Jump to content

Concerned because DDA Driver Won't Work


Recommended Posts

I ran Malwarebytes Anti-Rootkit because I recently went on Cracked.com and today I got a whole bunch of alerts from Google Chrome that it was infected with Malicious software (while on a different computer). I've tried repeatedly to run the program but I could not get it to work, I get the same error every time:

 

"DDA Driver was not installed which may be caused by rootkit activity. Do you want to Reboot the computer to install the DDA driver (Scan will continue After reboot)?"

 

I have tried the reboot option multiple times but continue to get an error that the DDA driver isn't working/can't be installed. I'm trying to make sure that I was not infected with any malicious software as a result of the recent infection to the website.

 

I know it's a beta so it's possible it's just a glitch, but my other computer uses it with no problems and on this computer in the past I have used prior versions with no problems, so now I'm concerned.

 

This computer has Windows 7 Home 64 Bit Service Pack 1.

 

I did not find any malware using any of my other programs (Avast, Malwarebytes Anti Malware, Super Anti Spyware, Spybot Search & Destroy, and TDSSKiller). I am hoping that this is just a minor error but would like someone to confirm that I don't have to panic.

 

I've attached the files from the DDS.scr here, please let me know if you need anything else.

 

Thanks!

attach.txt

dds.txt

Link to post
Share on other sites

I forgot to mention I also tried the "Fixdamage" in the Mbar folder prior to this post but that didn't work either. And to be absolutely clear, I received alerts that there was malware on cracked.com from my other computer but not on this one (where I mostly use mozilla) so that is why I'm worried, one computer started screaming about malware while the other didn't react at all. So that's why I'm concerned. Thanks again!

Link to post
Share on other sites

Terribly sorry I misread the instructions, I am posting the logs (did not read correctly and thought I was supposed to attach them). I would edit but for some reason I cannot find an edit button to my posts:

 

DDS LOG:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by MediocreLegacy at 22:27:50 on 2013-09-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2595 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [ (A0)] cmd /c "C:\Users\MediocreLegacy\Desktop\mbar\mbar.exe" /rdv /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{77718032-1C59-44E1-B3D9-FF4CE672BCF4} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MediocreLegacy\AppData\Roaming\Mozilla\Firefox\Profiles\dfeg9zeq.default-1360123857040\
FF - prefs.js: browser.search.selectedEngine - Web Search

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\MEDIOC~1\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 204880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-23 56336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-21 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-21 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-4 46808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-18 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-18 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-18 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-6-23 36680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-21 1255736]
.
=============== Created Last 30 ================
.
2013-10-01 01:03:32    116440    ----a-w-    C:\Windows\System32\drivers\48230029.sys
2013-09-27 23:27:28    9694160    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{692006B0-B1CA-4C53-B106-EFC1EF1B8BFD}\mpengine.dll
2013-09-20 02:49:40    --------    d-----w-    C:\ProgramData\Oracle
2013-09-20 02:49:22    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-10 23:32:40    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
.
==================== Find3M  ====================
.
2013-09-20 02:49:16    868264    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-09-20 02:49:16    790440    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-09-11 04:11:12    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 04:11:12    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48:10    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    C:\Windows\avastSS.scr
2013-08-10 05:22:18    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-10 05:20:59    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43    3155456    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-07 08:22:02    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-02 02:15:03    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:45:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:28:09.94 ===============
 

 

Attach Log:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2012 4:01:54 PM
System Uptime: 9/30/2013 10:16:05 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5QL PRO
Processor: Intel® Core2 Duo CPU     E7400  @ 2.80GHz | LGA775 | 2800/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 423.456 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 9/28/2013 9:55:29 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 11
Adobe Reader XI (11.0.04)
avast! Free Antivirus
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Utilities Easy-PhotoPrint EX
Catalina Savings Printer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Elements 11 Organizer
Google Chrome
Google Update Helper
Java 7 Update 40
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PSE11 STI Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Spybot - Search & Destroy
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 7:48:22 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
9/30/2013 10:18:40 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/30/2013 10:18:40 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
9/30/2013 10:16:39 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  mbamswissarmy
9/30/2013 10:15:12 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
9/28/2013 9:49:58 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort2.
9/28/2013 9:48:00 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
9/27/2013 7:23:21 PM, Error: volmgr [46]  - Crash dump initialization failed!
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Judging from the Event Logs I would first try running a Full Disk check on your system drive and see if that helps correct any issues or not.

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows XP the disk check log is in the Event Logs under Application with a heading source of  Winlogon
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk

How to Run a Chkdsk Function on Windows XP

How to view and manage event logs in Event Viewer in Windows XP

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Check a Drive for Errors with "chkdsk" in Windows 8

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

 

 

 

==== Event Viewer Messages From Past Week ========
.
9/30/2013 7:48:22 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
9/30/2013 10:18:40 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/30/2013 10:18:40 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
9/30/2013 10:16:39 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  mbamswissarmy
9/30/2013 10:15:12 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
9/28/2013 9:49:58 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort2.
9/28/2013 9:48:00 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
9/27/2013 7:23:21 PM, Error: volmgr [46]  - Crash dump initialization failed!
.
==== End Of File ===========================

 

Link to post
Share on other sites

Okay, I believe I did this correct. Unfortunately I did not get to see the log (I assumed it would prompt me) however I looked up online how to find the log from the CHKDSK and I believe this is it:

Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 154112 file records processed. File verification completed. 493 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 204808 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 154112 file SDs/SIDs processed. Cleaning up 660 unused index entries from index $SII of file 0x9. Cleaning up 660 unused index entries from index $SDH of file 0x9. Cleaning up 660 unused security descriptors. Security descriptor verification completed. 25349 data files processed. CHKDSK is verifying Usn Journal... 35422584 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc0000185 at offset 0x7773d000 for 0x10000 bytes. Read failure with status 0xc0000185 at offset 0x77744000 for 0x1000 bytes. Windows replaced bad clusters in file 58391 of name \PROGRA~3\AVASTS~1\Avast\URL~1.DB3. 154096 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 111004443 free clusters processed. Free space verification is complete. Adding 1 bad clusters to the Bad Clusters File. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows has made corrections to the file system. 488384511 KB total disk space. 44023616 KB in 110190 files. 71712 KB in 25350 indexes. 4 KB in bad sectors. 271403 KB in use by the system. 65536 KB occupied by the log file. 444017776 KB available on disk. 4096 bytes in each allocation unit. 122096127 total allocation units on disk. 111004444 allocation units available on disk. Internal Info: 00 5a 02 00 80 11 02 00 3a 01 04 00 00 00 00 00 .Z......:....... b5 01 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.

After that finished, I got into windows and tried to run the anti rootkit again and it still gave me the error. However, this time when I did the reboot when it asked me, I did not get the error message again and it initialized and ran a scan and reported no problems.

Does this mean one of my existing services (like Avast) is blocking it except when I do the reboot thing? Also, are there any other scans I should run to make sure there are no problems?

Thank you so much for your continued help with this issue!

Link to post
Share on other sites

  • Root Admin

What it means is your hard drive is failing

 

Read failure with status 0xc0000185 at offset 0x7773d000 for 0x10000 bytes.

Read failure with status 0xc0000185 at offset 0x77744000 for 0x1000 bytes.

Windows replaced bad clusters in file 58391 of name \PROGRA~3\AVASTS~1\Avast\URL~1.DB3.

 

You need to backup your data to another drive and then replace this hard drive before it completely fails and you lose your data.

Link to post
Share on other sites

  • Root Admin

Difficult to say for sure but not really worth spending hours, days, or weeks in some rare cases trying to figure it out and worry about it.  Best to just get a new drive and reinstall Windows from scratch so that you start on a clean slate.  Then make sure you install an antivirus product soon after getting Windows reinstalled and then get all the drivers and Windows updates up to date and then you can look at restoring your data to the new drive.

 

Please let me know if there is anything else I can assist you with before we close up here.

 

Thanks

Link to post
Share on other sites

Thank you very much advanced setup. Fortunately since I have two computers I just moved my stuff all to the other one since it was all backed up on an external harddrive. I'm very glad I encountered this problem and got help from you since I just realized this could have caused a serious problem with some of my software that has to be deactivated before it can be moved to be used on a new computer - you saved my bacon!

 

Given that everything else I ran came up clean I'm sure this is probably just my hard drive going down. Thank you so much for your help!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.