Help
My PC picked up the Trogen.FakeMS virus, which shut down the Firewall, but Avast was still working.
I did a scan from Malwarebytes which seems to have removed enough of it to keep my Firewall working.
There are several signs that there is still something left on this computer and need help to find and remove them.
1/ On boot up I get an error message from Microsoft Visual C++ Runtime Library of a runtime error on Programs\Program Files\DISC\DISCover.exe of an abnormal program termination. I know this doesn't affect the working of the computer, but still a sympto/
2/ I can't access Windows Updates for the latest update I know is there. I just get a message that the website has encountered a problem.
3/ I have a few new files on my PC I checked in your Startup List that are left from a trogen. MDM.exe being one of them.
Please help me find and remove any remaining files. I am running Windows XP with Service Pack 3. I already have Highjack This on the computer if you need me to run it.
Thanks
Trogen.FakeMS Virus not completely gone Need help to remove the rest
#1
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 13 January 2012 - 07:00 PM
Back to top
#2
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 13 January 2012 - 09:27 PM
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download Farbar Service Scanner and run it on the computer with the issue.
====================================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Internet Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
====================================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
#3
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 19 January 2012 - 06:33 PM
Sorry for the delay, I got called out of town unexpectedly. I will start these proceedures now.
#4
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 19 January 2012 - 07:53 PM
Here is the results of Security Check:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
Here are the results of the Farbar Service Scanner:
Farbar Service Scanner Version: 18-01-2012 01
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 18:39:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Here is the Mini Tool Box results:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 18:44:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
"network.proxy.type", 0
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : mitzi3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-17-31-8C-CA-95
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : January 19, 2012 6:24:50 PM
Lease Expires . . . . . . . . . . : January 22, 2012 6:24:50 PM
Server: mymodem
Address: 192.168.2.1
Name: google.com
Addresses: 74.125.226.50, 74.125.226.48, 74.125.226.52, 74.125.226.49
74.125.226.51
Pinging google.com [74.125.226.50] with 32 bytes of data:
Reply from 74.125.226.50: bytes=32 time=11ms TTL=55
Reply from 74.125.226.50: bytes=32 time=8ms TTL=55
Ping statistics for 74.125.226.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 11ms, Average = 9ms
Server: mymodem
Address: 192.168.2.1
Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56
Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=51ms TTL=50
Reply from 98.139.180.149: bytes=32 time=68ms TTL=50
Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 68ms, Average = 59ms
Server: mymodem
Address: 192.168.2.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 8c ca 95 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 20
192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 20
224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 20
255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/12/2012 07:22:46 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x65064110.
Error in creating result PEAP-TLV in response to received PEAP-TLV (spoolsv.exe!ld!)
Error: (01/12/2012 03:05:39 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x65064110.
Processing media-specific event for [spoolsv.exe!ws!]
Error: (01/11/2012 10:28:22 AM) (Source: Application Error) (User: )
Description: Faulting application tue0.9787852717773201.exe, version 5.1.2600.2180, faulting module tue0.9787852717773201.exe, version 5.1.2600.2180, fault address 0x0003971e.
Processing media-specific event for [tue0.9787852717773201.exe!ws!]
Error: (01/11/2012 10:28:06 AM) (Source: Application Error) (User: )
Description: Faulting application oiu0.8092055230366.exe, version 5.1.2600.2180, faulting module oiu0.8092055230366.exe, version 5.1.2600.2180, fault address 0x0003971e.
Processing media-specific event for [oiu0.8092055230366.exe!ws!]
Error: (01/04/2012 05:56:41 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/02/2012 10:52:19 AM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (01/02/2012 10:52:12 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]
Error: (01/01/2012 06:00:13 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/29/2011 02:43:56 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (12/26/2011 09:46:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (01/19/2012 07:29:10 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/19/2012 05:55:03 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2012 09:58:55 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/17/2012 06:06:11 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/17/2012 06:06:36 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/16/2012 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 05:38:24 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 11:16:40 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 03:20:21 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/13/2012 02:41:26 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (01/12/2012 07:22:46 AM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.065064110
Error: (01/12/2012 03:05:39 AM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.065064110
Error: (01/11/2012 10:28:22 AM) (Source: Application Error)(User: )
Description: tue0.9787852717773201.exe5.1.2600.2180tue0.9787852717773201.exe5.1.2600.21800003971e
Error: (01/11/2012 10:28:06 AM) (Source: Application Error)(User: )
Description: oiu0.8092055230366.exe5.1.2600.2180oiu0.8092055230366.exe5.1.2600.21800003971e
Error: (01/04/2012 05:56:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (01/02/2012 10:52:19 AM) (Source: Application Error)(User: )
Description: -1557370671
Error: (01/02/2012 10:52:12 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978
Error: (01/01/2012 06:00:13 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (12/29/2011 02:43:56 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (12/26/2011 09:46:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
=========================== Installed Programs ============================
µTorrent (Version: 2.2.1)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
ArcSoft PhotoStudio 5.5
avast! Free Antivirus (Version: 6.0.1367.0)
BufferChm (Version: 70.0.170.000)
Canon CanoScan Toolbox 4.9
CCleaner (Version: 3.07)
Compaq Connections (remove only)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Data Fax SoftModem with SmartCP
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DISCover (Version: 3.31)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
FullDPAppQFolder (Version: 1.00.0000)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Rhapsody
HP Support Overview (Version: 1.0.0)
HP Update (Version: 5.003.001.001)
HP Web Helper
HPPhotoSmartExpress (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LightScribe 1.4.84.1 (Version: 1.4.84.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Manual CanoScan LiDE 25
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (Version: 1.0.0)
Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
OmniPage SE 2.0 (Version: 2.00.0004)
OptionalContentQFolder (Version: 1.00.0000)
Otto
PC-Doctor 5 for Windows (Version: 5.00.3462.03)
PhotoGallery (Version: 70.0.170.000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.4.5)
RandMap (Version: 70.0.170.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
SCRABBLE (Version: WT005619)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.53.1000)
Unload (Version: 7.0.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
========================= Memory info: ===================================
Percentage of memory in use: 35%
Total physical RAM: 1470.48 MB
Available physical RAM: 945.42 MB
Total Pagefile: 3366.16 MB
Available Pagefile: 2939.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.06 MB
========================= Partitions: =====================================
1 Drive c: (PRESARIO) (Fixed) (Total:103.58 GB) (Free:77.69 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.2 GB) (Free:0.49 GB) FAT32
========================= Users: ========================================
User accounts for \\MITZI3
Administrator Compaq_Administrator Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904
**** End of log ****
**NOTE: As I mentioned in my opening remarks, I already did a scan with Malwarebytes and Removed the threat already before I contacted you. I did do another scan just now and nothing was found. If you would like me to post what Malwarebytes found initially, I will post the older log for you. Let me know.
Here is a copy of the aswMBR file:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 19:19:16
-----------------------------
19:19:16.531 OS Version: Windows 5.1.2600 Service Pack 3
19:19:16.531 Number of processors: 1 586 0x3F02
19:19:16.531 ComputerName: MITZI3 UserName:
19:19:18.531 Initialize success
19:19:19.562 AVAST engine defs: 12011902
19:20:14.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:20:14.468 Disk 0 Vendor: ST3120213AS 3.AHH Size: 114473MB BusType: 3
19:20:14.500 Disk 0 MBR read successfully
19:20:14.500 Disk 0 MBR scan
19:20:14.546 Disk 0 unknown MBR code
19:20:14.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 106061 MB offset 63
19:20:14.578 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8401 MB offset 217230930
19:20:14.578 Disk 0 malicious Win32:MBRoot code @ sector 61 !
19:20:14.593 Disk 0 PE file @ sector 234436545 !
19:20:14.640 Disk 0 scanning C:\WINDOWS\system32\drivers
19:20:29.921 Service scanning
19:20:30.312 Service .redbook \? **LOCKED** 123
19:20:30.984 Modules scanning
19:20:59.140 Disk 0 trace - called modules:
19:20:59.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:20:59.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1c3ab8]
19:20:59.171 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a2e6f18]
19:20:59.171 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a29b940]
19:20:59.906 AVAST engine scan C:\WINDOWS
19:21:11.250 AVAST engine scan C:\WINDOWS\system32
19:23:04.046 AVAST engine scan C:\WINDOWS\system32\drivers
19:23:19.703 AVAST engine scan C:\Documents and Settings\Compaq_Administrator
19:45:46.515 AVAST engine scan C:\Documents and Settings\All Users
19:47:34.312 Scan finished successfully
19:47:58.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
19:47:58.781 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
Here are the results of the Farbar Service Scanner:
Farbar Service Scanner Version: 18-01-2012 01
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 18:39:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Here is the Mini Tool Box results:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 18:44:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
"network.proxy.type", 0
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : mitzi3
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-17-31-8C-CA-95
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : January 19, 2012 6:24:50 PM
Lease Expires . . . . . . . . . . : January 22, 2012 6:24:50 PM
Server: mymodem
Address: 192.168.2.1
Name: google.com
Addresses: 74.125.226.50, 74.125.226.48, 74.125.226.52, 74.125.226.49
74.125.226.51
Pinging google.com [74.125.226.50] with 32 bytes of data:
Reply from 74.125.226.50: bytes=32 time=11ms TTL=55
Reply from 74.125.226.50: bytes=32 time=8ms TTL=55
Ping statistics for 74.125.226.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 11ms, Average = 9ms
Server: mymodem
Address: 192.168.2.1
Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56
Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=51ms TTL=50
Reply from 98.139.180.149: bytes=32 time=68ms TTL=50
Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 68ms, Average = 59ms
Server: mymodem
Address: 192.168.2.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 8c ca 95 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 20
192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 20
224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 20
255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/12/2012 07:22:46 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x65064110.
Error in creating result PEAP-TLV in response to received PEAP-TLV (spoolsv.exe!ld!)
Error: (01/12/2012 03:05:39 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x65064110.
Processing media-specific event for [spoolsv.exe!ws!]
Error: (01/11/2012 10:28:22 AM) (Source: Application Error) (User: )
Description: Faulting application tue0.9787852717773201.exe, version 5.1.2600.2180, faulting module tue0.9787852717773201.exe, version 5.1.2600.2180, fault address 0x0003971e.
Processing media-specific event for [tue0.9787852717773201.exe!ws!]
Error: (01/11/2012 10:28:06 AM) (Source: Application Error) (User: )
Description: Faulting application oiu0.8092055230366.exe, version 5.1.2600.2180, faulting module oiu0.8092055230366.exe, version 5.1.2600.2180, fault address 0x0003971e.
Processing media-specific event for [oiu0.8092055230366.exe!ws!]
Error: (01/04/2012 05:56:41 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/02/2012 10:52:19 AM) (Source: Application Error) (User: )
Description: Fault bucket -1557370671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (01/02/2012 10:52:12 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [iexplore.exe!ws!]
Error: (01/01/2012 06:00:13 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (12/29/2011 02:43:56 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (12/26/2011 09:46:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (01/19/2012 07:29:10 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/19/2012 05:55:03 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/18/2012 09:58:55 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/17/2012 06:06:11 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/17/2012 06:06:36 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/16/2012 06:38:44 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 05:38:24 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 11:16:40 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/15/2012 03:20:21 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/13/2012 02:41:26 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
Error: (01/12/2012 07:22:46 AM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.065064110
Error: (01/12/2012 03:05:39 AM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.065064110
Error: (01/11/2012 10:28:22 AM) (Source: Application Error)(User: )
Description: tue0.9787852717773201.exe5.1.2600.2180tue0.9787852717773201.exe5.1.2600.21800003971e
Error: (01/11/2012 10:28:06 AM) (Source: Application Error)(User: )
Description: oiu0.8092055230366.exe5.1.2600.2180oiu0.8092055230366.exe5.1.2600.21800003971e
Error: (01/04/2012 05:56:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (01/02/2012 10:52:19 AM) (Source: Application Error)(User: )
Description: -1557370671
Error: (01/02/2012 10:52:12 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.1917000067978
Error: (01/01/2012 06:00:13 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
Error: (12/29/2011 02:43:56 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (12/26/2011 09:46:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
=========================== Installed Programs ============================
µTorrent (Version: 2.2.1)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
ArcSoft PhotoStudio 5.5
avast! Free Antivirus (Version: 6.0.1367.0)
BufferChm (Version: 70.0.170.000)
Canon CanoScan Toolbox 4.9
CCleaner (Version: 3.07)
Compaq Connections (remove only)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
Data Fax SoftModem with SmartCP
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DISCover (Version: 3.31)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680)
FullDPAppQFolder (Version: 1.00.0000)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Boot Optimizer (Version: 3.0.0)
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Rhapsody
HP Support Overview (Version: 1.0.0)
HP Update (Version: 5.003.001.001)
HP Web Helper
HPPhotoSmartExpress (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
LightScribe 1.4.84.1 (Version: 1.4.84.1)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Manual CanoScan LiDE 25
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Money 2006 (Version: 15)
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour (Version: 1.0.0)
Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
OmniPage SE 2.0 (Version: 2.00.0004)
OptionalContentQFolder (Version: 1.00.0000)
Otto
PC-Doctor 5 for Windows (Version: 5.00.3462.03)
PhotoGallery (Version: 70.0.170.000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken 2006 (Version: 15.1.4.5)
RandMap (Version: 70.0.170.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
SCRABBLE (Version: WT005619)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.53.1000)
Unload (Version: 7.0.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
========================= Memory info: ===================================
Percentage of memory in use: 35%
Total physical RAM: 1470.48 MB
Available physical RAM: 945.42 MB
Total Pagefile: 3366.16 MB
Available Pagefile: 2939.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.06 MB
========================= Partitions: =====================================
1 Drive c: (PRESARIO) (Fixed) (Total:103.58 GB) (Free:77.69 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:8.2 GB) (Free:0.49 GB) FAT32
========================= Users: ========================================
User accounts for \\MITZI3
Administrator Compaq_Administrator Guest
HelpAssistant SUPPORT_388945a0 SUPPORT_fddfa904
**** End of log ****
**NOTE: As I mentioned in my opening remarks, I already did a scan with Malwarebytes and Removed the threat already before I contacted you. I did do another scan just now and nothing was found. If you would like me to post what Malwarebytes found initially, I will post the older log for you. Let me know.
Here is a copy of the aswMBR file:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 19:19:16
-----------------------------
19:19:16.531 OS Version: Windows 5.1.2600 Service Pack 3
19:19:16.531 Number of processors: 1 586 0x3F02
19:19:16.531 ComputerName: MITZI3 UserName:
19:19:18.531 Initialize success
19:19:19.562 AVAST engine defs: 12011902
19:20:14.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:20:14.468 Disk 0 Vendor: ST3120213AS 3.AHH Size: 114473MB BusType: 3
19:20:14.500 Disk 0 MBR read successfully
19:20:14.500 Disk 0 MBR scan
19:20:14.546 Disk 0 unknown MBR code
19:20:14.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 106061 MB offset 63
19:20:14.578 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8401 MB offset 217230930
19:20:14.578 Disk 0 malicious Win32:MBRoot code @ sector 61 !
19:20:14.593 Disk 0 PE file @ sector 234436545 !
19:20:14.640 Disk 0 scanning C:\WINDOWS\system32\drivers
19:20:29.921 Service scanning
19:20:30.312 Service .redbook \? **LOCKED** 123
19:20:30.984 Modules scanning
19:20:59.140 Disk 0 trace - called modules:
19:20:59.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:20:59.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1c3ab8]
19:20:59.171 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a2e6f18]
19:20:59.171 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a29b940]
19:20:59.906 AVAST engine scan C:\WINDOWS
19:21:11.250 AVAST engine scan C:\WINDOWS\system32
19:23:04.046 AVAST engine scan C:\WINDOWS\system32\drivers
19:23:19.703 AVAST engine scan C:\Documents and Settings\Compaq_Administrator
19:45:46.515 AVAST engine scan C:\Documents and Settings\All Users
19:47:34.312 Scan finished successfully
19:47:58.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
19:47:58.781 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"
#5
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 19 January 2012 - 08:41 PM
You have some rootkit remnants:
but it's not active anymore.
There is no way to remove it with formatting.
Other than that I don't see anything malicious, but surely some damage has been done.
Security Center and Windows updates are not working due to some registry keys missing.
If your computer is HP/Compaq, DISCover.exe file is related to preinstalled games.
It may be coming from some other gaming programs like Steam.
We'll worry about it later.
MDM.exe file is probably legal (depending on its location.
Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".
MDM.exe
Click Search Files button and post the log (FSS.txt) it makes to your reply.
==============================================================================
Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/
XP
Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Check on Windows updates and Security Center.
Post new FSS log.
Quote
9:20:14.578 Disk 0 malicious Win32:MBRoot code @ sector 61 !
but it's not active anymore.
There is no way to remove it with formatting.
Other than that I don't see anything malicious, but surely some damage has been done.
Security Center and Windows updates are not working due to some registry keys missing.
If your computer is HP/Compaq, DISCover.exe file is related to preinstalled games.
It may be coming from some other gaming programs like Steam.
We'll worry about it later.
MDM.exe file is probably legal (depending on its location.
Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".
MDM.exe
Click Search Files button and post the log (FSS.txt) it makes to your reply.
==============================================================================
Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/
XP
Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Check on Windows updates and Security Center.
Post new FSS log.
This post has been edited by Broni: 19 January 2012 - 08:42 PM
#6
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 19 January 2012 - 10:05 PM
Farbar Service Scanner Version: 18-01-2012 01
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 21:58:07
Microsoft Windows XP Service Pack 3 (X86)
************************************************
================== Search: "MDM.exe" ===================
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2003-06-20 08:25] - [2003-06-20 08:25] - 0322120 ____A (Microsoft Corporation) 11F714F85530A2BD134074DC30E99FCA
====== End Of Search ======
This is the result of the MDM.exe search. I will continue with the rest.
Ran by Compaq_Administrator (administrator) on 19-01-2012 at 21:58:07
Microsoft Windows XP Service Pack 3 (X86)
************************************************
================== Search: "MDM.exe" ===================
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2003-06-20 08:25] - [2003-06-20 08:25] - 0322120 ____A (Microsoft Corporation) 11F714F85530A2BD134074DC30E99FCA
====== End Of Search ======
This is the result of the MDM.exe search. I will continue with the rest.
#7
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 19 January 2012 - 10:11 PM
That file looks fine.
#8
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 20 January 2012 - 06:53 PM
OK, I followed all the steps, and on reboot, I got the ballon telling me there were updates available. Went to Windows Update and downloaded 8 new updates. So far, all seems to be working in the Security Centre. Here is the FSS log:
Farbar Service Scanner Version: 18-01-2012 01
Ran by Compaq_Administrator (administrator) on 20-01-2012 at 18:48:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
Farbar Service Scanner Version: 18-01-2012 01
Ran by Compaq_Administrator (administrator) on 20-01-2012 at 18:48:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
**** End of log ****
#9
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 20 January 2012 - 08:27 PM
Any other issues?
Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
=============================================================================
Please run a free online scan with the ESET Online Scanner
Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
=============================================================================
Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset doesn't find any threats it'll NOT produce any log.
#10
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 21 January 2012 - 08:47 PM
These steps have been completed. The good news is there were no problems found with the ESET scaner. Are there any more steps to take?
I am still, however still getting the "Microsoft Visual C++ Runtime Library of a runtime error on Programs\Program Files\DISC\DISCover.exe of an abnormal program termination" error message on every boot up.
This is how I knew something was wrong in the first place. I do not use the HP games, but need to make sure there are no more problems. Is there still a possible infected file, or a missing file causing this error?
I am still, however still getting the "Microsoft Visual C++ Runtime Library of a runtime error on Programs\Program Files\DISC\DISCover.exe of an abnormal program termination" error message on every boot up.
This is how I knew something was wrong in the first place. I do not use the HP games, but need to make sure there are no more problems. Is there still a possible infected file, or a missing file causing this error?
#11
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 21 January 2012 - 09:26 PM
Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:
Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:
Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):
#12
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 26 January 2012 - 06:38 PM
I've done the steps as listed and I'm looking at a page that has the File Fropper logo and "Link To Share This File With Anyone:" I can'r seem to go any further. Is this done correctly?
#13
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 January 2012 - 07:20 PM
Click on big green button "Upload file".
#14
- Member
-
- Group: Members
- Posts: 58
- Joined: 02-February 08
- Location:Mississauga, Ontario, Canada
Posted 27 January 2012 - 01:17 AM
I already did that before I posted last reply. Should have said that. This is the screen after that step that I am refering to.
#15
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 27 January 2012 - 11:23 AM
Yes, copy the link inside that box.
