Jump to content

rob5150

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. rob5150
    java working now thanks Absolutely amazing work thank you very much my systems running great now thank you again one day i hope to be great at something thank you
  2. rob5150

    Absolutely amazing thank you very much my systems running great now thank you again

  3. rob5150
    hi i tried to update java but it says its corrupt i uninstalled it and tried a fresh install still corrupt can you help
  4. rob5150
    # AdwCleaner v2.202 - Logfile created 04/23/2013 at 15:50:45 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : kerrob - WILD # Boot Mode : Normal # Running from : C:\Users\kerrob\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\SoftSafe ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-GB) File : C:\Users\kerrob\AppData\Roaming\Mozilla\Firefox\Profiles\19w4aypu.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1139 octets] - [23/04/2013 15:37:30] AdwCleaner[s1].txt - [1082 octets] - [23/04/2013 15:50:45] ########## EOF - C:\AdwCleaner[s1].txt - [1142 octets] ########## Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.3.300.257 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 15.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` thanks
  5. rob5150
    here you go # AdwCleaner v2.202 - Logfile created 04/23/2013 at 15:37:30 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : kerrob - WILD # Boot Mode : Normal # Running from : C:\Users\kerrob\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\SoftSafe ***** [Registry] ***** Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-GB) File : C:\Users\kerrob\AppData\Roaming\Mozilla\Firefox\Profiles\19w4aypu.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1010 octets] - [23/04/2013 15:37:30] ########## EOF - C:\AdwCleaner[R1].txt - [1070 octets] ##########
  6. rob5150
    hi just ran combo fix ComboFix 13-04-23.02 - kerrob 23/04/2013 10:22:49.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.1647 [GMT 1:00] Running from: c:\users\kerrob\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\4C3877A9D8.sys c:\users\kerrob\AppData\Roaming\vso_ts_preview.xml c:\windows\system32\drivers\tcpip.copy . . ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 ))))))))))))))))))))))))))))))) . . 2013-04-23 09:30 . 2013-04-23 09:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-23 09:30 . 2013-04-23 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-22 19:46 . 2013-04-22 19:46 -------- d-----w- c:\users\kerrob\AppData\Roaming\Avira 2013-04-22 19:38 . 2013-04-22 19:38 -------- d-----w- c:\programdata\Avira 2013-04-22 19:38 . 2013-04-22 19:38 -------- d-----w- c:\program files\Avira 2013-04-22 19:38 . 2013-04-22 19:37 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-04-22 19:38 . 2013-04-22 19:37 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-04-22 19:38 . 2013-04-22 19:37 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-04-22 19:33 . 2013-04-22 19:33 -------- d-----w- c:\users\kerrob\AppData\Local\Avg2013 2013-04-18 18:46 . 2013-04-18 18:46 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2013-04-18 18:46 . 2013-04-18 18:46 406528 ----a-w- c:\windows\system32\ReWire.dll 2013-04-18 18:44 . 2013-04-18 18:46 -------- d-----w- c:\programdata\Propellerhead Software 2013-04-18 18:44 . 2013-04-18 20:19 -------- d-----w- c:\users\kerrob\AppData\Roaming\Propellerhead Software 2013-04-18 18:42 . 2013-04-18 18:42 -------- d-----w- c:\program files\Propellerhead 2013-04-12 10:56 . 2013-04-12 10:56 -------- d-----w- c:\programdata\SoftSafe 2013-04-12 10:53 . 2013-04-12 10:56 -------- d-----w- c:\programdata\InstallMate 2013-04-10 12:21 . 2013-04-10 12:21 -------- d-----w- c:\program files\ChordPulse 2013-04-10 12:21 . 2013-04-15 15:11 -------- d-----w- c:\program files\Common Files\WAN Miniport PPTP 2013-04-10 12:21 . 2013-04-10 15:30 -------- d-----w- c:\program files\WAN Miniport PPTP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-15 09:14 . 2011-08-12 07:26 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2013-04-04 13:50 . 2013-01-16 07:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-03 12:35 . 2007-04-27 09:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2013-03-14 19:56 . 2013-03-14 19:56 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-14 19:55 . 2012-04-28 17:15 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-14 19:55 . 2011-06-23 04:02 782240 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-10 20:55 . 2011-06-17 18:25 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-12-06 17:18 26624 --sh--w- c:\windows\bfcs2.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-30 4762496] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-26 526992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456] "Aimersoft Helper Compact.exe"="c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-29 151952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-22 345312] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] SanDisk Media Manager.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [x] R2 raspptp;Peer-to-Peer Tunneling Protocol;c:\program files\WAN Miniport PPTP\raspptp.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 dsnpfd;DeskSoft LightWeight Filter;c:\windows\system32\DRIVERS\dsnpfd.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x] S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 07:10] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-04 07:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sky.com IE: Download with x-iphone-magic-platinum - c:\program files\Xilisoft\iPhone Magic Platinum\upod_link.HTM TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\kerrob\AppData\Roaming\Mozilla\Firefox\Profiles\19w4aypu.default\ FF - ExtSQL: 2013-03-10 07:34; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\kerrob\AppData\Roaming\Mozilla\Firefox\Profiles\19w4aypu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: !HIDDEN! 2011-06-26 01:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-µTorrent - c:\users\kerrob\Desktop\utorrent.exe HKCU-Run-AdobeBridge - (no file) HKLM-Run-VIAAUD - c:\program files\VIA\VIAudioi\VDeck\VIAAUD.exe HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe AddRemove-Native Instruments GuitarRig Mobile IO Driver - c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe AddRemove-Native Instruments Session IO Driver - c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe . . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD32 rev.03.0 -> Harddisk0\DR0 -> \Device\00000064 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2361257718-2118566369-587092456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2361257718-2118566369-587092456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-23 10:31:36 ComboFix-quarantined-files.txt 2013-04-23 09:31 . Pre-Run: 21,109,993,472 bytes free Post-Run: 21,035,433,984 bytes free . - - End Of File - - C9380CE882DFDA3726175CC66E92280D thank you again
  7. rob5150
    i forgot to run fix damage will i loose any important data ie pictures emails video clips music thanks again
  8. rob5150
    Autodesk Maya 2012 but i used the trial the programme was too advanced for me forgot it was there ive deleted it now i now have another problem windows defender access denied error code 0x80070005 cant open thanks
  9. rob5150
    all seems to be running great sorry but does this mean my system is clean i can now access windows firewall you are amazing sir thank you so much mbar-log-2013-04-22 (20-06-48).txt system-log.txt Desktop.rar
  10. rob5150
    thanks for reply RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : kerrob [Admin rights] Mode : Scan -- Date : 04/22/2013 15:27:06 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : 8cd98f00b (C:\Users\kerrob\AppData\Roaming\8cd98f00b.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2361257718-2118566369-587092456-1000[...]\Run : 8cd98f00b (C:\Users\kerrob\AppData\Roaming\8cd98f00b.exe) [x] -> FOUND [TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [TASK][sUSP PATH] AllmyappsUpdateTask.job : C:\Users\kerrob\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe check startup [x] -> FOUND [TASK][sUSP PATH] AllmyappsUpdateTask : C:\Users\kerrob\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe check startup [x] -> FOUND [TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$13dfb428c5e262f4ecb68671df428e54\@ [-] --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2361257718-2118566369-587092456-1000\$13dfb428c5e262f4ecb68671df428e54\@ [-] --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$13dfb428c5e262f4ecb68671df428e54\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2361257718-2118566369-587092456-1000\$13dfb428c5e262f4ecb68671df428e54\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$13dfb428c5e262f4ecb68671df428e54\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2361257718-2118566369-587092456-1000\$13dfb428c5e262f4ecb68671df428e54\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD32 00AAJS-08L7A SCSI Disk Device +++++ --- User --- [MBR] 7e8b5f9eaedfc69583c6e484816a02d4 [bSP] 949d417d6d43e710e39018da5f62fa33 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: SAMSUNG SCSI Disk Device +++++ --- User --- [MBR] 9397af0fc1684237f44947c3b4366322 [bSP] 4dd5ef05c8c472604b30da6d75bdc784 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76340 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_04222013_02d1527.txt >> RKreport[1]_S_04222013_02d1527.txt
  11. rob5150
    sorry i uninstalled utorrent this is my log now DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.17.2 Run by kerrob at 14:09:58 on 2013-04-22 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.978 [GMT 1:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes ================ . C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\BWMeter\BWMeterConSvc.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Zune\ZuneNss.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\vssvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [µTorrent] "c:\users\kerrob\desktop\utorrent.exe" uRun: [AdobeBridge] <no file> mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SANDIS~1.LNK - mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download with x-iphone-magic-platinum - c:\program files\xilisoft\iphone magic platinum\upod_link.HTM IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{91BBB8FE-647C-4F6A-B64E-9FD1F99ABD0F} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kerrob\appdata\roaming\mozilla\firefox\profiles\19w4aypu.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-03-10 07:34; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\kerrob\appdata\roaming\mozilla\firefox\profiles\19w4aypu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: !HIDDEN! 2011-06-26 01:40; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R1 dsnpfd;DeskSoft LightWeight Filter;c:\windows\system32\drivers\dsnpfd.sys [2011-9-14 24816] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608] R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-9-16 39528] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664] R2 BWMeterConSvc;BWMeter Connections Service;c:\program files\bwmeter\BWMeterConSvc.exe [2011-9-14 62464] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-3-25 3622912] R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-6-17 1108480] S2 raspptp;Peer-to-Peer Tunneling Protocol;c:\program files\wan miniport pptp\raspptp.exe "c:\program files\common files\wan miniport pptp\raspptp.dat" --> c:\program files\wan miniport pptp\raspptp.exe c:\program files\common files\wan miniport pptp\raspptp.dat [?] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-27 1153368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-12-17 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-12-17 8456] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-11-19 155344] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-3 1343400] . =============== Created Last 30 ================ . 2013-04-22 12:35:15 -------- d-----w- c:\users\kerrob\appdata\local\{967BFC0D-35AE-4482-9958-5B5F1FD99960} 2013-04-18 18:46:57 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2013-04-18 18:46:54 406528 ----a-w- c:\windows\system32\ReWire.dll 2013-04-18 18:44:33 -------- d-----w- c:\programdata\Propellerhead Software 2013-04-18 18:44:32 -------- d-----w- c:\users\kerrob\appdata\roaming\Propellerhead Software 2013-04-18 18:42:15 -------- d-----w- c:\program files\Propellerhead 2013-04-14 20:51:02 -------- d-----w- c:\users\kerrob\appdata\local\{E74CEF5C-13D1-46BD-B99F-F9D6FA2A83BB} 2013-04-13 21:10:26 -------- d-----w- c:\users\kerrob\appdata\local\{B6B8978B-A20A-4880-B333-FBA5BA1D4924} 2013-04-12 10:56:22 -------- d-----w- c:\programdata\SoftSafe 2013-04-12 10:53:34 -------- d-----w- c:\programdata\InstallMate 2013-04-10 20:53:10 -------- d-----w- c:\users\kerrob\appdata\local\{E194BD5C-FC55-48D9-B918-0FD581EA272B} 2013-04-10 12:21:26 -------- d-----w- c:\program files\ChordPulse 2013-04-10 12:21:19 -------- d-----w- c:\program files\WAN Miniport PPTP 2013-04-10 12:21:19 -------- d-----w- c:\program files\common files\WAN Miniport PPTP 2013-04-08 17:47:31 -------- d-----w- c:\users\kerrob\appdata\local\{DF78B494-80EC-439B-9903-CD41FD04D2C1} 2013-04-06 22:58:46 -------- d-----w- c:\users\kerrob\appdata\local\{7B38FEE3-38A6-4AD3-9CBA-6DC388B8F857} 2013-03-29 12:30:26 -------- d-----w- c:\users\kerrob\appdata\local\{3CDFF171-997D-476C-9C0A-00C57B57724C} 2013-03-28 15:57:00 -------- d-----w- c:\users\kerrob\appdata\local\{BFB45A54-64F7-4960-AFA5-6B572F2B9D49} 2013-03-26 09:09:41 -------- d-----w- c:\users\kerrob\appdata\local\{93DD2853-A087-46E0-93B3-88B596F39197} 2013-03-24 12:24:37 -------- d-----w- c:\users\kerrob\appdata\local\{5283D4C2-1FBC-433D-8B95-6C81E61A445E} . ==================== Find3M ==================== . 2013-04-15 09:14:57 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-03 12:35:31 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2013-03-14 19:56:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-14 19:55:59 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-14 19:55:59 782240 ----a-w- c:\windows\system32\deployJava1.dll 2009-12-06 17:18:14 26624 --sh--w- c:\windows\bfcs2.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD32 rev.03.0 -> Harddisk0\DR0 -> \Device\00000068 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x851C01F8]<< _asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x851c0008; MOV EAX, 0x8a81afee; CALL EAX; } 1 ntkrnlpa!IofCallDriver[0x82A4DBC5] -> \Device\Harddisk0\DR0[0x8647B8F8] 3 CLASSPNP[0x8ADA859E] -> ntkrnlpa!IofCallDriver[0x82A4DBC5] -> [0x85ECA330] 5 ACPI[0x8A9333D4] -> ntkrnlpa!IofCallDriver[0x82A4DBC5] -> \Device\00000065[0x85ECA770] \Driver\nvstor[0x85EEFD38] -> IRP_MJ_CREATE -> 0x851C01F8 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 14:10:09.73 ===============
  12. rob5150
    hi i have been trying to open my windows firewall and it comes up with this error 0x8007042c i scanned with malwarebytes quick scan it found 2 trojans i removed them but its still happening please help hears my logs DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.17.2 Run by kerrob at 13:56:45 on 2013-04-22 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2815.1009 [GMT 1:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes ================ . C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\BWMeter\BWMeterConSvc.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Zune\ZuneNss.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.sky.com BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [µTorrent] "c:\users\kerrob\desktop\utorrent.exe" uRun: [AdobeBridge] <no file> mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\SANDIS~1.LNK - mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download with x-iphone-magic-platinum - c:\program files\xilisoft\iphone magic platinum\upod_link.HTM IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{91BBB8FE-647C-4F6A-B64E-9FD1F99ABD0F} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kerrob\appdata\roaming\mozilla\firefox\profiles\19w4aypu.default\ FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-03-10 07:34; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\kerrob\appdata\roaming\mozilla\firefox\profiles\19w4aypu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: !HIDDEN! 2011-06-26 01:40; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R1 dsnpfd;DeskSoft LightWeight Filter;c:\windows\system32\drivers\dsnpfd.sys [2011-9-14 24816] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608] R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2011-9-16 39528] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664] R2 BWMeterConSvc;BWMeter Connections Service;c:\program files\bwmeter\BWMeterConSvc.exe [2011-9-14 62464] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-3-25 3622912] R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-6-17 1108480] S2 raspptp;Peer-to-Peer Tunneling Protocol;c:\program files\wan miniport pptp\raspptp.exe "c:\program files\common files\wan miniport pptp\raspptp.dat" --> c:\program files\wan miniport pptp\raspptp.exe c:\program files\common files\wan miniport pptp\raspptp.dat [?] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-7-27 1153368] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-12-17 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-12-17 8456] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-11-19 155344] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-3 1343400] . =============== Created Last 30 ================ . 2013-04-22 12:35:15 -------- d-----w- c:\users\kerrob\appdata\local\{967BFC0D-35AE-4482-9958-5B5F1FD99960} 2013-04-18 18:46:57 338432 ----a-w- c:\windows\system32\REX Shared Library.dll 2013-04-18 18:46:54 406528 ----a-w- c:\windows\system32\ReWire.dll 2013-04-18 18:44:33 -------- d-----w- c:\programdata\Propellerhead Software 2013-04-18 18:44:32 -------- d-----w- c:\users\kerrob\appdata\roaming\Propellerhead Software 2013-04-18 18:42:15 -------- d-----w- c:\program files\Propellerhead 2013-04-14 20:51:02 -------- d-----w- c:\users\kerrob\appdata\local\{E74CEF5C-13D1-46BD-B99F-F9D6FA2A83BB} 2013-04-13 21:10:26 -------- d-----w- c:\users\kerrob\appdata\local\{B6B8978B-A20A-4880-B333-FBA5BA1D4924} 2013-04-12 10:56:22 -------- d-----w- c:\programdata\SoftSafe 2013-04-12 10:53:34 -------- d-----w- c:\programdata\InstallMate 2013-04-10 20:53:10 -------- d-----w- c:\users\kerrob\appdata\local\{E194BD5C-FC55-48D9-B918-0FD581EA272B} 2013-04-10 12:21:26 -------- d-----w- c:\program files\ChordPulse 2013-04-10 12:21:19 -------- d-----w- c:\program files\WAN Miniport PPTP 2013-04-10 12:21:19 -------- d-----w- c:\program files\common files\WAN Miniport PPTP 2013-04-08 17:47:31 -------- d-----w- c:\users\kerrob\appdata\local\{DF78B494-80EC-439B-9903-CD41FD04D2C1} 2013-04-06 22:58:46 -------- d-----w- c:\users\kerrob\appdata\local\{7B38FEE3-38A6-4AD3-9CBA-6DC388B8F857} 2013-03-29 12:30:26 -------- d-----w- c:\users\kerrob\appdata\local\{3CDFF171-997D-476C-9C0A-00C57B57724C} 2013-03-28 15:57:00 -------- d-----w- c:\users\kerrob\appdata\local\{BFB45A54-64F7-4960-AFA5-6B572F2B9D49} 2013-03-26 09:09:41 -------- d-----w- c:\users\kerrob\appdata\local\{93DD2853-A087-46E0-93B3-88B596F39197} 2013-03-24 12:24:37 -------- d-----w- c:\users\kerrob\appdata\local\{5283D4C2-1FBC-433D-8B95-6C81E61A445E} . ==================== Find3M ==================== . 2013-04-15 09:14:57 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2013-04-04 13:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-03 12:35:31 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2013-03-14 19:56:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-14 19:55:59 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-14 19:55:59 782240 ----a-w- c:\windows\system32\deployJava1.dll 2009-12-06 17:18:14 26624 --sh--w- c:\windows\bfcs2.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD32 rev.03.0 -> Harddisk0\DR0 -> \Device\00000068 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x851C01F8]<< _asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x851c0008; MOV EAX, 0x8a81afee; CALL EAX; } 1 ntkrnlpa!IofCallDriver[0x82A4DBC5] -> \Device\Harddisk0\DR0[0x8647B8F8] 3 CLASSPNP[0x8ADA859E] -> ntkrnlpa!IofCallDriver[0x82A4DBC5] -> [0x85ECA330] 5 ACPI[0x8A9333D4] -> ntkrnlpa!IofCallDriver[0x82A4DBC5] -> \Device\00000065[0x85ECA770] \Driver\nvstor[0x85EEFD38] -> IRP_MJ_CREATE -> 0x851C01F8 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 13:58:15.36 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 17/06/2011 07:19:40 System Uptime: 20/04/2013 17:34:06 (44 hours ago) . Motherboard: ASRock | | N68C-S UCC Processor: AMD Athlon II X2 250 Processor | CPUSocket | 780/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 20.581 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 21.77 GiB free. F: is CDROM () G: is Removable H: is CDROM () I: is Removable J: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP199: 20/04/2013 19:57:15 - Scheduled Checkpoint . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 4.20 Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader 9.5.3 Aimersoft Video Converter Ultimate(Build 4.2.4.0) Amazing Slow Downer (remove only) Any Video Converter Professional 3.1.0 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 6 Ashampoo Burning Studio 11 v.11.0.4 ASIO4ALL ASRock IES v2.0.69 ASRock OC DNA v1.6 ASRock OC Tuner v2.3.91 µTorrent Autodesk Backburner 2012.0.0 AVG 2013 Bigasoft FLV Converter 3.5.4.4287 Bit Che BitTorrent Boilsoft Video Joiner 5.32 Boilsoft Video Splitter 5.16 Brad Smith Easy SFV Creator BufferChm BWMeter calibre Call of Duty CCleaner ChordPulse Comical 0.8 ConvertXtoDVD 4.1.19.365 Cool Beans NFO Creator 2.0.1.3 Copy Corel PaintShop Photo Pro X3 D3DX10 Destinations DeviceDiscovery DJ_AIO_03_F2200_Software_Min DocProc DVD Shrink 3.2 DVDFab 8.1.3.8 (09/12/2011) Qt EASEUS Partition Master 9.1.0 Home Edition F2200 Firebird SQL Server - MAGIX Edition FL Studio 10 Google Earth Google Update Helper GPBaseService2 HP Customer Participation Program 13.0 HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant ICA IL Download Manager ImgBurn iPhone Configuration Utility IPM_PSP_CL IPM_PSP_COM iTunes Java 7 Update 17 Java Auto Updater Junk Mail filter update KLS Mail Backup 1.9.7.8 MAGIX Content and Soundpools MAGIX Music Maker 17 Premium (Instrument package 1) MAGIX Music Maker 17 Premium (Instrument package 2) MAGIX Music Maker 17 Premium (Instrument package 3) MAGIX Music Maker 17 Premium (Sound package) MAGIX Music Maker 17 Premium (Synthesizer and effects) MAGIX Music Maker 17 Premium Download Version MAGIX Music Maker 2013 Premium MAGIX Music Maker 2013 Trial Soundpools MAGIX Screenshare MAGIX Speed burnR (MSI) Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Media Go MediaMonkey 4.0 Messenger Companion Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Minecraft Cracked Minecraft version 1.4.5 Mozilla Firefox 15.0.1 (x86 en-GB) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser Native Instruments Controller Editor Native Instruments Guitar Rig 4 Native Instruments Guitar Rig Mobile IO Driver Native Instruments Guitar Rig Session IO Driver Native Instruments GuitarRig Mobile IO Driver Native Instruments Kontakt 5 Native Instruments Rig Kontrol 3 Driver Native Instruments Service Center Native Instruments Session IO Driver Novacomd NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 280.19 NVIDIA Control Panel 280.26 NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA Graphics Driver 280.26 NVIDIA Install Application NVIDIA PhysX Plug-in for Autodesk Maya 2012 32 bit NVIDIA Update 1.4.28 NVIDIA Update Components OCR Software by I.R.I.S. 13.0 Orb Orb Mini Controller Orb Runtime libraries Outlook Express Backup V6.5 OutRun2006 Coast 2 Coast PDF Settings CS5 PG Music DirectX Plugins 1.3.4.1 Platform PlayStation®Network Downloader PlayStation®Store Portforward Static IP Address 1.0.47 Power Tab Editor 1.7 PowerISO PreSonus Studio One 2 PSPPContent PSPPRO_DCRAW QuickTime RAR Password Unlocker 4.2.0.0 RealTracks Reason 5.0 Room Arranger Samplitude Pro X Suite Download Version Samplitude Pro X Suite Update SanDisk ® Media Manager Santas Workshop Screensaver Scan SDFormatter Setup Sibelius Scorch (ActiveX Only) SmartWebPrinting SolutionCenter SONAR X1 Producer Sony Ericsson PC Companion 2.01.231 SpeedFan (remove only) Spybot - Search & Destroy Status SUPERAntiSpyware System Requirements Lab Text-To-Speech-Runtime Tonido 2.53.0.19826 Toolbox TrayApp UnloadSupport vanBasco's Karaoke Player VIA Platform Device Manager Virtual Sound Canvas DXi VLC media player 1.1.11 Vuze WebReg Windows 7 Manager Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component WinRAR 4.01 (32-bit) Xilisoft iPhone Magic Platinum Youtube Downloader HD v. 2.9.5 Youtube to MP3 Converter v. 1.4 Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 20/04/2013 17:39:11, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 20/04/2013 17:39:11, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 20/04/2013 17:38:51, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 20/04/2013 17:38:18, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 20/04/2013 17:38:16, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 20/04/2013 17:38:14, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 20/04/2013 11:47:06, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7. 19/04/2013 22:35:49, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== thanks rob
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.