis to get an analyisist to post here for someone to look at but that too freezes my com and the only way to do anything is hold the power button to turn off and restart . even clicking start and trying to open folders such as documents downloads etc freeze my pc too ... does any one have a solution to this . i have tried system restore to when it worked ok but still the same issue . i use ccleaner once everynow and again and have restored that back to a date when i know everything was working . |
|
| 202. |
Solve : Trojan removal - Thx for your help? |
|
Answer» I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Hi SUPERDAVE! The last scan with ESET don't GIVE me the option you mentionned : "list of found threats" This is due I think that the scan end on a "no threat found" message. The log on the C: said : Quote [emailprotected] as CAB hook log:Just to be sure, let's try this one. Run the BitDefender Online scanner Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report. When the window comes up to save the report, change the Save as type: box to: Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save. This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us. Post the bdscan.txt file as an Attachment. Hi superDave! Are you sure of these steps ? Because I don't have the same options/steps you describe ... When I am on BitDefender online scanner, I clic on the big green button named "start scanner". A new tab open on firefox, opens a new web site "http://quickscan.bitdefender.com/en/" A new green button "free scan now" appears on this new web site. I clic on it and a download begin. Then the scan can begin. At the end of the scan I got " Your computer is not infected Share the power of the Bitdefender engines. Recommend us to your friends! View report" Here is the log that appears QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Mon Nov 28 22:20:12 2011 Machine ID: 104AD72C No infection found. ------------------- Processes --------- (unsigned) Spyware Terminator 4292 C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (verified) hpwuSchd Application 3788 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (verified) AntiVir Desktop 3736 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (verified) Crawler Toolbar 4992 C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe (verified) CyberLink MediaLibray Service 3584 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (verified) CyberLink PowerCinema 3568 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (verified) Firefox 5092 C:\Program Files\Mozilla Firefox\firefox.exe (verified) Firefox 452 C:\Program Files\Mozilla Firefox\plugin-container.exe (verified) Firefox 2424 C:\Program Files\Mozilla Firefox\plugin-container.exe (verified) Firefox 4476 C:\Program Files\Mozilla Firefox\plugin-container.exe (verified) Google Talk Plugin 4728 C:\Users\Cecile\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (verified) HP DVDSmart 3528 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (verified) HP MediaSmart 3640 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (verified) HP MediaSmart TV 3604 C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (verified) HP Quick Launch Buttons 3652 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (verified) HP Wireless Assistant 3672 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (verified) HP Wireless Assistant 1240 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (verified) HpqToaster Module 3484 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (verified) IDT PC Audio 3728 C:\Program Files\IDT\WDM\sttray.exe (verified) LightScribe 3912 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (verified) McAfee Security Scanner 4032 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (verified) Microsoft® Windows® Operating System 124 C:\Windows\ehome\ehmsas.exe (verified) Microsoft® Windows® Operating System 3980 C:\Windows\ehome\ehtray.exe (verified) Microsoft® Windows® Operating System 2472 C:\Windows\System32\conime.exe (verified) Synaptics Pointing Device Driver 3520 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (verified) Système d'exploitation Microsoft® Windo 2072 C:\Program Files\Internet Explorer\ieuser.exe (verified) Système d'exploitation Microsoft® Windo 2708 C:\Windows\explorer.exe (verified) Système d'exploitation Microsoft® Windo 2668 C:\Windows\System32\dwm.exe (verified) Système d'exploitation Microsoft® Windo 2736 C:\Windows\System32\taskeng.exe (verified) Windows® Internet Explorer 4712 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process iexplore.exe (4712) connected on port 80 (HTTP) --> 93.184.71.2 Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 74.125.39.17 Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 209.85.148.18 Process firefox.exe (5092) connected on port 80 (HTTP) --> 46.33.71.9 Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35 Process firefox.exe (5092) connected on port 80 (HTTP) --> 69.171.242.40 Process firefox.exe (5092) connected on port 443 (HTTP over SSL) --> 69.171.242.40 Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57 Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57 Process firefox.exe (5092) connected on port 80 (HTTP) --> 173.194.35.35 Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57 Process firefox.exe (5092) connected on port 80 (HTTP) --> 66.235.142.57 Process SpywareTerminatorUpdate.exe (4292) listens on PORTS: 6881 (BitTorrent) Autoruns and critical files --------------------------- (unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe (unsigned) Spyware Terminator C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (verified) hpwuSchd Application C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (verified) Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (verified) CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (verified) CyberLink PowerCinema C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (verified) Flash® Player Installer/Uninstaller C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe (verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\GoogleUpdate.exe (verified) HP DVDSmart C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (verified) HP MediaSmart C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (verified) HP MediaSmart TV C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (verified) HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (verified) HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (verified) HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (verified) IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe (verified) LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe (verified) SuperAntiSpyware c:\program files\superantispyware\sasseh.dll (verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\BROWSEUI.dll (verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\logon.scr (verified) Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe (verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll Browser plugins --------------- (unsigned) Crawler Toolbar C:\Program Files\Crawler\Toolbar\ctbr.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (unsigned) VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll (verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll (verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll (verified) BitDefender QuickScan C:\Users\Cecile\AppData\Roaming\Mozilla\Firefox\Profiles\wa878qin.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (verified) Google Talk Plugin C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (verified) Google Talk Plugin Video Accelerator C:\Users\Cecile\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll (verified) Google Update C:\Users\Cecile\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\jp2ssv.dll (verified) Java(TM) Platform SE 6 U20 C:\Program Files\Java\jre6\bin\ssv.dll (verified) Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA (verified) nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA (verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll (verified) Picasa C:\Program Files\GooglePicasa3\npPicasa3.dll (verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll (verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll (verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\mswsock.dll (verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\napinsp.dll (verified) Système d'exploitation Microsoft® Windo C:\Windows\system32\pnrpnsp.dll (verified) Unity Player C:\Users\Cecile\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (verified) Windows® Internet Explorer C:\Windows\system32\ieframe.dll Scan ---- MD5: e68590c6931d93cfe35df7a26197b983 C:\Program Files\Crawler\Toolbar\ctbcomm.dll MD5: b55c22e1b3f605828c9188b5251c6230 C:\Program Files\Crawler\Toolbar\ctbr.dll MD5: 8072585704b83f53aa7b2575b2267b53 c:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll MD5: 71221415676eb426775cb410ce9e9832 C:\Program Files\FileZilla FTP Client\fzshellext.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: fe957e471958ce98456d98a6122c54d2 c:\Program Files\Microsoft Silverlight\4.0.50401.0\agcore.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 8751001da5d5d9c9c8134ffab5e98f4c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe MD5: 480b8218cac947db5f32d126fae2bacd C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe MD5: 9aab7ebc99c559be4a6eca19428b49e5 C:\Program Files\Spyware Terminator\TorentDll.dll MD5: abb32a44090b77890f785153e41218de C:\Program Files\VideoLAN\VLC\npvlc.dll MD5: 8f05b0b868dad01371c06eb464f2e675 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MD5: b46192d9a0cb3072cb604a7691003cff C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MD5: 7aa5fdbddc4ed1810bda7ca55316bcc1 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll MD5: d02a01478be27a74c017262dd28abd72 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll MD5: 25bc19b5a84e52a6d669c874ed9a537c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MD5: 3359bb9ac44545c734d79f23557a3c33 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll MD5: d709af78422f6f0ef09cd0b79cfe743f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MD5: a9bb8332bef887a0f4adc3c88cc35bfc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MD5: 28a295aa6abd45f4557b6c00d0f8c5b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MD5: 8c70a2b884ffbbae50bbd21fb962a846 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MD5: 3b308420e61d1d218c2d6d6915756487 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll No file uploaded. Scan finished - communication took 0 sec Total traffic - 0.00 MB sent, 0.13 KB recvd Scanned 774 files and modules - 3 seconds ============================================================================== I really hope the process is ok... but I doubt since I don't find the different steps you mentionned. I wonder the website evolved ? Quote Are you sure of these steps ? Because I don't have the same options/steps you describe ...This is an older speech and the instructions will be dependant upon your OS. If there are no other issues, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
************************************************ Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the CLEANING process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. **************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thanks a lot for your help and your attention to my problem ! You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 203. |
Solve : Malware TR/spy.keylogger.qme Help!? |
|
Answer» Try POSTING a thread in the HARDWARE forum for the printer.ok thanks alot for all of your help! You have been GREAT ---Merry ChristmasYou're welcome. I will lock this thread. If you NEED it re-opened, PLEASE send me a pm. Happy Holidays. |
|
| 204. |
Solve : Malware or Virus possibly on my computer? |
|
Answer» Will I have to replace the CARD or is there a fix? QUOTE from: casey071 on DECEMBER 17, 2011, 11:53:59 AM Will I have to replace the card or is there a fix?Unfortunately, there's no fix for the card. See if you can borrow one from another computer.Does it have to be another LAPTOP? Does it matter what brand? Quote from: casey071 on December 17, 2011, 07:58:30 PM Does it have to be another laptop? Does it matter what brand?The brand doesn't matter much but it will have to be for a laptop. You could get more information in the hardware forum. |
|
| 205. |
Solve : Limited or No Connectivity...? |
|
Answer» Another computer in my house is having similar problems as the one fixed in the last thread I made. I believe it also stemmed from an infection, but I am not sure if it is directly related to the one that has been resolved. Regardless, the owner of the computer is uneasy and impatient because she has sensitive legal documents on the machine. because she has sensitive legal documents on the machine.I would suggest saving them to an external drive, memory stick or DVD's before it's too late. Quote That machine is also on Windows XP and cannot connect to the internet, but instead of saying "acquiring network address" (which it does say, but moves on from), it says "limited or no connectivity."How is it connected to the modem, wireless or wired? This computer is also connected via a wired connection. I'll also make that suggestion.Quote from: Mattardz on December 23, 2011, 02:19:01 PM This computer is also connected via a wired connection. I'll also make that suggestion.Please make sure that the connection is good. Could you try another laptop on the cable to make sure it's not defective?I plugged in a laptop to the same wire and can access the Internet without problem on that laptop. But still nothing on the problem computerPlease download MiniToolBox to Desktop and run it. Checkmark the following boxes:
Ran by karen (administrator) on 25-12-2011 at 10:37:56 Microsoft Windows XP Professional Service Pack 3 (X86) *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection" set address name="Local Area Connection" source=dhcp set dns name="Local Area Connection" source=dhcp register=PRIMARY set wins name="Local Area Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : telker-ae7a487a Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-30-67-73-81-4D Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.8.185 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host bleepingcomputer.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, AVERAGE = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 30 67 73 81 4d ...... Realtek PCIe GBE Family Controller =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 169.254.8.185 169.254.8.185 20 169.254.8.185 255.255.255.255 127.0.0.1 127.0.0.1 20 169.254.255.255 255.255.255.255 169.254.8.185 169.254.8.185 20 224.0.0.0 240.0.0.0 169.254.8.185 169.254.8.185 20 255.255.255.255 255.255.255.255 169.254.8.185 169.254.8.185 1 =========================================================================== Persistent Routes: None ========================= Event log errors: =============================== Application errors: ================== Error: (12/24/2011 01:27:10 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/24 13:27:10.500]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:26:36 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/24 13:26:36.000]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:26:01 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/24 13:26:01.484]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:25:26 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/24 13:25:26.984]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:24:52 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/24 13:24:52.468]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:12:58 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/23 21:12:58.968]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:12:24 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/23 21:12:24.453]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:11:49 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/23 21:11:49.953]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:11:15 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/23 21:11:15.437]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:10:40 PM) (Source: Brother BrLog) (User: ) Description: STI BrtSTI: [2011/12/23 21:10:40.937]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error System errors: ============= Error: (12/25/2011 09:19:17 AM) (Source: Windows Update Agent) (User: ) Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error: (12/25/2011 00:57:25 AM) (Source: Service Control Manager) (User: ) Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/21/2011 03:24:37 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.10.4 for the Network Card with network address 00306773814D has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message). Error: (12/18/2011 07:11:32 PM) (Source: DCOM) (User: SYSTEM) Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout. Error: (12/14/2011 06:51:52 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.10.4 for the Network Card with network address 00306773814D has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message). Error: (12/14/2011 06:37:22 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.10.3 for the Network Card with network address 00306773814D has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message). Microsoft Office Sessions: ========================= Error: (12/24/2011 01:27:10 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/24 13:27:10.500]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:26:36 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/24 13:26:36.000]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:26:01 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/24 13:26:01.484]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:25:26 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/24 13:25:26.984]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/24/2011 01:24:52 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/24 13:24:52.468]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:12:58 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/23 21:12:58.968]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:12:24 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/23 21:12:24.453]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:11:49 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/23 21:11:49.953]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:11:15 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/23 21:11:15.437]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error Error: (12/23/2011 09:10:40 PM) (Source: Brother BrLog)(User: ) Description: STIBrtSTI: [2011/12/23 21:10:40.937]: [00003640]: GetDeviceIpAddress: GetAddressByName [BRW0022581D286C] Error ========================= Memory info: =================================== Percentage of memory in use: 33% Total physical RAM: 3327.23 MB Available physical RAM: 2214.72 MB Total Pagefile: 5211.32 MB Available Pagefile: 3862.68 MB Total Virtual: 2047.88 MB Available Virtual: 1970.11 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:931.5 GB) (Free:893.69 GB) NTFS 3 Drive e: (MATT'S USB) (Removable) (Total:3.73 GB) (Free:1.57 GB) FAT32 ========================= Users: ======================================== User accounts for \\TELKER-AE7A487A Administrator ASPNET Gene Guest HelpAssistant karen SUPPORT_388945a0 **** End of log **** Quote Ping statistics for 127.0.0.1:According to the log, the signal is GOING through. Please download Farbar Service Scanner and run it on the computer with the issue.
Ran by karen (administrator) on 25-12-2011 at 23:04:01 Microsoft Windows XP Professional Service Pack 3 (X86) ******************************************************** Internet Services: ================= Connection Status: ================= Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable File Check: ========== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit **** End of log ****•Please download Dial-A-Fix from one of the following mirrors: Primary mirror Secondary mirror •Extract the zip file to your desktop. •Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click to continue. •Press the green double checkmark box (Looks like this: UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this: •Click on Go •Wait for Dial-A-Fix to finish (All the checks marks will be all gone) •Close Dial-A-Fix |
|
| 206. |
Solve : Win32 MB Rootkit from XP Antispyware Virus? |
|
Answer» Hi! Browsers still crashing, freezing and redirecting, unfortunately. =[[UPDATE: Okay I did download the new Java version (as mine was 6 Update 13) and followed the other directions. ^^Let's run a few more scans to see what turns up. |
|
| 207. |
Solve : Reinfection - trojan?? |
|
Answer» Please run another scan with ESET and post the log.So my MBR log looks clean. You think it's clean now? I'm typing it in correctly, have tried repeatedly. Have the space right, even copied and pasted from your instructions to make sure. Can't figure it out. Ok. I figured that it wouldn't work. Please do this. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you ******************************************** To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. Completed all. Downloaded the ComboFix uninstall program and ran, popup box said "Done!". Exe files still on desktop - is that okay? Qoobox folder and BackEnv folders were removed by the 'uninstall program'. I'm comfortable doing a manual removal if necessary. Other than that, computer is running great! Thanks for your help! CherylQuote from: cgeorge107 on December 31, 2011, 06:05:00 PM Completed all. Downloaded the ComboFix uninstall program and ran, popup box said "Done!". Exe files still on desktop - is that okay? Qoobox folder and BackEnv folders were removed by the 'uninstall program'.Hi Cheryl. You may manually remove them. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. Happy New Year |
|
| 208. |
Solve : Acquiring Network Address...? |
|
Answer» Download HostsXpert
Ran by Matt (administrator) on 21-12-2011 at 13:56:22 Microsoft Windows XP Professional Service Pack 3 (X86) ******************************************************** Internet Services: ================= Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Nsi Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open Nsi registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open Nsi registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open Nsi registry key. The service key does not exist. afd Service is not running. Checking service configuration: Checking Start type: Attention! Unable to retrieve start type of afd. The value does not exist. Checking ImagePath: Attention! Unable to retrieve ImagePath of afd. The value does not exist. Connection Status: ================= Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable File Check: ========== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit **** End of log ****Following steps involve registry editing. Please create new restore point before proceeding!!! How to: XP - Create new Restore Point Vista and Seven - Create a new Restore Point Download XP.zip file from here: XP.zip Unzip the file. You'll find six files inside. Right click on afd.reg file, click "Merge". Allow registry merge. Restart computer and see if internet works. If not ask please post fresh Farbar Service Scanner log.I'm elated to tell you that making those changes did the trick. I am sending this message to you from my previously infected machine. I'm not sure if you are going to have me run more scans or not, but either way I was wondering what your advice is on which firewall/AV/anti-malware/spyware programs to have on my computer. After I had the problems last time, I went a little protection crazy and downloaded a bunch of programs. They don't all necessarily run at the same time and haven't caused me problems, per say, but they bog down my start up time pretty heavily. Not to mention they didn't stop my computer from getting infected. The cumulative list of protection programs I have on my computer are as follows. Malwarebytes Anti-Malware SpywareBlaster SpywareGuard HijackThis SUPERAntiSpyware Spybot - Search & Destroy ZoneAlarm Avira I wouldn't be against getting rid of any or all of these and swapping them out for long term alternatives. I'll take whatever your suggestions are. Thanks That is good news. Now that you're back on-line could you please check that file at Jotti's (Reply #9) and post the results. I would still like to know if it's dangerous or not. Quote Malwarebytes Anti-MalwareNot a full-time scanner unless you have the paid version and you can configure it to not load at startup. Quote SpywareBlasterThese are full-time scanners. Quote HijackThisYou can get rid of this one. It's no longer useful. Quote ZoneAlarmThis is your firewall. Quote AviraThis is your anti-virus program. It's a good one but I prefer MicroSoft Security Essentials.http://virusscan.jotti.org/en/scanresult/ec1f422ff0fa69c31dc2cc1d021d92e5da4993b1/e3ed183dabdb0fd319810bc2f2c25f752740e5fb SysProt Antirootkit Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors). http://sites.google.com/site/sysprotantirootkit/ Unzip it into a folder on your desktop.
I'm going to consult a colleague about this problem.SuperDave you are so humble! I really have a lot of respect for you, and because you helped me on many problems! (Thank's for the other experts also! ) |
|
| 209. |
Solve : combofix report help? |
|
Answer» C:\Users\pc\Downloads\imf-setup.exea variant of Win32/Toolbar.Widgi applicationdeleted - quarantined E:\Users\Raper\Downloads\imf-setup.exea variant of Win32/Toolbar.Widgi applicationdeleted - quarantined Ran Scan with INTERNET explorer.I think i downloaded IMF-setup.exe from http://download.cnet.com so not sure how thats infected.How's your COMPUTER running now? Any other issues? |
|
| 210. |
Solve : Trojans cleaned, modified windows.? |
|
Answer» Still scanning, but it looks like it picked up 2 trojans in Java.Quote C:\ProgramData\YouTube Downloader\ytd_installer.exea variant of Win32/Toolbar.Widgi applicationdeleted - quarantined I deleted the offending program, cleared out the Java cache, and updated Java.Great. If there are no other issues we can do some cleanup. Delete the Combo-Fix.exe file, c:\users\Sal\Downloads\Combo-Fix folder, c:\users\Sal\Downloads\QooBox folder, C:\WINDOWS\nircmd.exe, c:\users\Sal\Downloads:\combo-fix.txt and c:\users\Sal\Downloads\Combo-Fix-quarantined-files.txt You may have a problem deleting one of the folders. In that case, just empty the folder of whatever files you can and leave it. *************************************************** To set a new Restore Point. Click Start button , click Control Panel, click SYSTEM and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ******************************************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and CHOOSE Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, EXECUTION time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your COMPUTER. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ****************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your BROWSER. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 211. |
Solve : need someone to read logs- completed all steps on virus removal.? |
|
Answer» I just want to verify my pc is clean and I want to be able to download service pack 3. i have a dell xps 400 with windows xp.
Both of these need to be uninstalled.
--------- You are missing the other log from DDS but I'm going to take a guess and SAY it isn't needed and your computer is clean.Quote from: evilfantasy on January 09, 2012, 08:55:41 PM Multiple antivirus warning! thanks- i downloaded the comodo firewall per this site malware removal process. it said to disable the windows firewall. maybe i'm confused i thought this was different than avg. i see i have 2011 and 2012. i will delete themAlso, I'm not showing the avg 2011 on my add/remove/uninstall screen. i went ahead and uninstalled the avg2012 and going to reboot. perhaps that will clear both COMODO Internet Security is installed. That includes a Firewall, Antivirus and Antimalware. Personally I would uninstall all of them and use MSE, Avast or AntiVir. (choose only one) But you can just keep the COMODO Suite also. For the Firewall: http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html But if you do not do a lot of online banking or shopping the Windows XP firewall should do just fine. Quote from: geeray on January 09, 2012, 09:06:59 PM Also, I'm not showing the avg 2011 on my add/remove/uninstall screen. i went ahead and uninstalled the avg2012 and going to reboot. perhaps that will clear both Hopefully it will remove both. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/6/2012 9:04:06 AM System Uptime: 1/9/2012 11:10:06 PM (0 hours ago) . Motherboard: Dell Inc. | | 0FJ030 Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 228 GiB total, 170.555 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Linksys WMP110 RangePlus Wireless PCI Adapter Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0 Manufacturer: Linksys, A Division of Cisco Systems, Inc. Name: Linksys WMP110 RangePlus Wireless PCI Adapter PNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0 Service: WMP110 . ==== System Restore Points =================== . RP1: 1/6/2012 9:15:55 AM - System Checkpoint RP2: 1/6/2012 10:15:25 AM - Software Distribution Service 3.0 RP3: 1/6/2012 10:43:41 AM - Printer Driver PrimoPDF Installed RP4: 1/6/2012 2:53:56 PM - Software Distribution Service 3.0 RP5: 1/6/2012 3:46:14 PM - Removed Adobe Reader 9.4.6. RP6: 1/6/2012 3:46:42 PM - Installed Adobe Reader X (10.1.1). RP7: 1/6/2012 3:51:14 PM - Software Distribution Service 3.0 RP8: 1/7/2012 3:14:19 AM - Software Distribution Service 3.0 RP9: 1/7/2012 11:19:04 AM - Software Distribution Service 3.0 RP10: 1/8/2012 11:19:36 AM - System Checkpoint RP11: 1/9/2012 3:00:16 AM - Software Distribution Service 3.0 RP12: 1/9/2012 8:31:27 AM - Software Distribution Service 3.0 RP13: 1/9/2012 9:07:29 AM - Software Distribution Service 3.0 RP14: 1/9/2012 9:33:49 AM - Removed Napster RP15: 1/9/2012 9:38:05 PM - Software Distribution Service 3.0 RP16: 1/9/2012 11:06:56 PM - Removed AVG 2012 RP17: 1/9/2012 11:09:16 PM - Removed AVG 2012 . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 4500_Help Acrobat.com Adaptec UDF Reader Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) Adobe Shockwave Player 11.6 AdvancedEnhancer Any Video Converter 2.1.1 AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver AVG 2011 AVG 2012 Bonjour BPD_HPSU bpd_scan BPDSoftware BPDSoftware_Ini BufferChm CCleaner Comodo Dragon COMODO GeekBuddy COMODO Internet Security CustomerResearchQFolder Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Support Center Dell System Restore DellSupport Destination Component DeviceDiscovery DeviceManagementQFolder Digital Content Portal DocMgr DocProc DocProcQFolder Documentation & Support Launcher DVD Shrink 3.2 DVDFab 7.0.8.2 (17/07/2010) DVDFab Decrypter 3.0.5.0 DVDVideoSoftTB Toolbar EarthLink setup files EducateU ELIcon eSupportQFolder FastStone Image Viewer 2.8 Fax Free Audio CD Burner version 1.4 Free YouTube to MP3 Converter version 3.9 Games, Music, & Photos Launcher GemMaster Mystic Get High Speed Internet! Google Chrome Google Toolbar for Internet Explorer GPBaseService GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) HP Customer Participation Program 10.0 HP Document Manager 1.0 HP Imaging Device Functions 10.0 HP Officejet J4500 Series HP Photosmart Essential 2.5 HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update HPProductAssistant HPSSupply Intel Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections Intel(R) Quick Resume Technology Drivers Intel® Viiv™ Internet Service Offers Launcher J4500 Java Auto Updater Java(TM) 6 Update 30 Juniper Networks Setup Client Learn2 Player (Uninstall Only) Linksys WMP110 RangePlus Wireless PCI Adapter Malwarebytes Anti-Malware version 1.60.0.1800 MarketResearch McAfee SiteAdvisor MCU Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Networks Media Player for Internet Explorer Mozilla Firefox (3.6.18) MSN MSVCSetup MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Musicmatch for Windows Media Player Musicmatch® Jukebox MySpaceIM Napster Burn Engine NetZeroInstallers OCR Software by I.R.I.S. 10.0 Otto PdaNet for Android 3.02 PrimoPDF -- brought to you by Nitro PDF Software ProductContext PSSWCORE QuickTime RealPlayer RealUpgrade 1.1 Rhapsody Player Engine Samsung Simple Upgrade Tool for SCH-I500 EH09 SAMSUNG USB Driver for Mobile Phones Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB973540) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981350) Security Update for Windows XP (KB982381) Shop for HP Supplies Skype Toolbars Skype™ 4.2 Smart Link 56K Voice Modem SmartWebPrinting SolutionCenter Sonic Activation Module Sonic Encoders Sonic Update Manager Status SUPERAntiSpyware Free Edition swMSM Toolbox TrayApp U.S. Robotics V.92 PCI Faxmodem Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Outlook 2007 Junk Email Filter (KB2596560) Update for Windows XP (KB925720) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant VideoToolkit01 WebCyberCoach 3.2 Dell WebFldrs XP WebReg WildBlue Optimizer Ver 2008-05-01 Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB912067 WordPerfect Office 12 YouTube Downloader 3.2 . ==== Event Viewer Messages From Past Week ======== . 1/6/2012 9:15:02 AM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared. 1/6/2012 9:11:29 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 1/6/2012 9:09:05 AM, error: Application Popup [876] - Driver UdfReadr.SYS has been blocked from loading. 1/6/2012 9:07:35 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. 1/6/2012 8:56:35 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. . 1/6/2012 8:56:35 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 1/6/2012 8:51:00 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} 1/6/2012 2:57:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f070: Microsoft .NET Framework 1.0 Service Pack 3 Security Update for Windows XP Tablet PC and Media Center (KB953295). 1/6/2012 2:57:34 PM, error: NtServicePack [4379] - Windows XP Hotfix KB953295 installation failed. KB953295 installation did not complete. . ==== End Of File =========================== . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30 Run by Gary Hamlett at 23:16:17 on 2012-01-09 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.440 [GMT -5:00] . FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Linksys\WMP110\gtwpssrv.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Linksys\WMP110\WLSngS.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\QuickTime\QTTask.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\Gary Hamlett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gary Hamlett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gary Hamlett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gary Hamlett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Gary Hamlett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uStart Page = hxxp://www.facebook.com/ mDefault_Page_URL = hxxp://www.dell.com mSearch Page = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "c:\documents and settings\gary hamlett\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [WMP110] c:\program files\linksys\wmp110\WMP110.exe mRun: [hpqSRMon] mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\garyha~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\garyha~1\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\documents and settings\gary hamlett\application data\dvdvideosoftiehelpers\youtubetomp3.htm IE: SAVE YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325862394287 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab TCP: DhcpNameServer = 192.168.9.1 TCP: Interfaces\{4401351D-CF8D-4F8A-BA01-E5BD9E629491} : DhcpNameServer = 192.168.9.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\windows\system32\guard32.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Authentication Packages = msv1_0 nwprovau Hosts: 127.0.0.1www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko6.dll FF - component: c:\documents and settings\gary hamlett\application data\mozilla\firefox\profiles\yd6w8dcv.default\extensions\[emailprotected]\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\gary hamlett\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Conduit Engine : [emailprotected] - %profile%\extensions\[emailprotected] FF - Ext: Java Quick Starter: [emailprotected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4 . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-4-13 116608] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584] R2 GTWPSService;GTWPSSRV;c:\program files\linksys\wmp110\gtwpssrv.exe [2009-1-1 34816] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-16 210216] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 WLSng Service;WLSng Service;c:\program files\linksys\wmp110\WLSngS.exe [2009-1-1 233472] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-12-5 30312] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-1-1 57344] R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-2 13312] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-12-5 96488] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-12-5 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-12-5 121576] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\linksys\wmp110\jswpsapi.exe [2009-1-1 352338] S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2011-8-2 9472] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\WMP110.sys [2009-1-1 1299520] . =============== Created Last 30 ================ . 2012-01-10 03:19:31--------d--h--w-c:\windows\PIF 2012-01-10 02:50:0920464----a-w-c:\windows\system32\drivers\mbam.sys 2012-01-10 02:50:09--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2012-01-09 14:45:07--------d-----w-c:\program files\CCleaner 2012-01-09 14:05:29--------d-----w-c:\documents and settings\all users\application data\CPA_VA 2012-01-09 13:58:14--------d-----w-c:\documents and settings\all users\application data\Comodo 2012-01-09 13:57:39--------d-----w-c:\program files\Comodo 2012-01-09 13:57:361700352----a-w-c:\windows\system32\gdiplus.dll 2012-01-07 16:31:0652224-c----w-c:\windows\system32\dllcache\msfeedsbs.dll 2012-01-07 16:31:06459264-c----w-c:\windows\system32\dllcache\msfeeds.dll 2012-01-07 16:31:04268288-c----w-c:\windows\system32\dllcache\iertutil.dll 2012-01-07 16:31:0413824-c----w-c:\windows\system32\dllcache\ieudinit.exe 2012-01-07 16:31:016067200-c----w-c:\windows\system32\dllcache\ieframe.dll 2012-01-07 16:31:0063488-c----w-c:\windows\system32\dllcache\icardie.dll 2012-01-07 16:31:00380928-c----w-c:\windows\system32\dllcache\ieapfltr.dll 2012-01-07 16:31:002452872-c----w-c:\windows\system32\dllcache\ieapfltr.dat 2012-01-07 14:16:22--------d-----w-c:\documents and settings\gary hamlett\local settings\application data\Temp 2012-01-07 02:48:49--------d-sh--w-C:\found.002 2012-01-06 21:09:13--------d-----w-c:\program files\MSXML 6.0 2012-01-06 16:02:06--------d-----w-c:\windows\system32\CatRoot_bak 2012-01-06 15:50:46272128-c----w-c:\windows\system32\dllcache\bthport.sys 2012-01-06 15:49:18454016-c----w-c:\windows\system32\dllcache\mrxsmb.sys 2012-01-06 15:47:342143744-c----w-c:\windows\system32\dllcache\ntkrnlmp.exe 2012-01-06 15:47:312186880-c----w-c:\windows\system32\dllcache\ntoskrnl.exe 2012-01-06 15:47:282021888-c----w-c:\windows\system32\dllcache\ntkrpamp.exe 2012-01-06 15:47:212063744-c----w-c:\windows\system32\dllcache\ntkrnlpa.exe 2012-01-06 14:04:0273728-c--a-w-c:\windows\system32\dllcache\ehresja.dll 2012-01-06 14:04:0269632-c--a-w-c:\windows\system32\dllcache\ehresko.dll 2012-01-06 14:04:0169632-c--a-w-c:\windows\system32\dllcache\ehresfr.dll 2012-01-06 14:04:0169632-c--a-w-c:\windows\system32\dllcache\ehresde.dll 2012-01-06 14:02:5176288-c--a-w-c:\windows\system32\dllcache\uniime.dll 2012-01-06 14:01:5620736-c--a-w-c:\windows\system32\dllcache\ramdisk.sys 2012-01-06 14:00:537680-c--a-w-c:\windows\system32\dllcache\migregdb.exe 2012-01-06 13:59:5913463552-c--a-w-c:\windows\system32\dllcache\hwxjpn.dll 2012-01-06 13:58:5754528-c--a-w-c:\windows\system32\dllcache\cap7146.sys 2012-01-06 13:57:595632-c--a-w-c:\windows\system32\dllcache\iisrstap.dll 2012-01-06 13:53:1716384-c--a-w-c:\windows\system32\dllcache\isignup.exe 2012-01-06 13:53:1716384----a-w-c:\program files\internet explorer\connection wizard\isignup.exe 2012-01-06 13:50:28--------d-----w-c:\windows\system32\wbem\repository\FS 2012-01-06 13:50:28--------d-----w-c:\windows\system32\wbem\Repository 2012-01-06 13:31:3524661-c--a-w-c:\windows\system32\dllcache\spxcoins.dll 2012-01-06 13:31:3524661----a-w-c:\windows\system32\spxcoins.dll 2012-01-06 13:31:3513312-c--a-w-c:\windows\system32\dllcache\irclass.dll 2012-01-06 13:31:3513312----a-w-c:\windows\system32\irclass.dll 2012-01-06 13:31:1722339----a-r-c:\windows\SET1A7.tmp 2012-01-06 13:31:1710559----a-r-c:\windows\SET1A8.tmp 2012-01-06 13:31:1213753----a-r-c:\windows\SET164.tmp 2012-01-06 13:31:091086058----a-r-c:\windows\SET158.tmp 2012-01-06 13:31:08106147----a-r-c:\windows\SET155.tmp 2012-01-06 08:17:47--------d-----w-c:\windows\dell 2011-12-19 23:59:22494816----a-w-c:\windows\system32\drivers\cmdGuard.sys 2011-12-19 23:59:2231704----a-w-c:\windows\system32\drivers\cmdhlp.sys 2011-12-19 23:59:2018056----a-w-c:\windows\system32\drivers\cmderd.sys 2011-12-19 23:58:5833984----a-w-c:\windows\system32\cmdcsr.dll 2011-12-19 23:58:56301224----a-w-c:\windows\system32\guard32.dll . ==================== Find3M ==================== . 2011-11-10 10:54:13472808----a-w-c:\windows\system32\deployJava1.dll 2011-11-10 08:27:1073728----a-w-c:\windows\system32\javacpl.cpl . ============= FINISH: 23:17:58.70 =============== i removed the avg 2012 and when i rebooted as it requested, it was still in the add/remove section. i clicked remove again and it said it was already uninstalled and to "click ok" to remove it from add/remove list. running a new dds scan nowOkay- the avg 2012 went away. The avg 2011 still shows up in the logs from dds. It does not show up on the add/remove programs anywhereLook in c:\program files\avg Open the folder and see if there is an uninstaller in there. You can also run this. http://www.avg.com/us-en/utilities AVG Remover(32bit) 2012 (avg_remover_stf_x86_2012_1796.exe)okay cleared the avg from showing up. i ran hijack this log and checked it on the free tools it says i do not have a antivirus. you stated the comodo was a anti virus....? i'm confused now on that part. Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Unzip SecurityCheck.zip and a folder named Security Check should appear. * Open the Security Check folder and double-click Security Check.bat * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. |
|
| 212. |
Solve : Help i dont know what it is? |
|
Answer» OK so i bought this inspiron 530 for 30 dollers well i soon started to notice CPU spikes and it seem they are getting worse i have formated and put a fresh COPY of widnows 7 64 bit ultimate on it the first time then the second time around i have tried 7 home premium 32 bit it stilldoes these spikes some times it will jump to 100% and stay there for about 3 minutes and some times it will just be for a second. also (SOMETIMES) it seems when i open task manager it drops down to normal pcu USAGE do you THINK this could be a hardware problem the original windows that was on it was vista it even does it rite after the fresh install any THING might help im stumped Did you do this? To wipe the drive clean, reformat and reinstall the OS. |
|
| 213. |
Solve : I downloaded something I should not have.? |
|
Answer» I have an external hd that I keep music on. I decided to scan it with Malwarebytes and SAS and found stuff on it. I used Flashget to download music onto it. I normally don't have it plugged into my computer. Only when I listen to or download music.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. I just scanneded everything drive that showed up with SAS and Malwarebytes. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/21/2012 at 02:50 PM Application Version : 5.0.1142 Core Rules Database Version : 8153 Trace Rules Database Version: 5965 Scan type : Complete Scan Total Scan Time : 00:52:22 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 573 Memory threats detected : 0 Registry items scanned : 20167 Registry threats detected : 0 File items scanned : 118744 File threats detected : 6 Adware.Tracking Cookie C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZS05I6MG.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z7ZZF1KE.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UKYYUZ7U.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5MAMGBY.txt [ Cookie:[emailprotected]/ ] C:\USERS\SUPERDUPERUSERONE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OF3NTN2K.txt [ Cookie:[emailprotected]/ ] ia.media-imdb.com [ C:\USERS\SUPERDUPERUSERONE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7966WRRD ] Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.21.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 SuperDuperUserOne :: SUPERDUPERUS-PC [administrator] 1/21/2012 2:59:50 PM mbam-log-2012-01-21 (14-59-50).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 286103 Time elapsed: 51 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Two versions of Trend Micro Titanium has something called Windows Firewall Booster. Perhaps that the reason why you can't turn on the Windows Firewall. * Go to Start > Run and type mrt.exe then press Enter on the keyboard). * (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard. * Click Next. * Choose Full Scan and click Next. * Once the scan is finished click View detailed results of the scan. Look through the list and let me know if anything was found infected. **************************************************** Go to Microsoft Windows Update and get all critical updates.I didn't check on firewall booster and mrt.exe didn't find anything. I did try and do updates and get these messages. Pay attention to the dates. The last check was 1/12. And this is with me trying to install updates from today. After I try to install updates and fail I check to see if new updates are available. And what about the locked file and infected file from this report? 07:00:04.469 Service scanning 07:00:05.578 Service .smb \* **LOCKED** 123 07:00:09.012 Modules scanning 07:00:21.091 Disk 0 trace - called modules: 07:00:21.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys 07:00:21.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854ffa40] 07:00:21.606 3 CLASSPNP.SYS[8a3a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x852dc660] 07:00:22.936 AVAST engine scan C:\Windows 07:00:33.610 AVAST engine scan C:\Windows\system32 07:01:45.555 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj] 07:03:52.329 AVAST engine scan C:\Windows\system32\drivers 07:04:16.270 AVAST engine scan C:\Users\SuperDuperUserOne 07:06 Did we delete the jureg.exe file? I'll look and see what I can find out about the firewall booster.Quote C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]Jotti says that file is clean. Do you have your OS disk? Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply.This is what I understand. I have an HP computer. My disks are installed on the hard drive. When I ran sfc it did fix something but I never had to use a separate CD. When I restored my computer, again, I didn't have to insert a CD. That's the way I understand it. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows Vista Home Premium Edition Windows Information:Service Pack 2 (build 6002), 32-bit Base Board Manufacturer:Intel Corporation BIOS Manufacturer:Intel Corp. System Manufacturer: System Product Name: Logical Drives Mask:0x0000001c Kernel Drivers (total 143): 0x8201E000 \SystemRoot\system32\ntkrnlpa.exe 0x823D8000 \SystemRoot\system32\hal.dll 0x80401000 \SystemRoot\system32\kdcom.dll 0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80478000 \SystemRoot\system32\PSHED.dll 0x80489000 \SystemRoot\system32\BOOTVID.dll 0x80491000 \SystemRoot\system32\CLFS.SYS 0x804D2000 \SystemRoot\system32\CI.dll 0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80692000 \SystemRoot\system32\drivers\acpi.sys 0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E9000 \SystemRoot\system32\drivers\pci.sys 0x80710000 \SystemRoot\System32\drivers\partmgr.sys 0x8071F000 \SystemRoot\system32\drivers\volmgr.sys 0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys 0x80778000 \SystemRoot\system32\drivers\pciide.sys 0x8077F000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys 0x8079D000 \SystemRoot\system32\drivers\atapi.sys 0x807A5000 \SystemRoot\system32\drivers\ataport.SYS 0x807C3000 \SystemRoot\system32\drivers\fltmgr.sys 0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys 0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82680000 \SystemRoot\system32\drivers\ndis.sys 0x8278B000 \SystemRoot\system32\drivers\msrpc.sys 0x827B6000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A00E000 \SystemRoot\System32\drivers\tcpip.sys 0x8A0F8000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8A202000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A312000 \SystemRoot\system32\drivers\volsnap.sys 0x8A34B000 \SystemRoot\System32\Drivers\spldr.sys 0x8A353000 \SystemRoot\System32\Drivers\mup.sys 0x8A362000 \SystemRoot\System32\drivers\ecache.sys 0x8A389000 \SystemRoot\system32\drivers\disk.sys 0x8A39A000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A3BB000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A3E4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A3EF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8DC00000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8E520000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E5C0000 \SystemRoot\System32\drivers\watchdog.sys 0x8E5CC000 \SystemRoot\system32\DRIVERS\HECI.sys 0x8E5D6000 \SystemRoot\system32\DRIVERS\serial.sys 0x8E5F0000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8A113000 \SystemRoot\system32\DRIVERS\e1q6032.sys 0x8A13A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8A145000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A183000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E60E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E69B000 \SystemRoot\system32\drivers\AVer88xHD.sys 0x8E70C000 \SystemRoot\system32\drivers\ks.sys 0x8E736000 \SystemRoot\system32\drivers\BdaSup.SYS 0x8E739000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E751000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8E757000 \SystemRoot\system32\drivers\tpm.sys 0x8E765000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8E774000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8E7A3000 \SystemRoot\system32\DRIVERS\storport.sys 0x8E7E4000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8A192000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8E7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8A1A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8A1CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8A1DB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x805C2000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8A1EF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E600000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8A000000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E60B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x827F1000 \SystemRoot\system32\DRIVERS\circlass.sys 0x82600000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x805D7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8EC07000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8EC3C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EC4D000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x8ECB0000 \SystemRoot\system32\drivers\portcls.sys 0x8ECDD000 \SystemRoot\system32\drivers\drmk.sys 0x8ED02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8ED0B000 \SystemRoot\System32\Drivers\Null.SYS 0x8ED12000 \SystemRoot\System32\Drivers\Beep.SYS 0x8ED35000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8ED3C000 \SystemRoot\System32\drivers\vga.sys 0x8ED48000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8ED69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8ED71000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8ED79000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8ED84000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8ED92000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8ED9B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8EDB1000 \SystemRoot\system32\drivers\afd.sys 0x8F407000 \SystemRoot\system32\drivers\netbt.sys 0x8F439000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8F442000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F458000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F466000 \SystemRoot\system32\DRIVERS\tmcomm.sys 0x8F49D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x8F4C3000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys 0x8F4D8000 \SystemRoot\system32\DRIVERS\tmactmon.sys 0x8F4F4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F507000 \SystemRoot\system32\DRIVERS\tmtdi.sys 0x8F51C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x8F53E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8F544000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F580000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F58A000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F5A1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F5AE000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F5B9000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96810000 \SystemRoot\System32\win32k.sys 0x8F5C1000 \SystemRoot\System32\drivers\Dxapi.sys 0x8F5CB000 \SystemRoot\system32\DRIVERS\usbcir.sys 0x8F5E1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8F5E3000 \SystemRoot\system32\DRIVERS\hidir.sys 0x8F5EE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8ED19000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8ED22000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8A3C4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x8A3D3000 \SystemRoot\System32\Drivers\usbaapl.sys 0x8ED2A000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x96A30000 \SystemRoot\System32\TSDDD.dll 0x96A50000 \SystemRoot\System32\cdd.dll 0x805E4000 \SystemRoot\system32\drivers\luafv.sys 0xAAE0A000 \SystemRoot\system32\drivers\spsys.sys 0xAAEBA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xAAECA000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xAAEDD000 \SystemRoot\system32\drivers\HTTP.sys 0xAAF4A000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAAF67000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAAF80000 \SystemRoot\system32\drivers\mrxdav.sys 0xAAFA1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAAFC0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAB003000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAB01B000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAB043000 \SystemRoot\System32\DRIVERS\srv.sys 0xAB092000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xAB09B000 \SystemRoot\system32\drivers\peauth.sys 0xAB179000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAB183000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAB18F000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xAB1A5000 \SystemRoot\system32\drivers\MSPQM.sys 0x76F70000 \WINDOWS\System32\ntdll.dll Processes (total 58): 0 System Idle Process 4 System 492 C:\WINDOWS\System32\smss.exe 560 csrss.exe 604 C:\WINDOWS\System32\wininit.exe 612 csrss.exe 648 C:\WINDOWS\System32\services.exe 660 C:\WINDOWS\System32\lsass.exe 668 C:\WINDOWS\System32\lsm.exe 828 C:\WINDOWS\System32\winlogon.exe 848 C:\WINDOWS\System32\svchost.exe 908 C:\WINDOWS\System32\svchost.exe 980 C:\WINDOWS\System32\svchost.exe 1008 C:\WINDOWS\System32\svchost.exe 1020 C:\WINDOWS\System32\svchost.exe 1100 C:\WINDOWS\System32\audiodg.exe 1124 C:\WINDOWS\System32\svchost.exe 1140 C:\WINDOWS\System32\SLsvc.exe 1184 C:\WINDOWS\System32\svchost.exe 1292 C:\WINDOWS\System32\svchost.exe 1448 C:\WINDOWS\System32\spoolsv.exe 1472 C:\WINDOWS\System32\svchost.exe 1792 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 1816 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe 1824 C:\Program Files\SUPERAntiSpyware\SASCore.exe 1836 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe 1848 C:\WINDOWS\System32\AEADISRV.EXE 1868 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1912 C:\Program Files\Bonjour\mDNSResponder.exe 1948 C:\WINDOWS\System32\dlcccoms.exe 2016 C:\WINDOWS\System32\svchost.exe 200 C:\WINDOWS\System32\svchost.exe 352 C:\WINDOWS\System32\svchost.exe 516 C:\WINDOWS\System32\SearchIndexer.exe 2352 C:\WINDOWS\System32\taskeng.exe 2496 C:\WINDOWS\System32\taskeng.exe 2548 C:\WINDOWS\System32\dwm.exe 2644 C:\WINDOWS\explorer.exe 2824 C:\Program Files\Analog Devices\Core\smax4pnp.exe 2832 C:\WINDOWS\System32\igfxtray.exe 2840 C:\WINDOWS\System32\hkcmd.exe 2848 C:\WINDOWS\System32\igfxpers.exe 2884 C:\Program Files\iTunes\iTunesHelper.exe 2892 C:\hp\support\hpsysdrv.exe 2916 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2944 C:\WINDOWS\ehome\ehtray.exe 3084 C:\WINDOWS\ehome\ehmsas.exe 3156 C:\WINDOWS\ehome\ehsched.exe 3240 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe 3380 C:\Program Files\iPod\bin\iPodService.exe 3624 C:\WINDOWS\ehome\ehrecvr.exe 2212 C:\WINDOWS\System32\SearchProtocolHost.exe 3748 C:\WINDOWS\System32\svchost.exe 3308 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 3608 C:\hp\KBD\kbd.exe 3184 WmiPrvSE.exe 3872 C:\WINDOWS\System32\SearchFilterHost.exe 944 C:\Users\SuperDuperUserOne\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`cee2a000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAKS-65A7B0, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected SHA1: F362CE084BC77B454330005C1657154A64FB945 6 Done! Quote When I ran sfc it did fix something but I never had to use a separate CD.If it found a missing or corrupted file, it would have asked for the CD. Quote My disks are installed on the hard drive.Do you mean your Operating system is installed on your harddrive? Most computers with Vista usually have the Recovery system in a separate partition of the harddrive. Do you have the OS disks? Quote When I restored my computer, again, I didn't have to insert a CDYou don't need to have an OS disk to do a System Restore. Do you mean re-format? I'm going to check with a colleague about this problem This looks like a false-positive warning. We should do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. **************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! I did the steps from reply #38. Quote Quote Your answers are what I meant. But, I don't have any Windows disks. I don't know how to re-format. Last time I had a problem I used windows repair and, WELL I ended up reinstalling windows. But, I didn't have to use disks. I did burn a recovery CD. ...I did have to enter my windows key. When I ran sfc it didn't ask me for disks. It did create a log at Windows/Logs/CBS. I still can't install Windows updates and Windows Firewall is off. I'm going to try that recovery CD I burned form last time and see what options it gives me. Because last time there where no restore points. And run sfc again and see what happens. Thanks for the on-going help. Oh no! I just got this. The Recovery Console is installed on a separate partition of your harddrive. The Recovery disc you created should let you do a repair to the system files. |
|
| 214. |
Solve : Double check? |
|
Answer» Sorry about that! I must have saved them like I did this time but attach.txt doesn't save.
•Then click on Scan at the to right hand Corner. •It will automatically Neutralize any objects found. •If some objects are left un-neutralized then click the button that says Neutralize all •If it says it cannot be neutralized then choose the delete option when prompted. •After that is done click on the REPORTS button at the bottom and save it to file name it Kas. •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply. Note: This tool will self uninstall when you close it so please save the log before closing it.I ran mrt.exe again and still nothing found. Ran Kaspersky and found Status: Deleted (events: 2) 1/27/2012 8:18:11 PMDeletedTrojan program Trojan.Win32.KillAV.ntC:\Documents and Settings\Person\My Documents\My Received Files\data1.cabHigh 1/27/2012 8:18:11 PMDeletedTrojan program Trojan.Win32.KillAV.ntC:\Documents and Settings\Person\My Documents\My Received Files\data1.cab//killbill.exeHigh Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the CONTENTS of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: SUPERAntiSpyware CCleaner Java(TM) 6 Update 30 Java 2 Runtime Environment, SE v1.4.2_05 Adobe Flash Player 10.0.45.2 Flash Player out of Date! Adobe Reader X (10.1.2) ```````````````````````````````` Process Check: objlist.exe by Laurent UTILITIES AVAST Software Avast AvastSvc.exe UTILITIES AVAST Software Avast avastUI.exe ``````````End of Log```````````` Why isn't Malwarebytes listed? Do I need to reinstall it?Quote Why isn't Malwarebytes listed? Do I need to reinstall it?No. Not necessary. Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop. Note: please close all other applications running on your system. Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue. Click the Settings button. Set the slider to Maximum. IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports. On the General tab, make sure all of the boxes are checked. On the Misc tab, make sure all the checkboxes are checked. Then, click OK on the windows that you launched. Click Create Report to run it. It will begin scanning. It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process. It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply..Here you go. http://www.getsysteminfo.com/read.php?file=be3e352aabab1703a0c53f26c0514a6fAfter all these scans I can find no malware that would be causing your problems. Did you try defragging the drive? How much RAM on that computer?Yes, repeatedly. 512 Mb Ram but it used to run well with that. If you think it is clean it must be due to the bad sectors and the relocation of files during the REPAIR. At least now I can be sure that the Malware we did find is removed from her external drive and won't be rewritten if I do a clean install. I have learned a bunch in the process! Thank you for all of your time and guidance. You are super Dave, but I guess you already knew that! Just one more thing.The folder on C, created by ComboFix I belive, named Found. It has recovered file fragments in it. Am I supposed to do something with them? I know it is a mute point if I do a CLEAN install but just for future reference and because I am a curious gal!Ok. We'll do some cleanup. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you ********************************************** To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. This will give you a new, clean Restore Point. ************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************* Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 215. |
Solve : No programs, no system tools, no items on desktop..desperately need help? |
|
Answer» I'm working on it. I moved all the files over to my user account and made sure all of the programs are accessible from it as well. I would, however prefer to not lose the CHASE user account if possible. I am not completely comfortable with my abilities to do this correctly without losing something, and thus, don't want to delete.
*************************************************** To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. This will give you a new, clean Restore Point. ************************************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how OFTEN you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. *************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will KEEP you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping SITES. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize FEATURE in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! I'm about to start the cleanup you have listed for me but I just wanted to take a second to thank you.....very much!! I appreciate all of your knowledge and patience. So THANKS! --NatYou're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 216. |
Solve : Am I infected.. My PC is VERY VERY SLOOOOW!? |
|
Answer» Is it still running slowly? Is it slow at booting up?
I have run the application and the log is posted below. I would like to say thanks for this, as I do think the PC is running better. The fact that the last 2 scans picked nothing up, seems to show everything is ok. 08:27:42.0788 1984TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 08:27:42.0975 1984============================================================ 08:27:42.0975 1984Current date / time: 2012/02/11 08:27:42.0975 08:27:42.0975 1984SystemInfo: 08:27:42.0975 1984 08:27:42.0975 1984OS Version: 6.1.7601 ServicePack: 1.0 08:27:42.0975 1984Product type: Workstation 08:27:42.0975 1984ComputerName: MYRNAS-PICS 08:27:42.0975 1984UserName: Richard 08:27:42.0975 1984Windows directory: C:\Windows 08:27:42.0975 1984System windows directory: C:\Windows 08:27:42.0975 1984Running under WOW64 08:27:42.0975 1984Processor architecture: Intel x64 08:27:42.0975 1984Number of processors: 4 08:27:42.0975 1984Page size: 0x1000 08:27:42.0975 1984Boot type: Normal boot 08:27:42.0975 1984============================================================ 08:27:44.0301 1984Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 08:27:44.0301 1984Drive \Device\Harddisk0\DR0 - Size: 0x2E93A2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:27:44.0301 1984Drive \Device\Harddisk1\DR1 - Size: 0x4C5552000 (19.08 Gb), SectorSize: 0x200, Cylinders: 0x9BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:27:44.0317 1984\Device\Harddisk2\DR2: 08:27:44.0317 1984MBR used 08:27:44.0317 1984\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 08:27:44.0317 1984\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 08:27:44.0317 1984\Device\Harddisk0\DR0: 08:27:44.0317 1984MBR used 08:27:44.0317 1984\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749D131 08:27:44.0317 1984\Device\Harddisk1\DR1: 08:27:44.0317 1984MBR used 08:27:44.0317 1984\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x26260FB 08:27:44.0364 1984Initialize success 08:27:44.0364 1984============================================================ 08:27:46.0548 2428============================================================ 08:27:46.0548 2428Scan started 08:27:46.0548 2428Mode: Manual; 08:27:46.0548 2428============================================================ 08:27:48.0326 24281394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:27:48.0326 24281394ohci - ok 08:27:48.0357 2428ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:27:48.0373 2428ACPI - ok 08:27:48.0466 2428AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:27:48.0482 2428AcpiPmi - ok 08:27:48.0498 2428ACRUSBTM - ok 08:27:48.0591 2428adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:27:48.0607 2428adp94xx - ok 08:27:48.0669 2428adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:27:48.0669 2428adpahci - ok 08:27:48.0763 2428adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:27:48.0763 2428adpu320 - ok 08:27:48.0872 2428AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 08:27:48.0872 2428AFD - ok 08:27:49.0012 2428agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:27:49.0012 2428agp440 - ok 08:27:49.0215 2428aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:27:49.0215 2428aliide - ok 08:27:49.0246 2428amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:27:49.0246 2428amdide - ok 08:27:49.0324 2428AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:27:49.0324 2428AmdK8 - ok 08:27:49.0356 2428AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:27:49.0356 2428AmdPPM - ok 08:27:49.0418 2428amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:27:49.0434 2428amdsata - ok 08:27:49.0512 2428amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:27:49.0512 2428amdsbs - ok 08:27:49.0590 2428amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:27:49.0590 2428amdxata - ok 08:27:49.0714 2428AODDriver (f160ecce1500a5a5877c123584e86b17) C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys 08:27:49.0714 2428AODDriver - ok 08:27:49.0808 2428AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:27:49.0808 2428AppID - ok 08:27:49.0933 2428arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:27:49.0933 2428arc - ok 08:27:49.0948 2428arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:27:49.0948 2428arcsas - ok 08:27:50.0011 2428ASAPIW2k - ok 08:27:50.0042 2428AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:27:50.0042 2428AsyncMac - ok 08:27:50.0104 2428atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:27:50.0104 2428atapi - ok 08:27:50.0198 2428b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:27:50.0214 2428b06bdrv - ok 08:27:50.0260 2428b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:27:50.0260 2428b57nd60a - ok 08:27:50.0354 2428Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:27:50.0354 2428Beep - ok 08:27:50.0401 2428blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:27:50.0401 2428blbdrive - ok 08:27:50.0510 2428bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:27:50.0526 2428bowser - ok 08:27:50.0541 2428BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:27:50.0541 2428BrFiltLo - ok 08:27:50.0588 2428BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:27:50.0588 2428BrFiltUp - ok 08:27:50.0697 2428BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 08:27:50.0697 2428BridgeMP - ok 08:27:50.0744 2428Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:27:50.0760 2428Brserid - ok 08:27:50.0775 2428BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:27:50.0775 2428BrSerWdm - ok 08:27:50.0838 2428BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:27:50.0853 2428BrUsbMdm - ok 08:27:50.0947 2428BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:27:50.0947 2428BrUsbSer - ok 08:27:50.0962 2428BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:27:50.0978 2428BTHMODEM - ok 08:27:50.0978 2428catchme - ok 08:27:51.0072 2428cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:27:51.0072 2428cdfs - ok 08:27:51.0150 2428cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 08:27:51.0165 2428cdrom - ok 08:27:51.0243 2428circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:27:51.0243 2428circlass - ok 08:27:51.0274 2428CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:27:51.0274 2428CLFS - ok 08:27:51.0384 2428CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:27:51.0384 2428CmBatt - ok 08:27:51.0446 2428cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:27:51.0446 2428cmdide - ok 08:27:51.0508 2428CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:27:51.0508 2428CNG - ok 08:27:51.0586 2428Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:27:51.0586 2428Compbatt - ok 08:27:51.0696 2428CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:27:51.0696 2428CompositeBus - ok 08:27:51.0774 2428crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:27:51.0774 2428crcdisk - ok 08:27:51.0867 2428DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:27:51.0867 2428DfsC - ok 08:27:51.0945 2428discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:27:51.0945 2428discache - ok 08:27:51.0976 2428Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:27:51.0976 2428Disk - ok 08:27:52.0070 2428drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:27:52.0070 2428drmkaud - ok 08:27:52.0148 2428DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:27:52.0164 2428DXGKrnl - ok 08:27:52.0304 2428ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:27:52.0320 2428ebdrv - ok 08:27:52.0413 2428elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:27:52.0413 2428elxstor - ok 08:27:52.0538 2428ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:27:52.0554 2428ErrDev - ok 08:27:52.0585 2428etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys 08:27:52.0585 2428etdrv - ok 08:27:52.0694 2428exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:27:52.0694 2428exfat - ok 08:27:52.0725 2428fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:27:52.0741 2428fastfat - ok 08:27:52.0834 2428fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:27:52.0834 2428fdc - ok 08:27:52.0897 2428FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:27:52.0912 2428FileInfo - ok 08:27:52.0928 2428Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:27:52.0928 2428Filetrace - ok 08:27:53.0068 2428flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:27:53.0068 2428flpydisk - ok 08:27:53.0162 2428FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:27:53.0162 2428FltMgr - ok 08:27:53.0224 2428FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:27:53.0224 2428FsDepends - ok 08:27:53.0271 2428Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 08:27:53.0271 2428Fs_Rec - ok 08:27:53.0365 2428fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:27:53.0365 2428fvevol - ok 08:27:53.0412 2428gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:27:53.0412 2428gagp30kx - ok 08:27:53.0474 2428gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys 08:27:53.0474 2428gdrv - ok 08:27:53.0568 2428GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:27:53.0568 2428GEARAspiWDM - ok 08:27:53.0692 2428GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys 08:27:53.0692 2428GVTDrv64 - ok 08:27:53.0755 2428hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:27:53.0755 2428hcw85cir - ok 08:27:53.0848 2428HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:27:53.0864 2428HdAudAddService - ok 08:27:53.0942 2428HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:27:53.0942 2428HDAudBus - ok 08:27:53.0989 2428HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:27:53.0989 2428HidBatt - ok 08:27:54.0020 2428HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:27:54.0020 2428HidBth - ok 08:27:54.0067 2428HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:27:54.0067 2428HidIr - ok 08:27:54.0176 2428HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:27:54.0176 2428HidUsb - ok 08:27:54.0254 2428HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:27:54.0254 2428HpSAMD - ok 08:27:54.0348 2428HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:27:54.0363 2428HTTP - ok 08:27:54.0410 2428hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:27:54.0410 2428hwpolicy - ok 08:27:54.0535 2428i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:27:54.0535 2428i8042prt - ok 08:27:54.0582 2428iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:27:54.0582 2428iaStorV - ok 08:27:54.0706 2428iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:27:54.0706 2428iirsp - ok 08:27:54.0800 2428IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys 08:27:54.0800 2428IntcAzAudAddService - ok 08:27:54.0925 2428intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:27:54.0940 2428intelide - ok 08:27:54.0972 2428intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:27:54.0972 2428intelppm - ok 08:27:55.0081 2428IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:27:55.0081 2428IpFilterDriver - ok 08:27:55.0143 2428IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:27:55.0143 2428IPMIDRV - ok 08:27:55.0221 2428IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:27:55.0221 2428IPNAT - ok 08:27:55.0315 2428IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:27:55.0315 2428IRENUM - ok 08:27:55.0377 2428isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:27:55.0377 2428isapnp - ok 08:27:55.0440 2428iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:27:55.0455 2428iScsiPrt - ok 08:27:55.0533 2428kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 08:27:55.0533 2428kbdclass - ok 08:27:55.0611 2428kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:27:55.0611 2428kbdhid - ok 08:27:55.0720 2428kl1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys 08:27:55.0720 2428kl1 - ok 08:27:55.0830 2428kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys 08:27:55.0830 2428kl2 - ok 08:27:55.0876 2428KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys 08:27:55.0892 2428KLIF - ok 08:27:55.0954 2428KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys 08:27:55.0954 2428KLIM6 - ok 08:27:56.0032 2428klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys 08:27:56.0032 2428klmouflt - ok 08:27:56.0095 2428KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:27:56.0095 2428KSecDD - ok 08:27:56.0188 2428KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:27:56.0204 2428KSecPkg - ok 08:27:56.0235 2428ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:27:56.0235 2428ksthunk - ok 08:27:56.0344 2428lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:27:56.0360 2428lltdio - ok 08:27:56.0422 2428LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:27:56.0422 2428LSI_FC - ok 08:27:56.0500 2428LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:27:56.0500 2428LSI_SAS - ok 08:27:56.0532 2428LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:27:56.0532 2428LSI_SAS2 - ok 08:27:56.0563 2428LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:27:56.0563 2428LSI_SCSI - ok 08:27:56.0656 2428luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:27:56.0672 2428luafv - ok 08:27:56.0734 2428MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys 08:27:56.0750 2428MarvinBus - ok 08:27:56.0875 2428MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 08:27:56.0875 2428MBAMProtector - ok 08:27:56.0968 2428megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:27:56.0968 2428megasas - ok 08:27:57.0015 2428MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:27:57.0031 2428MegaSR - ok 08:27:57.0109 2428Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:27:57.0109 2428Modem - ok 08:27:57.0140 2428monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:27:57.0140 2428monitor - ok 08:27:57.0218 2428mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:27:57.0218 2428mouclass - ok 08:27:57.0265 2428mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:27:57.0265 2428mouhid - ok 08:27:57.0327 2428mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:27:57.0327 2428mountmgr - ok 08:27:57.0405 2428mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:27:57.0405 2428mpio - ok 08:27:57.0468 2428mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:27:57.0468 2428mpsdrv - ok 08:27:57.0561 2428MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:27:57.0561 2428MRxDAV - ok 08:27:57.0670 2428mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:27:57.0670 2428mrxsmb - ok 08:27:57.0748 2428mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:27:57.0748 2428mrxsmb10 - ok 08:27:57.0858 2428mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:27:57.0858 2428mrxsmb20 - ok 08:27:57.0920 2428msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:27:57.0920 2428msahci - ok 08:27:58.0014 2428msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:27:58.0014 2428msdsm - ok 08:27:58.0076 2428Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:27:58.0076 2428Msfs - ok 08:27:58.0138 2428mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:27:58.0138 2428mshidkmdf - ok 08:27:58.0201 2428msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:27:58.0201 2428msisadrv - ok 08:27:58.0294 2428MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:27:58.0294 2428MSKSSRV - ok 08:27:58.0310 2428MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:27:58.0310 2428MSPCLOCK - ok 08:27:58.0326 2428MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:27:58.0326 2428MSPQM - ok 08:27:58.0388 2428MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:27:58.0388 2428MsRPC - ok 08:27:58.0497 2428mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:27:58.0497 2428mssmbios - ok 08:27:58.0606 2428MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:27:58.0606 2428MSTEE - ok 08:27:58.0653 2428MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:27:58.0653 2428MTConfig - ok 08:27:58.0716 2428Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:27:58.0716 2428Mup - ok 08:27:58.0778 2428NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:27:58.0794 2428NativeWifiP - ok 08:27:58.0950 2428NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:27:58.0965 2428NDIS - ok 08:27:59.0059 2428NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:27:59.0059 2428NdisCap - ok 08:27:59.0152 2428NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:27:59.0152 2428NdisTapi - ok 08:27:59.0215 2428Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:27:59.0215 2428Ndisuio - ok 08:27:59.0324 2428NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:27:59.0324 2428NdisWan - ok 08:27:59.0386 2428NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:27:59.0386 2428NDProxy - ok 08:27:59.0433 2428NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:27:59.0433 2428NetBIOS - ok 08:27:59.0527 2428NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:27:59.0527 2428NetBT - ok 08:27:59.0605 2428nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:27:59.0605 2428nfrd960 - ok 08:27:59.0652 2428Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:27:59.0652 2428Npfs - ok 08:27:59.0667 2428nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:27:59.0667 2428nsiproxy - ok 08:27:59.0776 2428Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:27:59.0792 2428Ntfs - ok 08:27:59.0870 2428Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:27:59.0870 2428Null - ok 08:27:59.0948 2428NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 08:27:59.0948 2428NVHDA - ok 08:28:00.0229 2428nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys 08:28:00.0276 2428nvlddmkm - ok 08:28:00.0369 2428nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:28:00.0385 2428nvraid - ok 08:28:00.0400 2428nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:28:00.0400 2428nvstor - ok 08:28:00.0541 2428nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:28:00.0541 2428nv_agp - ok 08:28:00.0572 2428ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:28:00.0572 2428ohci1394 - ok 08:28:00.0681 2428Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:28:00.0681 2428Parport - ok 08:28:00.0744 2428partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 08:28:00.0744 2428partmgr - ok 08:28:00.0884 2428pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:28:00.0884 2428pci - ok 08:28:00.0915 2428pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:28:00.0915 2428pciide - ok 08:28:00.0962 2428PCLEPCI - ok 08:28:01.0009 2428pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:28:01.0009 2428pcmcia - ok 08:28:01.0040 2428pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:28:01.0040 2428pcw - ok 08:28:01.0134 2428PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:28:01.0134 2428PEAUTH - ok 08:28:01.0258 2428PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:28:01.0258 2428PptpMiniport - ok 08:28:01.0336 2428Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:28:01.0336 2428Processor - ok 08:28:01.0414 2428Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:28:01.0414 2428Psched - ok 08:28:01.0539 2428ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:28:01.0555 2428ql2300 - ok 08:28:01.0570 2428ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:28:01.0570 2428ql40xx - ok 08:28:01.0680 2428QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:28:01.0680 2428QWAVEdrv - ok 08:28:01.0695 2428RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:28:01.0695 2428RasAcd - ok 08:28:01.0742 2428RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:28:01.0742 2428RasAgileVpn - ok 08:28:01.0836 2428Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:28:01.0836 2428Rasl2tp - ok 08:28:01.0898 2428RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:28:01.0898 2428RasPppoe - ok 08:28:01.0945 2428RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:28:01.0945 2428RasSstp - ok 08:28:02.0023 2428rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:28:02.0038 2428rdbss - ok 08:28:02.0054 2428rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:28:02.0054 2428rdpbus - ok 08:28:02.0101 2428RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:28:02.0101 2428RDPCDD - ok 08:28:02.0163 2428RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:28:02.0163 2428RDPENCDD - ok 08:28:02.0194 2428RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:28:02.0194 2428RDPREFMP - ok 08:28:02.0288 2428RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 08:28:02.0288 2428RDPWD - ok 08:28:02.0397 2428rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:28:02.0397 2428rdyboost - ok 08:28:02.0491 2428rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:28:02.0491 2428rspndr - ok 08:28:02.0522 2428RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:28:02.0538 2428RTL8167 - ok 08:28:02.0600 2428SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 08:28:02.0600 2428SASDIFSV - ok 08:28:02.0631 2428SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 08:28:02.0631 2428SASKUTIL - ok 08:28:02.0725 2428sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:28:02.0740 2428sbp2port - ok 08:28:02.0787 2428scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:28:02.0787 2428scfilter - ok 08:28:02.0912 2428secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:28:02.0912 2428secdrv - ok 08:28:02.0959 2428Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:28:02.0959 2428Serenum - ok 08:28:02.0974 2428Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:28:02.0990 2428Serial - ok 08:28:03.0084 2428sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:28:03.0084 2428sermouse - ok 08:28:03.0130 2428sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:28:03.0130 2428sffdisk - ok 08:28:03.0146 2428sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:28:03.0146 2428sffp_mmc - ok 08:28:03.0224 2428sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:28:03.0224 2428sffp_sd - ok 08:28:03.0271 2428sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:28:03.0271 2428sfloppy - ok 08:28:03.0302 2428SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:28:03.0302 2428SiSRaid2 - ok 08:28:03.0364 2428SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:28:03.0364 2428SiSRaid4 - ok 08:28:03.0411 2428Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:28:03.0411 2428Smb - ok 08:28:03.0489 2428spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:28:03.0505 2428spldr - ok 08:28:03.0661 2428srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:28:03.0676 2428srv - ok 08:28:03.0708 2428srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:28:03.0708 2428srv2 - ok 08:28:03.0739 2428srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:28:03.0739 2428srvnet - ok 08:28:03.0848 2428stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 08:28:03.0848 2428stexstor - ok 08:28:03.0926 2428swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:28:03.0926 2428swenum - ok 08:28:04.0004 2428TBPanel - ok 08:28:04.0113 2428Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 08:28:04.0144 2428Tcpip - ok 08:28:04.0285 2428TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 08:28:04.0300 2428TCPIP6 - ok 08:28:04.0363 2428tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:28:04.0363 2428tcpipreg - ok 08:28:04.0441 2428TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:28:04.0456 2428TDPIPE - ok 08:28:04.0472 2428TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 08:28:04.0472 2428TDTCP - ok 08:28:04.0581 2428tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:28:04.0581 2428tdx - ok 08:28:04.0659 2428TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:28:04.0659 2428TermDD - ok 08:28:04.0753 2428tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:28:04.0768 2428tssecsrv - ok 08:28:04.0893 2428TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:28:04.0893 2428TsUsbFlt - ok 08:28:04.0987 2428tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:28:04.0987 2428tunnel - ok 08:28:05.0065 2428uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 08:28:05.0065 2428uagp35 - ok 08:28:05.0127 2428udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:28:05.0143 2428udfs - ok 08:28:05.0268 2428uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:28:05.0268 2428uliagpkx - ok 08:28:05.0299 2428umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 08:28:05.0299 2428umbus - ok 08:28:05.0330 2428UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 08:28:05.0330 2428UmPass - ok 08:28:05.0424 2428USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 08:28:05.0439 2428USBAAPL64 - ok 08:28:05.0486 2428usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:28:05.0502 2428usbccgp - ok 08:28:05.0564 2428usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:28:05.0564 2428usbcir - ok 08:28:05.0595 2428usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:28:05.0595 2428usbehci - ok 08:28:05.0689 2428usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:28:05.0689 2428usbhub - ok 08:28:05.0798 2428usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 08:28:05.0798 2428usbohci - ok 08:28:05.0829 2428usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:28:05.0829 2428usbprint - ok 08:28:05.0938 2428usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 08:28:05.0938 2428usbscan - ok 08:28:06.0001 2428USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:28:06.0001 2428USBSTOR - ok 08:28:06.0048 2428usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:28:06.0063 2428usbuhci - ok 08:28:06.0157 2428vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:28:06.0157 2428vdrvroot - ok 08:28:06.0219 2428vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:28:06.0219 2428vga - ok 08:28:06.0250 2428VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:28:06.0250 2428VgaSave - ok 08:28:06.0313 2428vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:28:06.0313 2428vhdmp - ok 08:28:06.0375 2428viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:28:06.0375 2428viaide - ok 08:28:06.0422 2428volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:28:06.0422 2428volmgr - ok 08:28:06.0500 2428volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:28:06.0500 2428volmgrx - ok 08:28:06.0609 2428volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:28:06.0609 2428volsnap - ok 08:28:06.0656 2428vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 08:28:06.0672 2428vsmraid - ok 08:28:06.0952 2428VSPerfDrv90 (858c3833cd5a359b110bc5ec1f760cbd) C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys 08:28:06.0968 2428VSPerfDrv90 - ok 08:28:07.0046 2428vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 08:28:07.0046 2428vwifibus - ok 08:28:07.0077 2428WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 08:28:07.0077 2428WacomPen - ok 08:28:07.0186 2428WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:28:07.0186 2428WANARP - ok 08:28:07.0202 2428Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:28:07.0202 2428Wanarpv6 - ok 08:28:07.0264 2428Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 08:28:07.0264 2428Wd - ok 08:28:07.0342 2428Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:28:07.0342 2428Wdf01000 - ok 08:28:07.0420 2428WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:28:07.0420 2428WfpLwf - ok 08:28:07.0452 2428WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:28:07.0452 2428WIMMount - ok 08:28:07.0623 2428WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:28:07.0623 2428WinUsb - ok 08:28:07.0654 2428WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:28:07.0654 2428WmiAcpi - ok 08:28:07.0686 2428ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:28:07.0686 2428ws2ifsl - ok 08:28:07.0810 2428WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:28:07.0810 2428WudfPf - ok 08:28:07.0857 2428WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:28:07.0857 2428WUDFRd - ok 08:28:07.0904 2428MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 08:28:07.0966 2428\Device\Harddisk2\DR2 - ok 08:28:07.0982 2428MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:28:07.0982 2428\Device\Harddisk0\DR0 - ok 08:28:07.0982 2428MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 08:28:08.0122 2428\Device\Harddisk1\DR1 - ok 08:28:08.0122 2428Boot (0x1200) (c2877de7c93f52526b07de6e34c19ffe) \Device\Harddisk2\DR2\Partition0 08:28:08.0122 2428\Device\Harddisk2\DR2\Partition0 - ok 08:28:08.0169 2428Boot (0x1200) (3e7ca51556514d05f4394dd1ae1e3ab3) \Device\Harddisk2\DR2\Partition1 08:28:08.0169 2428\Device\Harddisk2\DR2\Partition1 - ok 08:28:08.0169 2428Boot (0x1200) (1c1dcb712a572d798d2587ac298deb6b) \Device\Harddisk0\DR0\Partition0 08:28:08.0169 2428\Device\Harddisk0\DR0\Partition0 - ok 08:28:08.0185 2428Boot (0x1200) (a5a9019076538a675005bf7370defce2) \Device\Harddisk1\DR1\Partition0 08:28:08.0185 2428\Device\Harddisk1\DR1\Partition0 - ok 08:28:08.0185 2428============================================================ 08:28:08.0185 2428Scan finished 08:28:08.0185 2428============================================================ 08:28:08.0200 5936Detected object count: 0 08:28:08.0200 5936Actual detected object count: 0 Please give me an update on how your computer is running.Hi, It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. ThanksQuote It does seem to boot and run faster.. Whatever was causing the issue seems to either be gone, or has stopped. I'm very grateful for the help here. ThanksYou're welcome. Now we should do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
***************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 217. |
Solve : Downloads and updates corrupt? |
|
Answer» I tried it again, same problem. I can try downloading DIAL a fix on another pc.Please try running this tool to see if it will correct that update problemQuote Please try running this tool to see if it will correct that update problemUniblue says it has fixed 15 registry errors and left 199. I have to purchase the tool to correct the rest.You must have downloaded the wrong program. Did you click the Download button in the upper right-hand corner? You need to download and run the "Repair Windows Update Errors" program.Quote You must have downloaded the wrong program. Did you click the Download button in the upper right-hand corner? You need to download and run the "Repair Windows Update Errors" program.Ooops. Running the correct program now.This download is corrupting as well. But I just WENT to my neighbours to try their connection with my laptop & successfully downloaded & installed System Mechanic, this was one of the programmes I've been having trouble with. Does this mean most of my problems are down to my broadband connection/provider?Quote This download is corrupting as well. But I just went to my neighbours to try their connection with my laptop & successfully downloaded & installed System Mechanic, this was one of the programmes I've been having trouble with. Does this mean most of my problems are down to my broadband connection/provider?It would appear that the only problem is getting your updates for Windows. I doubt that System Mechanic will do much to help this problem. Why not download Dial-A-Fix and the other utility on your FRIENDS computer and transfer them to your computer using a CD of memory stick? I tried that program and it ran A ok on my computer. While you're at your friend's place see if you can get your Windows updates on your laptop.Quote It would appear that the only problem is getting your updates for Windows. I doubt that System Mechanic will do much to help this problem. Why not download Dial-A-Fix and the other utility on your friends computer and transfer them to your computer using a CD of memory stick? I tried that program and it ran A ok on my computer. While you're at your friend's place see if you can get your Windows updates on your laptop.I have kept my laptop connected to my neighbours network and have been receiving windows updates on it. I'll try dial a fix download again after the weekend (I'm away). Thanks for everything so far, be in touch again on monday.Hi, I think I have established that most of my download/update problems have been caused by my wireless router. I plugged my laptop directly into the modem and everything worked/updated perfectly. I spoke to Virgin, my broadband provider and they are replacing my router. Unfortunately I am unable to plug my desktop into the modem as it doesn't seem to have a "local area connection" in network connections, so I'll have to wait till my new router arrives and is up and running to get the windows and other updates. I am very grateful for all your help so far.That's good news. We can do some cleanup. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you ****************************************** To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When TURNING off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. This will give you a new, clean Restore Point. *************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make SURE you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. OK, done those.Quote from: Xenomorph on February 20, 2012, 02:03:49 PM OK, done those.Ok. As soon as you get your new router you should be good to go. I'll leave this thread open in case you have more problems.Yay, everything's working. Thanks for all your help Superdave.Quote from: Xenomorph on February 22, 2012, 08:26:04 AM Yay, everything's working. Thanks for all your help Superdave.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 218. |
Solve : Need help in removing sh4ldr from C: caused by a virus? |
|
Answer» I removed the FUNCTIONALITY of the virus for the most part by sweeping ComboFix on it, but unable to remove it entirely as I restored my computer to the day before I got it, but didn't remove it. It was from a variant of the Win7 Security 2011 virus.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ************************************************* Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copying and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) I have a quick question before I do that. SuperAntiSpyware is not an antivirus, correct? Would it interfere with ESET NOD32 when I don't command it to do a PC sweep?Quote from: ICOYAR on February 26, 2012, 01:48:39 PM I have a quick question before I do that. SuperAntiSpyware is not an antivirus, correct? Would it interfere with ESET NOD32 when I don't command it to do a PC sweep?SAS is an anti-malware program and it shouldn't interfere with ESET NOD32 |
|
| 219. |
Solve : badly infected? |
|
Answer» it's doing better, but not at 100%. Sorry for the delay, but I had some medical issues. it's doing better, but not at 100%Please describe "not at 100%".I am no longer getting the pop-up boxes. I have my desktop icons and my startup menu. the red circle with an x in it near my clock along with a system check icon is gone. but when I click on start, and all programs. the folders still show EMPTY. to access them I have to click start, right click all programs and click explore.Please try running UnHide again. You'll find it in Reply # 1ran unhide again and the folders still show empty Please do this even if you don't have the OS disk. Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow) *Let this run undisturbed until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.I don't have a xp cd Quote from: nikis360 on FEBRUARY 29, 2012, 12:16:56 PM I don't have a xp cdPlease run it anyway. If it finds a missing or corrupt file it will ask for the disk. That will give us a clue. |
|
| 220. |
Solve : Kaspersky TDSS Killer detects file safeboot.sys? |
|
Answer» Alright, well I would like to have it completely uninstalled if that is possible.
************************************************************ I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I know you said I dont need to post my combofix log, but here it is because it looks like i still have the iss proventia installed: ComboFix 12-02-29.01 - Mark 03/01/2012 15:19:38.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3067.2043 [GMT -5:00] Running from: d:\profiles\Mark\Desktop\ComboFix.exe Command switches used :: d:\profiles\Mark\Desktop\CFScript.txt AV: ISS Proventia 9.0.226.2212 *Enabled/Outdated* {137EA0D9-9C16-4D8D-AF04-E70936C88A36} AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ISS Proventia 9.0.226.2084 *Disabled* {967D7868-33AA-43E7-AC51-89F2A6FB873C} . ADS - WINDOWS: deleted 0 bytes in 1 streams. . ((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 ))))))))))))))))))))))))))))))) . . 2074-05-07 23:38 . 2006-11-22 01:48203576------w-c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-02-22 07:07 . 2012-02-22 07:0798992----a-w-c:\windows\system32\drivers\95999153.sys 2012-02-18 02:56 . 2012-02-18 03:10--------d-----w-c:\program files\FastCopy 2012-02-17 02:54 . 2012-02-17 02:54--------d-----w-d:\profiles\All Users\Application Data\Malwarebytes 2012-02-17 02:54 . 2012-02-17 02:54--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2012-02-17 02:54 . 2011-12-10 20:2420464----a-w-c:\windows\system32\drivers\mbam.sys 2012-02-17 02:44 . 2012-02-17 02:44--------d-----w-d:\profiles\Mark\Application Data\SUPERAntiSpyware.com 2012-02-17 02:42 . 2012-02-17 02:46--------d-----w-c:\program files\SUPERAntiSpyware 2012-02-17 02:42 . 2012-02-17 02:42--------d-----w-d:\profiles\All Users\Application Data\SUPERAntiSpyware.com 2012-02-16 22:02 . 2012-02-16 22:0298992----a-w-c:\windows\system32\drivers\95463149.sys 2012-02-16 22:02 . 2012-02-16 22:02--------d-----w-C:\TDSSKiller_Quarantine 2012-02-15 17:30 . 2012-02-15 17:30--------d-----w-d:\profiles\Mark\Application Data\Hardcore 2012-02-05 21:31 . 2011-12-11 04:58973632----a-w-c:\windows\system32\nvdispco3220155.dll 2012-02-04 06:01 . 2012-02-04 06:01--------d-----w-c:\program files\SyncToy 2.1 2012-02-01 22:42 . 2012-02-01 22:42--------d-----w-d:\profiles\NetworkService.NT AUTHORITY.000\Application Data\Subversion 2012-02-01 21:02 . 2012-02-01 21:02--------d-----w-d:\profiles\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 20:38 . 2011-02-18 00:15140496----a-w-c:\windows\system32\drivers\PnkBstrK.sys 2012-02-23 20:38 . 2011-02-19 14:20280736----a-w-c:\windows\system32\PnkBstrB.xtr 2012-02-23 20:38 . 2011-02-18 00:15280736----a-w-c:\windows\system32\PnkBstrB.exe 2012-02-19 14:20 . 2011-02-18 00:1575136----a-w-c:\windows\system32\PnkBstrA.exe 2012-02-19 14:19 . 2011-02-18 00:15280736----a-w-c:\windows\system32\PnkBstrB.ex0 2012-02-19 07:16 . 2011-02-18 00:15138056----a-w-d:\profiles\Mark\Application Data\PnkBstrK.sys 2012-02-19 07:15 . 2011-02-18 00:152434856----a-w-c:\windows\system32\pbsvc_bc2.exe 2011-12-29 18:00 . 2010-08-05 05:1579360----a-w-c:\windows\system32\ff_vfw.dll 2011-12-21 18:14 . 2010-08-05 05:15151552----a-w-c:\windows\system32\ac3acm.acm 2011-12-17 14:26 . 2011-10-20 19:14141312----a-w-c:\windows\system32\javacpl.cpl 2011-12-17 14:23 . 2011-06-06 16:01414368----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-11 04:58 . 2011-10-15 02:38877376----a-w-c:\windows\system32\nvgenco3220103.dll 2011-12-11 04:58 . 2011-03-14 20:4761440----a-w-c:\windows\system32\OpenCL.dll 2011-12-11 04:58 . 2011-03-14 20:475332992----a-w-c:\windows\system32\nvcuda.dll 2011-12-11 04:58 . 2011-03-14 20:472811200----a-w-c:\windows\system32\nvcuvid.dll 2011-12-11 04:58 . 2011-03-14 20:472084672----a-w-c:\windows\system32\nvcuvenc.dll 2011-12-11 04:58 . 2011-03-14 20:4713004800----a-w-c:\windows\system32\nvcompiler.dll 2011-12-11 04:58 . 2008-06-25 11:224205056----a-w-c:\windows\system32\nv4_disp.dll 2011-12-11 04:58 . 2008-06-25 11:222335232----a-w-c:\windows\system32\nvapi.dll 2011-12-11 04:58 . 2008-06-25 11:2216076800----a-w-c:\windows\system32\nvoglnt.dll 2011-12-11 04:58 . 2008-06-25 11:2212836544----a-w-c:\windows\system32\drivers\nv4_mini.sys 2011-12-11 03:46 . 2011-10-15 02:40249856----a-w-c:\windows\system32\nvrseng.dll 2011-12-11 03:46 . 2011-10-15 02:40253952----a-w-c:\windows\system32\nvrsth.dll 2011-12-11 03:46 . 2011-10-15 02:40282624----a-w-c:\windows\system32\nvrsel.dll 2011-12-11 03:46 . 2011-10-15 02:40274432----a-w-c:\windows\system32\nvrsesm.dll 2011-12-11 03:46 . 2011-10-15 02:40126976----a-w-c:\windows\system32\nvrszht.dll 2011-12-11 03:46 . 2011-10-15 02:40331776----a-w-c:\windows\system32\nvrshe.dll 2011-12-11 03:46 . 2011-10-15 02:40253952----a-w-c:\windows\system32\nvrsda.dll 2011-12-11 03:46 . 2011-10-15 02:40249856----a-w-c:\windows\system32\nvrsfi.dll 2011-12-11 03:45 . 2011-10-15 02:40274432----a-w-c:\windows\system32\nvrsnl.dll 2011-12-11 03:45 . 2011-10-15 02:40286720----a-w-c:\windows\system32\nvrsfr.dll 2011-12-11 03:45 . 2011-10-15 02:40270336----a-w-c:\windows\system32\nvrsru.dll 2011-12-11 03:45 . 2011-10-15 02:40262144----a-w-c:\windows\system32\nvrshu.dll 2011-12-11 03:45 . 2011-10-15 02:40229376----a-w-c:\windows\system32\nvrszhc.dll 2011-12-11 03:45 . 2011-10-15 02:40258048----a-w-c:\windows\system32\nvrssl.dll 2011-12-11 03:45 . 2011-10-15 02:40258048----a-w-c:\windows\system32\nvrstr.dll 2011-12-11 03:45 . 2011-10-15 02:40282624----a-w-c:\windows\system32\nvrses.dll 2011-12-11 03:45 . 2011-10-15 02:40278528----a-w-c:\windows\system32\nvrsde.dll 2011-12-11 03:45 . 2011-10-15 02:40266240----a-w-c:\windows\system32\nvrsko.dll 2011-12-11 03:45 . 2011-10-15 02:40253952----a-w-c:\windows\system32\nvrssv.dll 2011-12-11 03:45 . 2011-10-15 02:40249856----a-w-c:\windows\system32\nvrscs.dll 2011-12-11 03:45 . 2011-10-15 02:40335872----a-w-c:\windows\system32\nvrsar.dll 2011-12-11 03:45 . 2011-10-15 02:40258048----a-w-c:\windows\system32\nvrssk.dll 2011-12-11 03:45 . 2011-10-15 02:40270336----a-w-c:\windows\system32\nvrsptb.dll 2011-12-11 03:45 . 2011-10-15 02:40253952----a-w-c:\windows\system32\nvrsno.dll 2011-12-11 03:45 . 2011-10-15 02:40274432----a-w-c:\windows\system32\nvrspt.dll 2011-12-11 03:45 . 2011-10-15 02:40282624----a-w-c:\windows\system32\nvrsit.dll 2011-12-11 03:45 . 2011-10-15 02:40258048----a-w-c:\windows\system32\nvrspl.dll 2011-12-11 03:45 . 2011-10-15 02:40270336----a-w-c:\windows\system32\nvrsja.dll 2011-12-11 03:38 . 2011-10-15 02:40112960----a-w-c:\windows\system32\nvmctray.dll 2011-12-11 03:38 . 2011-10-15 02:4013900096----a-w-c:\windows\system32\nvcpl.dll 2011-12-11 03:38 . 2011-10-15 02:40156480----a-w-c:\windows\system32\nvsvc32.exe 2011-12-11 03:38 . 2011-10-15 02:40146752----a-w-c:\windows\system32\nvcolor.exe 2011-12-11 03:38 . 2011-10-15 02:4054272----a-w-c:\windows\system32\nvwddi.dll 2011-12-11 03:38 . 2011-10-15 02:40545088----a-w-c:\windows\system32\easyupdatusapiu.dll 2011-12-21 07:24 . 2011-12-17 14:22121816----a-w-c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-18 82224] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP QUICK Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-17 49152] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936] "SoundMAXPnP"="c:\program files\Analog DEVICES\Core\smax4pnp.exe" [2008-12-11 1044480] "QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2011-10-24 421888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-12-11 13900096] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-12-11 112960] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-09-07 1634112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-02-02 3900776] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "LogonType"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "GreyMSIAds"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54551296----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2009-06-03 20:14113152----a-w-c:\program files\ActivIdentity\ActivClient\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2009-06-03 20:13299520----a-w-c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2009-07-28 06:59192784----a-w-c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\0\0] "Script"=patch-2008-10.cmd . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-1041786\Scripts\Logon\1\0] "Script"=w2kenroll.cmd . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\0\0] "Script"=patch-2008-10.cmd . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-287218729-725345543-707520\Scripts\Logon\1\0] "Script"=w2kenroll.cmd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^DVD Check.lnk] path=d:\profiles\All Users\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup . [HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=d:\profiles\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\D:^Profiles^All Users^Start Menu^Programs^Startup^LapNetWizard.exe] path=d:\profiles\All Users\Start Menu\Programs\Startup\LapNetWizard.exe backup=c:\windows\pss\LapNetWizard.exeCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCAdvantage] 2005-06-09 19:41111403----a-w-c:\program files\Help Desk\CSCADV.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSCLogonInfo] 2006-12-12 21:28127079----a-w-c:\windows\UsrLogon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 10:421695232----a-w-c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2010-02-25 19:19287800------w-c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28421888----a-w-c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\SERVICES] "ThreatFire"=3 (0x3) "sdCoreService"=3 (0x3) "sdAuxService"=3 (0x3) "IviRegMgr"=2 (0x2) "gusvc"=2 (0x2) "gupdate1c9aca7f83fdf82"=2 (0x2) "GoogleDesktopManager-110408-113106"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "d:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "d:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\drivers\dsfksvcs.sys [2/8/2010 8:52 PM 479992] R0 dsfroot;root enumerated bus driver;c:\windows\system32\drivers\dsfroot.sys [2/8/2010 8:52 PM 31608] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [7/29/2009 2:30 PM 109216] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [7/29/2009 2:30 PM 51408] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [7/29/2009 2:30 PM 12960] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064] R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [8/21/2010 11:38 AM 7168] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 12:23 PM 11352] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [7/29/2009 2:30 PM 12528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [6/3/2009 3:16 PM 207400] R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [10/17/2010 7:32 PM 20549] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Bioscrypt [11/12/2008 8:09 PM 14336] R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [4/27/2011 7:41 PM 57344] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [7/29/2009 11:43 AM 1201400] R2 frameworkPostgreSQL;frameworkPostgreSQL;D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N "frameworkPostgreSQL" -D "D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data" --> D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N frameworkPostgreSQL [?] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [8/7/2009 3:59 PM 45056] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/29/2009 2:28 PM 256544] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088] R2 OpenSSHd;OpenSSH Server;d:\program files\OpenSSH\bin\cygrunsrv.exe [4/18/2004 6:11 AM 36864] R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\M-Audio\Oxygen\AudioDevMon.exe [3/4/2010 7:35 AM 1632776] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [12/14/2011 6:59 AM 3027840] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [10/20/2011 1:43 PM 2058776] R2 VMCI;VMware vmci;c:\windows\system32\drivers\vmci.sys [9/21/2010 2:59 AM 70704] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [9/21/2010 1:42 AM 539184] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 3:40 PM 482176] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/20/2009 2:20 PM 227896] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/12/2008 8:10 PM 239760] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/12/2008 6:48 PM 44800] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 5:34 PM 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2/20/2009 2:12 PM 47616] R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [4/22/2004 12:38 PM 2432] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [11/12/2008 8:09 PM 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 gupdate1c9aca7f83fdf82;Google Update Service (gupdate1c9aca7f83fdf82);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104] S2 XAMPP;XAMPP Service;d:\xampp\service.exe [12/20/2007 9:01 PM 60928] S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/21/2008 12:07 AM 113152] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2/18/2008 6:14 PM 106624] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2/8/2008 2:00 PM 59648] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 12:24 PM 133104] S3 HackerDefenderDrv084;HackerDefenderDrv084;\??\d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys --> d:\profiles\vxtk68\My Documents\Downloads\hxdef084\hxdefdrv.sys [?] S3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS --> c:\windows\system32\DRIVERS\HRMACPI.SYS [?] S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\drivers\hrmcfgspc.sys [2/8/2010 8:52 PM 92664] S3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\drivers\hrmints.sys [2/8/2010 8:52 PM 89976] S3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\drivers\hrmports.sys [2/8/2010 8:53 PM 103160] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [8/21/2010 11:38 AM 28160] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/22/2009 6:59 PM 42112] S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [9/16/2010 8:29 PM 30576] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/10/2011 10:20 AM 18432] S3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [1/12/2011 1:40 PM 112136] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [1/6/2005 5:10 AM 18048] S3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys --> c:\windows\system32\Drivers\PortTalk.sys [?] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 8:12 AM 1112560] S3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [?] S3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS --> c:\windows\system32\DRIVERS\SOFTUSBK.SYS [?] S3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS --> c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [?] S3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS --> c:\windows\system32\DRIVERS\SOFTWADP.SYS [?] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/8/2011 4:17 PM 25088] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/12/2008 8:09 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS --> c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [?] S4 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [3/3/2010 10:22 AM 671368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelperREG_MULTI_SZ getPlusHelper CognizanceREG_MULTI_SZ ASBroker BioscryptREG_MULTI_SZ ASChannel HPServiceREG_MULTI_SZ HPSLPSVC WINRMREG_MULTI_SZ WINRM . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22}] 2006-10-07 03:28121541----a-w-c:\program files\Microsoft Office Communicator\MotIM-default.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 16:14451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BAFC1927-A731-4c34-829B-47EE05ADD199}] 2008-04-14 10:42146432------w-c:\windows\regedit.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C10BF3A1-3FEC-4a94-AAAF-9D6A4B522F63}] 2005-08-12 17:18121799----a-w-c:\program files\WinZip\wzusr90.exe . Contents of the 'Scheduled Tasks' folder . 2012-03-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-CA999-VXTK68-01-Mark.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-02-17 08:44] . 2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-03-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 03:21] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 17:24] . 2012-03-01 c:\windows\Tasks\msfupdate.job - d:\program files\Rapid7\framework\msfupdate.bat [2011-05-25 21:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = 192.168.2.106:8080 uInternet Settings,ProxyOverride = *.mot.com;*.gi.com;HELP-MOTOROLA.AMER.CSC.COM;SHSH-NXS01.AMER.CSC.COM;*.local; IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: Zend Studio - Debug current page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html IE: Zend Studio - Debug next page - d:\program files\Zend\Zend Studio - 8.0.0\toolbars\ZendIEToolbar.dll/DebugNext.html LSP: bmnet.dll LSP: d:\program files\VMware\vsocklib.dll TCP: DhcpNameServer = 207.69.188.187 207.69.188.186 TCP: Interfaces\{DBA2BD3B-DD27-48D0-B1A8-D01EFD66A9B9}: NameServer = 207.69.188.187,207.69.188.186 FF - ProfilePath - d:\profiles\Mark\Application Data\Mozilla\Firefox\Profiles\prtpgzvs.default\ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-01 20:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST925042 rev.HP14 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0xF713C864 IoDeviceObjectType -> ParseProcedure -> 0xed312160 \Device\Harddisk0\DR0 -> ParseProcedure -> 0xed312160 user & kernel MBR OK . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL] "ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSFKSVCS\MofImagePath] . . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\frameworkPostgreSQL] "ImagePath"="D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"frameworkPostgreSQL\" -D \"D:/PROGRA~1/Rapid7/FRAMEW~1/POSTGR~1/data\"" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WINIO] "ImagePath"="pý\12" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2757104239-1278071424-1195812985-1009\Software\SecuROM\License information*] "datasecu"=hex:f1,9b,19,c7,4b,80,1a,89,34,46,79,92,96,d5,d1,3d,ed,80,b6,b7,42, e9,95,cb,73,19,c7,2b,30,51,1c,35,d5,62,04,fa,fd,92,b8,1e,4e,e3,44,10,c1,eb,\ "rkeysecu"=hex:a9,83,1a,d3,5a,1a,8b,17,08,e8,e0,21,0e,a4,7d,15 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1544) c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\itmsg.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\windows\system32\msi.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\ActivIdentity\ActivClient\ackpbsc.dll c:\program files\ActivIdentity\ActivClient\aclog.dll c:\program files\ActivIdentity\ActivClient\accrypto.dll c:\program files\ActivIdentity\ActivClient\ACLIBEAY.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll c:\windows\system32\bmnet.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\windows\system32\xenroll.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\program files\ActivIdentity\ActivClient\aipingui.dll c:\program files\ActivIdentity\ActivClient\acevtsub.dll c:\program files\ActivIdentity\ActivClient\asphat32.dll c:\program files\ActivIdentity\ActivClient\acerrmes.dll c:\program files\ActivIdentity\ActivClient\aiwinext.dll c:\program files\ActivIdentity\ActivClient\aspcom.dll c:\program files\ActivIdentity\ActivClient\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\asphatrc.dll c:\program files\ActivIdentity\ActivClient\Resources\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIlrc.dll c:\program files\ActivIdentity\ActivClient\Resources\acunlockrc.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll . - - - - - - - > 'Explorer.exe'(1512) c:\windows\system32\WININET.dll c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL c:\program files\Unlocker\UnlockerHook.dll c:\program files\Hewlett-Packard\IAM\Bin\APSHook.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Sandboxie\SbieSvc.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\BigFix Enterprise\BES Client\BESClient.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\pg_ctl.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Microsoft LifeCam\MSCamS32.exe d:\xampp\mysql\bin\mysqld.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe c:\windows\system32\nvsvc32.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe d:\progra~1\Rapid7\FRAMEW~1\POSTGR~1\bin\postgres.exe d:\program files\OpenSSH\usr\sbin\sshd.exe c:\windows\system32\vmnat.exe c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\CCM\CcmExec.exe d:\program files\VMware\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe d:\program files\Rapid7\framework\ruby\bin\ruby.exe d:\program files\Rapid7\framework\svn\bin\svn.exe c:\program files\TeamViewer\Version7\TeamViewer.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\TeamViewer\Version7\tv_w32.exe c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe c:\windows\system32\RUNDLL32.EXE c:\progra~1\MICROS~3\rapimgr.exe . ************************************************************************** . Completion time: 2012-03-01 20:46:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-02 01:46 ComboFix2.txt 2012-02-29 20:55 ComboFix3.txt 2012-02-29 01:01 ComboFix4.txt 2012-02-22 07:43 . Pre-Run: 6,468,026,368 bytes free Post-Run: 6,431,006,720 bytes free . - - End Of File - - E41C573B56547F861E965E16BE2A380B Eset is currently scanning the computer. ill post once it finishesI can't see it anywhere else in all the scans we've done. I made a mistake on that first script Re-running ComboFix to remove infections:
eset log: [emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d8a2975d263b424eb12d1a2cd483363b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-02 12:34:32 # local_time=2012-03-02 07:34:32 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777191 100 0 14808385 14808385 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=839622 # found=2 # cleaned=2 # scan_time=30974 C:\System Volume Information\_restore{15210BD2-C7F8-4EEB-8097-8D74A4DBE2E2}\RP3\A0000617.exea variant of Win32/Packed.PrivateEXEProtector.C application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{15210BD2-C7F8-4EEB-8097-8D74A4DBE2E2}\RP3\A0000618.exea variant of Win32/Packed.Enigma.AAB trojan (cleaned by deleting - quarantined)00000000000000000000000000000000CThat looks good. If there are no other issues, we can do some cleanup. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you. ************************************************ To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. ********************************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************ Looking over your log it seems you no longer have a firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. *************************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 221. |
Solve : Email hacked.?? |
|
Answer» My yahoo email has been hacked, both accounts actually, I created another account today. My question is, SINCE I'm pretty sure I know who did this, how can I PROVE it? Once I've changed my password, whats to STOP them from hacking into it again? My password wasn't even a real word, completlely off-the-wall and yet they managed to get in and send harrassing emails to a certain person. Any of you computer geeks out there know how to trace who hacked, or how to keep them from doing it next time? Thanks.You might want to scan your machine for a keylogger. Normally, I'd suggest Ad-Aware SE and Spybot S&D, but since this is a personal "prank" rather than a professional job, I don't know if they'd find anything. how can I prove it?Prove it to who, though? |
|
| 222. |
Solve : XP PC Hanging, Freezing? |
|
Answer» I can't find any malware that would be causing this problem. The only thing I can suggest is to keep Task Manager open and when it freezes, try to see which process is causing it and stop the process to see if will correct the problem.Thanks Dave. GOT me stumped here too. As far as keeping an eye on things through Task Manager, sure, if it is IE 8, then I will kill it if the CPU% doesn't go down after a while. I hesitate to do the same with svchost.exe, but I suppose it won't do any harm. NORTON tasks are a little less intense, so I just usually leave them alone. I hesitate to do the same with svchost.exe, but I suppose it won't do any harm.It won't do any harm Quote Any suggestions on where to go from this point? If you were to have any other recommendations, I would be happy to follow through.The only thing I could suggest at this point is to start a new thread in one of the software forums.I will. Thanks much for all your help in trying to find the cause of this problem. I appreciate it!Quote from: dc4580 on January 30, 2012, 08:45:06 PM I will. Thanks much for all your help in trying to find the cause of this problem. I appreciate it!I'll leave this thread unlocked so you can come back to let me know how things turn out.I will. Thanks.Hi Dave, Quick update to run down what I have gone through in the last month or so: 1.) Ran a number of different scans which didn't find anything malicious. 2.) Ran through an XP repair, which helped, but didn't get rid of the hang. 3.) Added RAM so that I am now at just under 2Gig. Made quite a noticable difference in response, but again didn't get rid of the hang. 4.) Replaced a DVD drive, which took those CD ROM errors out of the mix, but didn't get rid of the hang. 5.) Removed VMWare from my PC ( around 500 files and registry entries ). That was done using IOBIT.Uninstaller. I recommend that one for stubborn stuff. The removal of VMWare seems to be what removed the hangs and freezes. So, as you can see, it wasn't AV or any one particular thing, but a combination of things happening over time, some of which I believe we had discussed, like the RAM and hardware. My PC is now very clean, and response is very good. I HOPE to keep it that way for a while. I intend to do a hardware and software refresh in about a year or so. I just wanted to let you know the status now, and say thanks for getting me on the right path here. I appreciate all your help. Thank you very much. If you want to close out this issue, i would be be fine with that. DC4580. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 223. |
Solve : PC Slow/Grinding? |
|
Answer» Quote Then I guess I boot from CD and do what? Post contents here?You boot from the CD and the diagnostic program will run. However, if it is the bearings on the harddrive that is defective it probably won't show on the diagnostic. I don't need to see the log.Quote from: SUPERDAVE on March 17, 2012, 10:55:43 AM You should backup all your important data and be prepared to change the harddrive. You can run this diagnostic. It will give you a good picture of the harddrive. If it's a GRINDING noise, it sounds like a bearing is going bad. OK, I a bit confused with my options and if I did this right. 1) How do I know who made my harddrive? I thought I had a WDD, so I clicked on Western Digital. However, when I downloaded and ran it showed: TOSHIBIA M3252GSK (IDE) capacity 320 GB. On my computer, c drive it says I have 290 GB of memory. So is the Toshibia my hard drive? 2) If it's a WDD or a Toshiba, which program should I click to install and run since each option has tons! 3) When I clicked "Data Lifeguard Diagnostic for Windows v1.24 (July 2011)" I downloaded it, ran the short scan and it passed. Should I run the long scan? I never was asked anything on booting a CD? Unrelated: 4) When I used my PC today GMAIL and TWITTER where quite slow. 5) I have a cooling fan accessory board, would hooking that up to my PC help?Quote How do I know who made my harddrive?You can look in Device Manager or open the box and look at the drive. Is this the same computer that Evilfantasy is helping you with? |
|
| 224. |
Solve : Toshiba Satellite Laptop Metro and other applications not working? |
|
Answer» Hello! Toshiba Video Player just "stopped" working 2 days ago, when it was playing dvd's just fine on Thursday. Have you tried to restore back to a restore point that is before Thursday?... if the problem was created after Thursday and a restore point is available from prior than Thursday, you can be quickly back up and running healthy again if its just some corruption that needs to be corrected. I will try the restore for the video player, however the toshiba apps have never worked.Quote from: soldbylinz on June 21, 2014, 05:26:04 PM I will try the restore for the video player, however the toshiba apps have never worked.Pardon me. If the Toshiba apps do not work, did you never ask Toshiba for support? Is the PC still inside of the Warranty? Did you buy this from a specific vendor named 'Target'? Otherwise this could be an error message from the Java run time. It stopped a while ago. I didn't care much because I wasn't into the whole new look. I like xp style and that's what I'm used to lol. I bought this as an open box. But now I might as well change with the times. I have not CONTACTED support $$ I think there's a possible virus as well. Nothing in the scans, but Search Conduit is attacking Firefox. Target as in the targeted command prompt.Did the system restore annnnnnd it failed. Went to restore points earlier in the month and still failed. I am not opposed to doing a factory reset. Advise?Even windows media player will not play the dvds. It says SELECTED file has an extension (.) that is not recognized by windows media player. See attached. [recovering disk space, attachment deleted by admin]Quote ... Search Conduit is attacking Firefox.You NERD to fix that. You have some kind of virus or Trojan on your s stem. Backup your personal data. Search Conduit is bad. ** A factory restore might resolve your problems. ** It is claimed tart Conduit is legal. But many, myself included, believe it is not to be trusted at all. Get rid of it! http://en.wikipedia.org/wiki/Conduit_%28publisher_network_and_platform%29 Can we transfer my post to the spyware forum or would I have to post a new topic for further assistance?Start a new Topic over there... |
|
| 225. |
Solve : Trouble with BITS and Windows Update back to services due to undetected virus? |
|
Answer» Quote from: SuperDave on June 14, 2014, 12:34:19 PM Any other issues? Not at all. Could I uninstall the programs or do I need to keep them?You can keep MBAM and AdwCleaner, if you wish. Update them and run on a regular basis. Click Start> Computer> right click the C Drive and CHOOSE Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This RUNS the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ****************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet SECURITY addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, VIRUSES and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to HELP keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thank you so much SuperDave! I really appreciate what you have done for me.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 226. |
Solve : Yahoo conduit.? |
|
Answer» Quote from: SuperDave on May 29, 2014, 07:13:35 PM Why are you using Chrome? Because IE does not work 100% with wordpress sites. I use IE for mail and searchs etc.Have you tried FireFox?Quote from: SuperDave on May 30, 2014, 12:37:23 PM Have you tried FireFox? I have Dave and I don't like it, as I say I only use it for my blogs.Quote Have you tried FireFox?I actually use Firefox explicitly as my main browser at version 29 now and had no problems with home page changing etc, as for its still the same home page with no strange redirects etc. My system has otherwise been fine with no hijacks etc. The only thing that tipped me off to Conduit was AVG FREE Antivirus detecting it as a medium risk problem. I was THINKING it was a false positive until I put 2 and 2 together with recent Chrome install for Angry Birds game to play free. I figured that Chrome was good and CLEAN and THATS what Conduit slipped on in with below the radar until the AVG picked up on it during a full system scan.If you insist on using Chrome you will probably have problems with Conduit. See here. Just keep AdwCleaner nearby to remove it.Quote from: SuperDave on May 30, 2014, 04:35:48 PM If you insist on using Chrome you will probably have problems with Conduit. See here. Just keep AdwCleaner nearby to remove it. Why would goggle allow this to happen.Quote from: HARRY 48 on May 30, 2014, 04:55:51 PM Why would goggle allow this to happen.Money $$$ |
|
| 227. |
Solve : Avira free antivirus? |
|
Answer» No need to keep quoting previous replies.Quote from: SuperDave on April 06, 2014, 05:00:21 PM Avast has a problem with REGISTERING every 12 months or so.Not really a "problem" but perhaps slightly annoying. I use avast and will not abandon it merely because it requires re-registering once a year, even for the free version. Quote from: soybean on April 09, 2014, 08:14:55 AM Not really a "problem" but perhaps slightly annoying. I use avast and will not abandon it merely because it requires re-registering once a year, even for the free version. I do not have avast installed but it is in there somewhere cause I will hear a message avast has been updatedQuote from: foxygrandma on April 11, 2014, 11:17:15 AM I do not have avast installed but it is in there somewhere cause I will hear a message avast has been updatedIf you hear avast SAYING it has been updated, then you obviously have avast installed. I am sure the default settings in avast also display a popup in the lower right corner of the monitor notifying you of updates. So, you should also see such a popup. Have you LOOKED in the Programs and Features panel to look for avast there? Quote from: foxygrandma on April 11, 2014, 11:17:15 AM I do not have avast installed but it is in there somewhere cause I will hear a message avast has been updated Avast is no where, not in m programs and features, but if go to C drive and open that it is in Program data if I go to program files x 86 avira is in there and I do not have it installed and if I go to program files, avast is there, but neither will unstall not even with unlockerQuote from: foxygrandma on April 11, 2014, 11:59:26 AM Avast is no where, not in m programs and features, but if go to C drive and open that it is in Program dataWell, foxygrandma, I think we're headed down a dead-end alley. In other WORDS, we aren't getting anywhere and I don't see how we are going to get anywhere with this. I can't make any sense of your situation as you describe it. Download Combofix from any of the links below, and save it to your DESKTOP. If your version of Windows defaults to you download folder you will need to copy it to your desktop. Link 1 Link 2 Link 3 To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
Click I Agree to start the program. ComboFix will then extract the necessary files and you will see this: As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows VISTA and 7 It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt). Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Quote from: SuperDave on April 12, 2014, 10:47:09 AM Download Combofix from any of the links below, and save it to your DESKTOP. |
|
| 228. |
Solve : Windows 7 keeps freezing, Safe Mode works. Here's my logs!? |
|
Answer» Ok, I did the factory reset to the first parition. Right now asus kinda going through this cycle where it starts up windows after saying preparing system for first use, opens windows and then says factory installation in progress, and says "configuring the system please wait" before it restarts again. Is this normal?
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ********************************************** Please download AdwCleaner by Xplode onto your Desktop. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon. [/URL] If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run. When the AdwCleaner program will open, click on the Scan button as shown below. [/URL] AdwCleaner will now start to search for malicious files that may be installed on your computer. To remove the files that were detected in the previous step, please click on the Clean button. [/URL] AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer. Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply. ******************************************** Go to Microsoft Windows Update and get all critical updates. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thank you! I have installed AVG Free MalwareBytes log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/1/2014 Scan Time: 4:37:12 PM Logfile: MWAMlog.txt Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.01.02 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Alli Scan Type: Threat Scan Result: Completed Objects Scanned: 234954 Time Elapsed: 14 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry VALUES: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) adwarecleaner Log # AdwCleaner v3.022 - Report created 01/04/2014 at 16:46:07 # Updated 13/03/2014 by Xplode # Operating System : Windows 7 Home Premium (64 bits) # Username : Alli - ALLI-PC # Running from : C:\Users\Alli\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] *****
***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Partner ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.7600.16671 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Alli\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2001 octets] - [01/04/2014 16:44:47] AdwCleaner[S0].txt - [1956 octets] - [01/04/2014 16:46:07] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2016 octets] ########## I have downloaded the WOT add-on for firefox and I have also installed any important windows updates. Thank you sooo much for all your help. I really appreciate it and was wondering if I could send you something? I'm currently studying abroad in Japan, so I'd love to send you some tea or candies in thanks for your help. Of course, if you would rather I not send anything, I totally understand. Quote I really appreciate it and was wondering if I could send you something? I'm currently studying abroad in Japan, so I'd love to send you some tea or candies in thanks for your help. Of course, if you would rather I not send anything, I totally understand.You're WELCOME and it's not necessary to compensate me in any manner. All I ask is that you something similiar for someone else.Quote from: SuperDave on April 01, 2014, 12:53:14 PM You're welcome and it's not necessary to compensate me in any manner. All I ask is that you something similiar for someone else. Thank you! I will be sure to help using the things I learned here. I learned a lot. Thank you You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 229. |
Solve : Malware, Spyware, Virus Issue Logs...? |
|
Answer» Hey, kids.
Looking over your log it seems you don't have any antivirus software. Before we continue download and install a free antivirus. Remember to only install one antivirus! 1) Avast! Home Edition 2) AVG Free Edition 3) Avira AntiVir Personal 4) MicroSoft Security Essentials All versions and all languages. 5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", MAKE Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 6) PC Tools AntiVirus Free Edition It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. ************************************************* Update Your Java (JRE) Old versions of Java have vulnerabilities that malware can use to infect your system. First Verify your Java Version If there are any other version(s) installed then update now. Get the new version (if needed) If your version is out of date install the newest version of the Sun Java Runtime Environment. Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close ALL open web browsers before starting the installation. Remove any old versions 1. Download JavaRa and unzip the file to your Desktop. 2. Open JavaRA.exe and choose Remove Older Versions 3. Once complete exit JavaRA. Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ********************************************* Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. At the Command Prompt, you’ll need to press any key to perform a scan. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. *********************************************** Malwarebytes' Anti-Rootkit Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
|
|
| 230. |
Solve : Problem back again with PC, something stopping me going on the web.? |
|
Answer» Thanks Dave unlocker was GREAT they are away, I have used it years ago but forgot the name. What browser? IE , I know but it worked with IE all the time.It will not work with chrome either.There are different instructions for other browsers.I managed it, yesterday CH would not open for me. C:\Windows\SysWOW64\Websteroids.B324755F3F87.dllMSIL/Adware.PullUpdate.C application C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Health Kit\PCHealthKit.exe.vira variant of Win32/SpeedingUpMyPC applicationcleaned by deleting - quarantined C:\Users\harry\AppData\Local\Temp\airAC04.exea variant of Win32/SpeedingUpMyPC applicationcleaned by deleting - quarantined C:\Windows\System32\Websteroids.B324755F3F87.dllMSIL/Adware.PullUpdate.C applicationcleaned by deleting - quarantinedHow's your computer running now?Quote from: SuperDave on March 16, 2014, 06:48:26 PM How's your computer running now? I'm afraid to say but it seems ok now, back to normal.That's good to hear. I had a great time LAST night playing for a St Pat's dinner.Quote from: SuperDave on March 18, 2014, 01:22:21 PM That's good to hear. I had a great time last night playing for a St Pat's dinner. What do you play ?Quote from: harry 48 on March 18, 2014, 01:24:25 PM What do you play ?Guitar, mandolin and banjo.Quote from: SuperDave on March 18, 2014, 04:12:18 PM Guitar, mandolin and banjo. Brilliant, I played the tenor HORN and the euphonium in brass bands for years, played a lot of solos with the tenor horn.There shouldn't be an ed on play. I hope you had a good St Patty's day.Quote from: SuperDave on March 19, 2014, 11:19:58 AM There shouldn't be an ed on play. I hope you had a good St Patty's day. Most of the brass bands have folded over the years, its sad. Ah, now that's a different matter, when IRA POLITICS and emblems come in to it, i and a lot of others will not attend it, when its for all the people of all religions of Northern Ireland I will. |
|
| 231. |
Solve : Something in my pc i need rid of.? |
|
Answer» OK Dave, I ran SAS three times and it SEEMS to have gone, all I'm GETTING are the USUAL tracking cookies. OK Dave, I ran SAS three times and it seems to have gone, all I'm getting are the usual tracking cookies.No, that will do. Keep safe.Same to you Dave and thanks for all your help, I think its safe to LOCK this now |
|
| 232. |
Solve : Windows XP - can't access c: drive, various other start menu/taskbar issues? |
|
Answer» OKAY, I tried to repair from the XP disk. (1) The previous owner of this laptop bought it with Vista installed. (2) He subsequently installed XP Professional on it. (3) When I ran the repair program, it sent me to the upgrade option. The disk I used to repair XP won't accept the product key I have (from an old laptop that had XP PRO on it). So I'm stuck in the middle of the upgrade, and I can't use Windows until it completes. ?? Quote (1) The previous owner of this laptop bought it with Vista installed.Did he wipe the computer and downgrade to XP or did he do a dual-boot with both OS's? The disk you have must be different than the version of XP that's installed otherwise, it would accept the product key. Do you have the product key from the XP version that you have?He downgraded to XP. The sticker on the battery SAYS this laptop came with Vista. And no, I don't have the disk he used to install XP. I have no idea what the product key is for the disk I have - my dad didn't write it down anywhere when he gave me the disk, but it obviously isn't for the product key I have from the sticker on my old laptop. Quote but it obviously isn't for the product key I have from the sticker on my old laptop.You may have to do a SEARCH and buy a XP disk. You should be able to get one for under $50. Okay, I guess it looks like this version of Windows is a bust and I'll just have to do a complete reinstall. I'll see what I can do about getting a new disk, because I'm not loving everything about this UBUNTU platform. :-/ Many thanks for your help, SuperDave! You were very patient and kind to donate your time.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 233. |
Solve : checking logs? |
|
Answer» I want to transfer files ( WORD, Quicken, etc. ) to a new PC ( #2 ) - both PCs use windows 8; Windows Easy Transfer does not come up in the Search window - error message. a RESPONDER to |
|
| 234. |
Solve : Malware log? |
|
Answer» Okay... I apologize for double POSTING but it's important. They told me that it could be a security issue with one of my third party security programs. Which are avast Free Antivirus and Comodo Firewall slightly blocking my internet connection.Ok, let's try this: Download and install MSE. Disable Avast and Comodo and see what happens. MicroSoft Security Essentials All versions and all languages.Quote from: SuperDave on December 23, 2013, 12:57:33 PM Ok, let's try this: Download and install MSE. Disable Avast and Comodo and see what happens. That's not a good anti-virus anymore. Isn't there another option?You know what? I've been following your posts and up to now have been holding my tongue, but you're REALLY getting annoying. You need to stop questioning the advice you are receiving. You did it with me and throughout this thread you've been doing the same with Dave. He is among the best at what he does and is devoting his time to help you at no cost to you. Follow his advice or don't - it's up to you - but stop questioning everything.I've FIXED the problem. I had to repair my Avast. Everything is WORKING fine now. Thanks for the help.You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 235. |
Solve : What is PUP.Optional? |
|
Answer» You're welcome. I will LOCK this THREAD. If you NEED it re-opened, please send me a pm. |
|
| 236. |
Solve : Issue with java update, JRE 7U25, installation repeatedly being inturrupted? |
|
Answer» Quote from: Zkyo on November 26, 2013, 12:12:36 PM That's exactly what I have been doing, and it STILL didn't work. It did, however, INSTALL correctly when I ran the setup under the hidden ADMINISTRATOR account. Java is now working fine, but I still have no clue why it wasn't installing under a normal admin account.It must have something to do with the accounts. |
|
| 237. |
Solve : Toshiba Satellite L305 Laptop freezing issues? |
|
Answer» Hello Dave, just assume that from the amount of time this has all taken (not long for them at all), we caught it before it done too much damageIt takes only a few seconds for malware to do all the damage it's instructed to do. Quote And will this stop all those grey little windows from popping up asking me to constantly allow, block etc. cookies?It depends on what program is causing those popups. I could be your protection programs doing that. Quote Do you think I should contact my antivirus company and tell them what's going on, and ask them why these things aren't being caught like they're supposed to, as they claimed their product would also protect from?This is quite possibly not a virus but malware. I didn't see the log from MBAM. Were you able to run it? If you couldn't run it, please try running it in Safe ModeYes it was the one with all the dates in it. I reposted it below. Was there something else supposed to come up? Because this was all that was in the log given. 2013/11/16 01:58:36 -0500JANEE-PCOwnerMESSAGEStarting protection 2013/11/16 01:58:36 -0500JANEE-PCOwnerMESSAGEProtection started successfully 2013/11/16 01:58:36 -0500JANEE-PCOwnerMESSAGEStarting IP protection 2013/11/16 01:58:58 -0500JANEE-PCOwnerMESSAGEIP Protection started successfully 2013/11/16 01:59:19 -0500JANEE-PCOwnerMESSAGEStarting database refresh 2013/11/16 01:59:19 -0500JANEE-PCOwnerMESSAGEStopping IP protection 2013/11/16 01:59:21 -0500JANEE-PCOwnerMESSAGEIP Protection stopped successfully 2013/11/16 01:59:27 -0500JANEE-PCOwnerMESSAGEDatabase refreshed successfully 2013/11/16 01:59:27 -0500JANEE-PCOwnerMESSAGEStarting IP protection 2013/11/16 01:59:34 -0500JANEE-PCOwnerMESSAGEIP Protection started successfully 2013/11/16 03:29:15 -0500JANEE-PCOwnerMESSAGEStarting protection 2013/11/16 03:29:17 -0500JANEE-PCOwnerMESSAGEProtection started successfully 2013/11/16 03:29:17 -0500JANEE-PCOwnerMESSAGEStarting IP protection 2013/11/16 03:29:28 -0500JANEE-PCOwnerMESSAGEIP Protection started successfully I found this one from Mbam. I must've missed it. Sorry: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.16.06 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Owner :: JANEE-PC [administrator] Protection: Disabled 11/16/2013 9:43:40 PM mbam-log-2013-11-16 (21-43-40).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 363927 Time elapsed: 1 hour(s), 2 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end) Download Windows Repair (all in one) from this site Install the program then run it. Go to Step 2 and allow it to run CheckDisk by clicking on Do It button: Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button: Go to Step 4 and under "System Restore" CLICK on Create button: Go to Start Repairs tab and click Start button. Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default): Click on box next to the Restart System when Finished. Then click on Start.Question (actually 2): Is this a program of your own? And if so, how young in Beta is it? If not, do you know? And has it worked for others that have used it? If this is your program, I must say after reading on the site, I am impressed and this is a great idea and service for others and to help them. Also, regarding the items to check, are those ones you noticed within the logs posted that may have errors, and need fixed, or were affected by what caused all of this to begin with? And was the issue malware? Ok, maybe more than 2 questions...sorry P.S. And by resetting some of the files and their permissions, will this at all effect any existing personal folders/files I have on it?Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Superdave.Ok Dave, I did all of that. But for some reason my audio isn't working, Task Manager won't open, the anti-virus icon that was on the bottom right on taskbar isn't there anymore (but I believe it's still running). I know the sound card is fine. It was working great before all of this happened. And the Task manager won't POP up or even show it's open after hitting CTRL+ALT+Delete. Are there now DRIVERS that I should get again, or update? Oh and after Step 2 as instructed above, Restarted. Well it booted to the Windows loading screen and was stuck there. Was that supposed to happen?Quote Question (actually 2): Is this a program of your own?No, it's one I borrowed from a colleague. Quote And by resetting some of the files and their permissions, will this at all effect any existing personal folders/files I have on it?No, it shouldn't. It's just to do repairs but you should backup all your important data to an external hard drive of DVD's. Quote Are there now drivers that I should get again, or update?No updates should be require and no, it's not supposed to happen that way. Can you boot in Safe Mode?Hello again, Dave, Oh and I meant to say Sound Processor, not card lol. Yes I can boot in Safe Mode and Normally as well. Sometimes it takes a little while to restart/shutdown, and sometimes it does both just fine! It's just for some reason, those issues are happening, and also won't let me open anything in Control Panel. I've double-clicked, Right-clicked to open/Explore and still nothing comes up! I've also tried to open a music file using Windows Media Player, and it was still in waiting mode (WMP was) with the blue circle going around. It would play sound on the laptop itself but not online, but now it isn't, and online still too. I am confident this can be fixed. Just a little disconcerting is all. And believe you me, I REALLY appreciate all you're doing for me! I just hope we can figure out what's going on is all. I hope options haven't run out I am almost completely positive we caught all of this very soon after it was placed in to do whatever havoc it was aiming to do. In that Hope, I have that we are able to make sure nothing is wrong with whatever these things touched! Once I'm in Safe mode, what should I do then? Or should I do this after I backup? I will wait for your reply, and then go from there. In the meantime, will work on backing things up. Talk soon!Quote Once I'm in Safe mode, what should I do then? Or should I do this after I backup? I will wait for your reply, and then go from there. In the meantime, will work on backing things up.Yes, please work at backing up your important data. Please try running this and see if it makes any difference. Please download and run MS Fix-it from here. Ok. I will post to you Dave, when I'm finished backing everything up. Please be patient with me, as we're also dealing with some family and friend issues after the major storms on Sunday. If you have anyone that was also involved in these storms, I really hope they're ok! Again, I will post to you here when finished backing up, then let you know when ready to ms fix.Hello Dave, I believe I have what I need backed up...backed up. Now I am guessing I ms fix-it now? Should I post anything after I am finished with this procedure? Oh, and before I commence, what should I expect after ms fix-it is done? Like, what will this program do for my laptop? Thank you in advance, JaneeQuote from: JPDisturbed on November 24, 2013, 08:39:00 PM Hello Dave,It's supposed to repair a number of things in Windows. Please tell me if it's still freezing. If it is, please try this: Open your task manager and leave it open. When the laptop freezes, see if you can access the processes in Task Manager to see with is using all the memory. |
|
| 238. |
Solve : Ram usage really high? |
|
Answer» When i hit continue i get an error message saying Error on Value: sunjavaupdatesched. there was an error creating msconfig key. i hit ok then i get another one saying error on value:swg. there was an error creating msconfig key. then i hit ok and it says all actions executed successfully changes will take effect after the system is restarted. so i hit ok and i will restart my computer nowand the problem still exists. i have 70 proccesses is that normal. and can i disable microsoft sequrity that you had me download?also i was just got on and had all my stuff up and the last few days i was getting high 80's % recently and just got on and have only 50%Quote i have 70 proccesses is that normal. and can i disable microsoft sequrity that you had me download?It really depends what is running. I have only 43 on mine. At this point I would advise you to BACK up your data and run the Recovery Console and BRING your computer back to the day you bought it.how would i do all that. i only have a few things i wanna keep and a few files. its weird because yesterday with all my stuff up i was getting high ram, in the morning i still had all my stuff up and i got low ram throughout the whole day, and now, at night it went back up to high ram againQuote how would i do all that. i only have a few things i wanna keep and a few files.If you have the OS CD you can boot to it and try a Recovery. There is probably a Recovery Console on a separate partition of your harddrive. You should be able to run the Recovery from there. Here's more information about that.maybe my ram is just suppose to be that high but i dout it. is there a way i can just run the proccess i acually need. because i do not wanna do the recovery and loose all my files Quote maybe my ram is just suppose to be that high but i dout it. is there a way i can just run the proccess i acually need. because i do not wanna do the recovery and loose all my files.You can ALWAYS and should back up your important data to an external harddrive of DVD's. As I mentioned before you should be able to stop every process except explorer.well what if i backup the unknown problem onto the external hard drive. and no i cannot remove every process not talking about explorer That could be a problem with bad RAM. Please run this check just to eliminate that possibility. Test your RAM here.I am sorry but i am very confuessed on how to install this. i CLICKED download and clicked the first one under windows and there is not a like start button like all the other programs. i am not sure if this is the right download so can u please tell me how or which one to downloadHere are the OPERATING instructions. If you decide to use a CD here are some more information how to burn an ISO image. burn to a CD using an ISO Burner. One can be found here. no can you just show me how to do the memtest that u want me to doQuote from: smallzZz8 on October 05, 2013, 08:49:32 AM no can you just show me how to do the memtest that u want me to doThe only other way I could show you is to be sitting beside you while you run the test but we both know that's impossible. The instructions seem to be quite clear. |
|
| 239. |
Solve : logs? |
|
Answer» Ok, how's your computer running now?Hello,
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose PROPERTIES> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) **************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will KEEP you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being ADDED to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thank you SUPER DUPER DAVE, a lot of REALLY great information. Frantheman7 You're welcome. I will lock this thread. If you need it re-opened, please send me a pm. |
|
| 240. |
Solve : annoying ads? |
|
Answer» Quote You then ask me to click on edit/paste. but there is no edit on my paint. then save as type NOT THERE. choose jpeg save to desktop ,HOW. sent you a snap of my paint, also snaps of the ADS that come up on the bottom of the page every WEB paint I visit .All those instruction are dependant on you hitting the "printscreen" button first, then the paste option will SHOW up.Hello Dave (for the last time) I am doing everything you ask but I still cant' figure it out.i press prtscn, first then go to paint on paint there is no edit.( see paint snap)but there is a paste sign, so I click that. But nothing comes up to tell me how to save it. so I go to the TOP left corner to the blue box click the arrow and in the box click save as.then it lets me put it in pictures.(my preferred location).then I send that to you, I don't' know what else to do.as I type this post there are ADS coming up on the bottom of the page flashing and changing all the time.so nothing as changed, except me( and I suspect you). I think we have all had enough ,I am just getting more frustrated. I am sure that you and all the others that have tried to help me feel the same .so I THANK YOU ALL. but I think we should call it solved and move on. I am SORRY I let you down but I am obviously not clever enough on computers to solve this problem. so once again thank you all. and have a GOOD day.Hi Dave, what about windows snipping tool, I find it easy. You can delete this comment if you wish, Harry.Quote from: harry 48 on September 15, 2013, 01:02:12 PM Hi Dave, what about windows snipping tool, I find it easy.Yes, the snipping tool may work if you have it.Quote from: SuperDave on September 15, 2013, 05:14:34 PM Yes, the snipping tool may work if you have it. http://www.softpedia.com/get/Multimedia/Graphic/Graphic-Capture/XP-Snipping-Tool.shtml |
|
| 241. |
Solve : Blue Screen of Death BSOD? |
|
Answer» Malwarebytes' Anti-Rootkit
Scan Finished: No malware found.since doing recent the clean ups, i haven't had any antispyware, windows update, windows security etc. on. when should i turn them on and off, and should i USE this computer while working with you? i am but feel wrong about it. Quote since doing recent the clean ups, i haven't had any antispyware, windows update, windows security etc. on. when should i turn them on and off, and should i use this computer while working with you? i am but feel wrong about it.Yes, turn them on and don't worry about using the computer while we're cleaning it. I just don't want you to add and new programs until we're finished. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to OPEN ESET OnlineScan in a new WINDOW. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt ESET = no threats foundQuote from: darcomputer on September 15, 2013, 09:03:48 PM ESET = no threats foundGood, how's your computer working now? Any other issues before we clean up?Been awhile since last BSOD thank you very much. Other issues with a laptop. waiting for clean up instructions tyvmTo uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This RUNS the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ************************************ Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.could not uninstall combofix, xp pro 3, IEDownload this program and run it Uninstall ComboFix .It will remove ComboFix for you.ran uninstall combofix and was really fast in uninstalling, what is the best way to check if it is really gone? and then do i have the all okay to marked this thread solved Quote from: darcomputer on September 23, 2013, 06:15:05 PM ran uninstall combofix and was really fast in uninstalling, what is the best way to check if it is really gone? and then do i have the all okay to marked this thread solvedJust check on your C drive. It should be removed. You can mark this solved if you have no other issues. |
|
| 242. |
Solve : Can't Play Any Video Media, Having Trouble Updating Windows 7? |
|
Answer» Good Morning SuperDave - before we GET to the ComboFix log, I've noticed another hiccup with whatever has got hold of my computer. When I'm visiting a site and I want to FIND out the location of a retailer, when I click on 'Where to Buy' or if a Google Map is included and I go to click on it for any reason, Firefox crashes immediately. I'm not sure if this is just a bug in Firefox or it is related to not being able to play videos or get into my 'System' or System Restore. Anyhoo - here's the log: R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe R3 AM10;Cisco AM10 Driver;c:\windows\system32\DRIVERS\am10w7.sys;c:\windows\SYSNATIVE\DRIVERS\am10w7.sys R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe;c:\program files (x86)\Astrill\ASOvpnSvc.exe R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE S0 39594152;39594152 Boot Guard Driver;c:\windows\system32\DRIVERS\39594152.sys;c:\windows\SYSNATIVE\DRIVERS\39594152.sys S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys S0 MDFSYSNT;MacDrive file system driver; S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys S1 39594151;39594151;c:\windows\system32\DRIVERS\39594151.sys;c:\windows\SYSNATIVE\DRIVERS\39594151.sys S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141118.001\BHDrvx64.sys S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys;c:\windows\SYSNATIVE\drivers\cbfs.sys S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141121.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141121.001\IDSvia64.sys S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS S1 setup_9.0.0.722_27.04.2011_00-08drv;setup_9.0.0.722_27.04.2011_00-08drv;c:\windows\system32\DRIVERS\3959415.sys;c:\windows\SYSNATIVE\DRIVERS\3959415.sys S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\DfsdkS.exe S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys S2 M4iPodWPDService;M4iPodWPDService;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe;c:\program files (x86)\Common Files\Mediafour\iPod\M4iPodWPDService.exe S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys S3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe;c:\program files (x86)\Astrill\ASProxy.exe S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys;c:\windows\SYSNATIVE\DRIVERS\asvpndrv.sys S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys . . --- Other Services/Drivers In Memory --- . *Deregistered* - EraserUtilDrv11410 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2013-01-16 16:46454176----a-w-c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-30 23:41] . 2014-11-24 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-09-29 06:52] . 2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25 20:21] . 2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-25 20:21] . 2014-06-12 c:\windows\Tasks\HPCeeScheduleForsrcstcbstrd.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2014-06-12 c:\windows\Tasks\HPCeeScheduleForTIMS-COMPUTER$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2014-11-24 c:\windows\Tasks\NUAutoUpdate.job - c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2014-07-13 17:21] . 2014-11-23 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-08-03 21:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2014-08-17 04:10164760----a-w-c:\users\srcstcbstrd\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2013-10-01 14:262810968----a-w-c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2013-10-01 14:262810968----a-w-c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2013-10-01 14:262810968----a-w-c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-21 22:52777032----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 22:52777032----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-21 22:52777032----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-21 22:52777032----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-21 22:52777032----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2014-04-21 08:0225112----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uStart Page = uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master IE: Çàêà÷àòü ïðè ïîìîùè Download Master IE: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\srcstcbstrd\AppData\Roaming\Mozilla\Firefox\Profiles\h7dij27t.default-1412713083351\ FF - prefs.js: browser.search.selectedEngine - Norton Safe Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-MacDrive volume icons - (no file) AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCLIENT] "ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1654476252-2253211636-4181094436-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):7c,19,f4,ae,cc,a9,bb,cf,9a,6e,eb,c2,b3,d3,e5,fa,af,bb,fa,b7,ce, 2b,ae,2c,2a,BD,ad,bf,5b,89,16,da,53,f1,1a,cc,3f,43,f0,dd,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1654476252-2253211636-4181094436-1001_Classes\Wow6432Node\CLSID\{8b150649-cc18-437b-9165-4e92b58ecd5d}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000df "Therad"=dword:00000015 "MData"=hex(0):57,89,20,3f,ac,21,f3,5c,31,e8,6e,19,c6,e6,97,b4,4d,b0,f2,24,68, 9f,d4,4e,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-24 04:57:10 ComboFix-quarantined-files.txt 2014-11-24 09:57 ComboFix2.txt 2014-09-30 20:59 . Pre-Run: 273,062,338,560 bytes free Post-Run: 272,623,067,136 bytes free . - - End Of File - - DDC7E0D6DF6C3DD0C4E3F3250E7A1D04 6D3EED386323636C4F6567A6FD927C9B Still the same problems after a reboot. At this point about the only thing I can think of doing is saving your important documents, files, pictures, videos and music and run the Recovery Console and take your computer back to the day you purchased it. Thanks. I was afraid of that. For some reason I still have a hinky feeling that it has to do with the Microsoft Updates. Thanks for all your help and I'll certainly backup everything up and start from scratch. You're welcome. I will lock this thread. If you need it re-opened, please send me a PM. |
|
| 243. |
Solve : Internet Explore marking any downloads as a "virus" and deleting the download.? |
|
Answer» I only have internet explore as a browser on this computer. I honestly prefer chrome, so I went to down load it on internet explore, and it hit "run" on the download. after a split second it says that is a virus and was deleted. It doesn't give me any options to reverse it, or prevent it. I have tried looking up other solutions and have tried almost any possible one. I'm looking for any more suggestions.
Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your SYSTEM. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ***************************************** Download Security Check by screen317 from one of the following links and save it to your desktop. Link 1 Link 2 * Double-click Security Check.bat * Follow the on-screen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt * Post the contents of that document in your next reply. Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so. |
|
| 244. |
Solve : What is this symbol doing there and what do I do with it? |
|
Answer» Above ITI found out from a LOVELY imgurian here: (scroll to the BOTTOM for the comments) http://imgur.com/gallery/OyW13/comment/377087358 |
|
| 245. |
Solve : Need help removing adware; "Positive Finds"? |
|
Answer» I've had very LITTLE EXPERIENCE with Chrome. You could try FIREFOX and see how that WORKS. |
|
| 246. |
Solve : Many web pages suddenly no longer load? |
|
Answer» Quote from: Lex Gamer on February 13, 2015, 06:20:26 PM For Chrome and Firefox, it's another thing that refuses to download. Luckily my sister is around with her laptop, so I downloaded it to hers and moved it to mine, then the problem was that when I ran the installer, it tried to download more stuff... which it refused to do. Yup, as mentioned. In addition to websites not loading, seems the issue also causes most downloads to not work (Which I guess is the same thing since a 'loading' website is really just downloading). I'll try to make what I said more clear. The PROCESS for browsers other than IE requires a download of an installer, which in turn when run, downloads more stuff in order to work. So, I was able to download the installer on a different PC, just like I did previously for that other scanner you had me run; However, when I moved it to my TROUBLED PC and ran it, it attempted to download more stuff as part of the installation process, which it was unable to do. It simply sat on a window with an empty progress bar (see new attached image). When I ran the installer on the other computer, it ran the scan just fine, but obviously we need the scan of the bad computer. Unless there is a way to manually install, we'll need to try something else. :/ Sorry this is taking so long! [attachment deleted by admin to conserve space]To Run the SFC /SCANNOW Command in Windows 7 1. Open an elevated command prompt. 2. To Scan and Repair System Files NOTE: Scans the integrity of all protected system files and repairs the system files if needed. A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below) NOTE: This may take some time to finish. B) Go to step 4. 3. To Only Verify if the System Files are Corrupted NOTE: Scans and only verifies the integrity of all proteced system files only. A) In the elevated command prompt, type sfc /verifyonly and press Enter. 4. When the scan is complete, hopefully you will see all is ok like the screenshot below. NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to FIX it. You may need to repeat doing a System Restore until you find a older restore point that may work. 5. When done, close the elevated command prompt.------Well the good news is it found things and fixed them. The bad news is that my problem remains (even after a reboot). Here's the log: 2015-02-13 16:38:25, Info CBS Starting TrustedInstaller initialization. 2015-02-13 16:38:25, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll 2015-02-13 16:38:26, Info CSI [emailprotected]/2/13:22:38:26.803 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb2df0ad @0x7fee0509849 @0x7fee04d34e3 @0xff2fe97c @0xff2fd799 @0xff2fdb2f) 2015-02-13 16:38:26, Info CSI [emailprotected]/2/13:22:38:26.803 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb2df0ad @0x7fee0556816 @0x7fee0522aac @0x7fee04d35b9 @0xff2fe97c @0xff2fd799) 2015-02-13 16:38:26, Info CSI [emailprotected]/2/13:22:38:26.803 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb2df0ad @0x7fefa488738 @0x7fefa488866 @0xff2fe474 @0xff2fd7de @0xff2fdb2f) 2015-02-13 16:38:26, Info CBS Ending TrustedInstaller initialization. 2015-02-13 16:38:26, Info CBS Starting the TrustedInstaller main loop. 2015-02-13 16:38:26, Info CBS TrustedInstaller service starts successfully. 2015-02-13 16:38:26, Info CBS SQM: Initializing online with Windows opt-in: False 2015-02-13 16:38:26, Info CBS SQM: Cleaning up report files older than 10 days. 2015-02-13 16:38:26, Info CBS SQM: Requesting upload of all unsent reports. 2015-02-13 16:38:26, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL] 2015-02-13 16:38:26, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL] 2015-02-13 16:38:26, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6 2015-02-13 16:38:26, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL] 2015-02-13 16:38:26, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending. 2015-02-13 16:38:26, Info CBS NonStart: Checking to ensure startup processing was not required. 2015-02-13 16:38:26, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePen dingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x10dfdf0 2015-02-13 16:38:26, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)" 2015-02-13 16:38:26, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x200 2015-02-13 16:38:26, Info CSI [emailprotected]/2/13:22:38:26.823 CSI perf trace: CSIPERF:TXCOMMIT;419 2015-02-13 16:38:26, Info CBS NonStart: Success, startup processing not required as expected. 2015-02-13 16:38:26, Info CBS Startup processing thread terminated normally 2015-02-13 16:38:26, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SOFTWARE' from PATH '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SOFTWARE'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SYSTEM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SYSTEM'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SECURITY' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SECURITY'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SAM' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\SAM'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/COMPONENTS' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\COMPONENTS'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/DEFAULT' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\System32\config\DEFAULT'. 2015-02-13 16:38:26, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Users/default/ntuser.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Users\default\ntuser.dat'. 2015-02-13 16:38:27, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4\Windows\system32\smi\store\Machine\schema.dat'. 2015-02-13 16:38:27, Info CBS Offline image is: read-only 2015-02-13 16:38:27, Info CBS Disabling manifest caching, because the image is not writeable. 2015-02-13 16:38:27, Info CSI 00000008 CSI Store 4553984 (0x0000000000457d00) initialized 2015-02-13 16:38:27, Info CBS Session: 8676_32911874 initialized by client SPP. 2015-02-13 16:38:43, Info CBS Archived backup log: C:\Windows\Logs\CBS\CbsPersist_20150213223825.cab. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:38:49, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-13 16:38:49, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SOFTWARE 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SYSTEM 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SECURITY 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/SAM 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/COMPONENTS 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/System32/config/DEFAULT 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Users/default/ntuser.dat 2015-02-13 16:39:36, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}GLOBALROOT/Device/HarddiskVolumeShadowCopy4/Windows/system32/smi/store/Machine/schema.dat 2015-02-13 16:49:36, Info CBS Reboot mark refs incremented to: 1 2015-02-13 16:49:36, Info CBS Scavenge: Starts 2015-02-13 16:49:36, Info CSI 00000009 CSI Store 4416656 (0x0000000000436490) initialized 2015-02-13 16:49:36, Info CSI [emailprotected]/2/13:22:49:36.724 CSI Transaction @0x438980 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [10]"TI6.0_0:0/" 2015-02-13 16:49:36, Info CBS Scavenge: Begin CSI Store 2015-02-13 16:49:36, Info CSI 0000000b Performing 1 operations; 1 are not lock/unlock and follow: Scavenge (: flags: 00000017 2015-02-13 16:49:36, Info CSI 0000000c Store coherency cookie matches last scavenge cookie, skipping scavenge. 2015-02-13 16:49:36, Info CSI 0000000d ICSITransaction::Commit calling IStorePendingTransaction::Apply - coldpatching=FALSE applyflags=7 2015-02-13 16:49:36, Info CSI 0000000e Creating NT transaction (seq 2), objectname [6]"(null)" 2015-02-13 16:49:36, Info CSI 0000000f Created NT transaction (seq 2) result 0x00000000, handle @0x248 2015-02-13 16:49:36, Info CSI [emailprotected]/2/13:22:49:36.944 CSI perf trace: CSIPERF:TXCOMMIT;17044 2015-02-13 16:49:36, Info CBS Scavenge: Completed, disposition: 0X1 2015-02-13 16:49:36, Info CSI [emailprotected]/2/13:22:49:36.944 CSI Transaction @0x438980 destroyed 2015-02-13 16:49:36, Info CBS Reboot mark refs: 0 2015-02-13 16:49:36, Info CBS Idle processing thread terminated normally 2015-02-13 16:49:36, Info CBS Ending the TrustedInstaller main loop. 2015-02-13 16:49:36, Info CBS Starting TrustedInstaller finalization. 2015-02-13 16:49:37, Info CBS Ending TrustedInstaller finalization. 2015-02-14 08:35:20, Info CBS Starting TrustedInstaller initialization. 2015-02-14 08:35:20, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll 2015-02-14 08:35:21, Info CSI [emailprotected]/2/14:14:35:21.272 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb28f0ad @0x7fedb549849 @0x7fedb5134e3 @0xff5fe97c @0xff5fd799 @0xff5fdb2f) 2015-02-14 08:35:21, Info CSI [emailprotected]/2/14:14:35:21.275 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb28f0ad @0x7fedb596816 @0x7fedb562aac @0x7fedb5135b9 @0xff5fe97c @0xff5fd799) 2015-02-14 08:35:21, Info CSI [emailprotected]/2/14:14:35:21.275 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fedb28f0ad @0x7fefa4d8738 @0x7fefa4d8866 @0xff5fe474 @0xff5fd7de @0xff5fdb2f) 2015-02-14 08:35:21, Info CBS Ending TrustedInstaller initialization. 2015-02-14 08:35:21, Info CBS Starting the TrustedInstaller main loop. 2015-02-14 08:35:21, Info CBS TrustedInstaller service starts successfully. 2015-02-14 08:35:21, Info CBS SQM: Initializing online with Windows opt-in: False 2015-02-14 08:35:21, Info CBS SQM: Cleaning up report files older than 10 days. 2015-02-14 08:35:21, Info CBS SQM: Requesting upload of all unsent reports. 2015-02-14 08:35:21, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL] 2015-02-14 08:35:21, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL] 2015-02-14 08:35:21, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6 2015-02-14 08:35:21, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL] 2015-02-14 08:35:21, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending. 2015-02-14 08:35:21, Info CBS NonStart: Checking to ensure startup processing was not required. 2015-02-14 08:35:21, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePen dingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x112f870 2015-02-14 08:35:21, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)" 2015-02-14 08:35:21, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x1ec 2015-02-14 08:35:21, Info CSI [emailprotected]/2/14:14:35:21.299 CSI perf trace: CSIPERF:TXCOMMIT;17831 2015-02-14 08:35:21, Info CBS NonStart: Success, startup processing not required as expected. 2015-02-14 08:35:21, Info CBS Startup processing thread terminated normally 2015-02-14 08:35:21, Info CSI 00000008 CSI Store 3342032 (0x000000000032fed0) initialized 2015-02-14 08:35:21, Info CBS Session: 30427235_1980418895 initialized by client WinMgmt. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Warning: Unrecognized packageExtended attribute. 2015-02-14 08:35:27, Info CBS Expecting attribute name [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-14 08:35:27, Info CBS Failed to get next element [HRESULT = 0x800f080d - CBS_E_MANIFEST_INVALID_ITEM] 2015-02-1So I ended up backing up some important files and resetting my computer to factory settings, but the issue, still, occurs... Other devices on the network run just fine, but still, is it possible for a virus to persist through resetting to factory defaults? Or is there something I could have done to the router to cause this? Curse my luck. So I tried resetting my router to factory defaults as well, even though the issue occurred regardless if I was using that router or not, but it worked! The issue was gone! The next day I woke the computer up, all was still fine, good as new... but then... when I came and woke it up later in the day, I logged in and instead of my desktop it just showed a black screen... couldnt fix it, so I'm resetting to factory defaults again... in the mean time typing this out on my phone...It would appear that the problem is with the router. I hope that the Recovery goes well this time.It's been a few days, and so far everything seems ok, so I'm going to call this fixed. Too bad we weren't able to nail down to root cause. After initializing the router, I compared all the settings with what they were before, and nothing had changed, yet the issue was fixed. Must have just been some sort of 'kink' and it just needed to be reset... Anyway, thanks so much for the help SuperDave!!!Ok, we can do some clean up. Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the CONFIRMATION screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) ******************************************* This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments... This is a very crucial step so make sure you don't skip it. Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles. Double-click Delfix.exe to start the tool. Make sure the following items are checked:
Once finished a logfile will be created. You don't have to attach it to your next reply. ****************************************** I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 247. |
Solve : Log Files of an infected laptop...any/all help GREATLY appreciated? |
|
Answer» SysProt AntiRootkit v1.0.1.0
•Click the button. •Accept any security warnings from your BROWSER. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt [emailprotected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=7decb2cbc2b65e4197eb2141c3f1522b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-04-19 12:53:52 # local_time=2011-04-18 08:53:52 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 843393 843393 0 0 # compatibility_mode=5121 16777173 100 75 1092715 30792013 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=109203 # found=2 # cleaned=2 # scan_time=35359 C:\Documents and Settings\Michael Coyne\My Documents\My Music\04 Track 4.wmaWin32/Adware.180Solutions application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\Documents and Settings\Michael Coyne\My Documents\My Music\Adobe Photoshop CS Activator.exeprobably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan (cleaned by deleting - quarantined)00000000000000000000000000000000C That looks good. If there are no other issues, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|
| 248. |
Solve : Another "Application cannot be executed. The file **.exe is infected" post? |
|
Answer» Thank you Dave for all your help. I am sooo GRATEFUL!! Even though I do not have the monetary means to thank you, I want to say that you should be getting PAID for this work!! Thank you Dave for all your help. I am sooo grateful!! Even though I do not have the monetary means to thank you, I want to say that you should be getting paid for this work!!You're welcome. You don't need money. Just do something nice for someone else and spread the word about our forums. Quote One more thing, is it normal that I should be getting messages to update Adobe Flash Player pretty much every time I restart my computer even when I just updated it?That was Adobe Reader that you updated. Did you also update Adobe FlashPlayer?This is so frustrating. There seems to be something every time I try to do the THINGS on your list of clean up. Regarding The firewall: I have a firewall built in to my avast anti-virus software. should I get one of the ones you recommend and disable my avast firewall? Regarding Secunia: I clicked on the link you gave me and it looks like the page is loading and loading. then I got a Java Security Warning. I had just updated the latest version of Java. Secunia is now telling me that the application requires an earlier version. If I change it to the earlier version, how do I change it BACK? It seemed to take a long time to download the latest version in the first place. Meanwhile, I have to cancel the online scan... Regarding something else: When I shut down my computer the other day, it gave me an error message telling me that "SynTPE.exe was preventing the computer from shutting down" I have no idea what it is, so I ended the program. I've been told that sometimes that is evidence of a virus of some sort... should I be concerned? I really thought I knew more about computers than I realized. I guess I am just a babe. And I really thought we were done! Thanks, NariQuote I have a firewall built in to my avast anti-virus software. should I get one of the ones you recommend and disable my avast firewall?No. That's considered a third-party firewall. Quote Regarding Secunia:Just forget about Secunia. It's only a suggested method to get everything updated. Just make sure your java and MS is updated. Quote SynTPE.exeSynTPE.exe is usually related to Synaptics Touchpad or Progressive Touch. Please do this to check the file path. Copy and paste SynTPE.exein the Search box on the Start menu. As you type, items that match your text will appear on the Start menu. The search is based on text in the file name, text in the file, tags, and other file properties. You don't need to press ENTER, SINCE searching happens automatically. Copy and paste the file path in your next reply. |
|
| 249. |
Solve : Malware Removal Help and Assistance Requested? |
|
Answer» Below is OTL.Txt
|
|
| 250. |
Solve : Trojan windows restore, help me??? |
|
Answer» I´m sorry here comes the content in combifix
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique NAME, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here it comes!! First ESATScan C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application And then log file: [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-22 06:00:47 # local_time=2011-04-22 08:00:47 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 413705 413705 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15544525 0 0 # compatibility_mode=6401 16777214 66 100 429237 1405199 0 0 # compatibility_mode=8192 67108863 100 0 283 283 0 0 # scanned=104932 # found=5 # cleaned=0 # scan_time=2383 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (unable to clean)00000000000000000000000000000000I C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I I didnot let the ESETScan erase the treats. Do you recommend that??Quote from: gripenfighter on April 22, 2011, 12:08:38 PM I didnot let the ESETScan erase the treats. Do you recommend that??Yes. That the reason for running ESET. Please post the log when finished.Here is the log: C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver applicationdeleted - quarantined C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038147.exea variant of Win32/RegistryReviver applicationdeleted - quarantined C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038148.exea variant of Win32/1AntiVirus applicationdeleted - quarantined And here is the other one: [emailprotected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-22 06:00:47 # local_time=2011-04-22 08:00:47 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 413705 413705 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15544525 0 0 # compatibility_mode=6401 16777214 66 100 429237 1405199 0 0 # compatibility_mode=8192 67108863 100 0 283 283 0 0 # scanned=104932 # found=5 # cleaned=0 # scan_time=2383 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (unable to clean)00000000000000000000000000000000I C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (unable to clean)00000000000000000000000000000000I # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-23 11:55:43 # local_time=2011-04-23 01:55:43 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 480135 480135 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15610955 0 0 # compatibility_mode=6401 16777214 66 100 495667 1471629 0 0 # compatibility_mode=8192 67108863 100 0 66713 66713 0 0 # scanned=28290 # found=0 # cleaned=0 # scan_time=450 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=e407c8712db8114091eba1fb4bf3e113 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-24 05:39:49 # local_time=2011-04-24 07:39:49 (+0100, W. Europe Daylight Time) # country="Sweden" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 585237 585237 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776869 42 87 0 15716057 0 0 # compatibility_mode=6401 16777214 66 100 600769 1576731 0 0 # compatibility_mode=8192 67108863 100 0 171815 171815 0 0 # scanned=102885 # found=7 # cleaned=7 # scan_time=2393 C:\Documents and Settings\Christian\Desktop\RegistryReviverSetup.exea variant of Win32/RegistryReviver application (deleted - quarantined)00000000000000000000000000000000C C:\Documents and Settings\Christian\Desktop\setup-ltr1235.exea variant of Win32/1AntiVirus application (deleted - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0022382.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0029538.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0035789.exea variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038147.exea variant of Win32/RegistryReviver application (deleted - quarantined)00000000000000000000000000000000C C:\System Volume Information\_restore{416E5BDF-7EAA-43AA-A635-E811315519C0}\RP80\A0038148.exea variant of Win32/1AntiVirus application (deleted - quarantined)00000000000000000000000000000000C That looks great. How's your computer running now?Hello again! My computer works fine after I followed your instructions. It appears that you have eliminated viruses / trojans. I'm just wondering over some things. Under the program icon in the start bar, it seems still there are no programs located there except the ones we have installed during the cleanup process. I can nevertheless see all the programs in place under Add or remove program bar in the controlpanel, so it seems like they are still located on my computer but not appears under the program bar. Likewise, I can not FIND any document under for example Christian Documents or Guest Dokument on disk C. In addition, the icons Christian Dokument, Guest dokument located on the C looks like they appears in a brighter tone of colour. Do you know how a can restore this problem? Do you know how to get the programs and datafiles back into the right place ? Christian Ok. There is nothing that we did that would cause that sort of problem with the taskbar. Perhaps you could post this question in the software forum. Let's do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
Clean out your TEMPORARY internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ********************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you INTERACT with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Hi again, My computer still works after your helpful help thank you. But I have to ask you one question. After we had done all cleanup-sessions on my system suddenly I can find accessories under Start - program. Before we started the cleanup process I couldnot find systemrestore program and we tried to find it with some kind of test but we didnt. Now it seems like I got back the systemrestore program with system restore points all the way back in march. Do you know if there is a good thing to restore my system from an early date in march to get the system back in shape it was before the infection or should I let the computer runs from where it is today??? I mean I dont want to destroy my system after all help I got from you. What do you think about it?? ChristianQuote Now it seems like I got back the systemrestore program with system restore points all the way back in march. Do you know if there is a good thing to restore my system from an early date in march to get the system back in shape it was before the infection or should I let the computer runs from where it is today??? I mean I dont want to destroy my system after all help I got from you. What do you think about it??When you uninstall ComboFix using the method I outline it should have wiped out all the restore points and gave you a new, clean point. |
|