Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32 heur virus infection


  • Please log in to reply
30 replies to this topic

#1 Jaest

Jaest

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 12 July 2011 - 03:04 PM

got infected with a win32 heur virus a couple weeks ago and have not been able to locate and fix despite numerous attempts, each attempt ending with the computer restarting on its own. i got the virus from the original Sims game from maxis, it is a legit copy, no funny business on my end. i use AVG antivirus and it picked the little bugger up during the games install, and i didnt remove it immediately because i figured it was just a glitch in the antivirus, never thought id find a virus on a release version of a large scale video game, but when i did try to remove it after the install finished AVG couldnt find it. i have been having problems running any kind of virus scan, even in safe mode the pc restarts when this virus is located i assume, but i digress. i run windows xp professional sp3 fully updated, its 32bit and im not sure what else is needed to begin attacking this problem. i will say that i have looked around and tried fixing this on my own before posting here, i tried control alt delete>looked in task manager for the .exe and found nothing there,looked in the registry for a win32 heur entry and found none, it seems to be hiding somewhere deep and every time i try to find it the virus restarts my pc, i hate this thing lol, anyone have any ideas for me?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 12 July 2011 - 09:32 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 18 July 2011 - 04:53 PM

thank you for your assistance, here are the logs as requested...

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


MiniToolBox by Farbar
Ran by Hunter (administrator) on 18-01-2005 at 16:26:01
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : century-a41987c

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain_not_set.invalid



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : domain_not_set.invalid

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-E0-4C-CF-8A-5D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

216.165.129.158

Lease Obtained. . . . . . . . . . : Tuesday, January 18, 2005 8:46:44 AM

Lease Expires . . . . . . . . . . : Wednesday, January 19, 2005 8:46:44 AM

Server: dslmodem
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 72.14.204.103, 72.14.204.104, 72.14.204.105, 72.14.204.147
72.14.204.99



Pinging google.com [72.14.204.104] with 32 bytes of data:



Reply from 72.14.204.104: bytes=32 time=51ms TTL=57

Reply from 72.14.204.104: bytes=32 time=51ms TTL=57



Ping statistics for 72.14.204.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 51ms, Average = 51ms

Server: dslmodem
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=51ms TTL=57

Reply from 69.147.125.65: bytes=32 time=57ms TTL=57



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 57ms, Average = 54ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 4c cf 8a 5d ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2011 07:09:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/30/2011 07:02:36 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/30/2011 06:55:41 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (12/31/2004 11:02:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/27/2011 07:12:27 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/27/2011 07:07:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/27/2011 05:47:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/27/2011 00:54:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/27/2011 10:41:02 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Error: (06/26/2011 08:17:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.


System errors:
=============
Error: (06/30/2011 07:09:58 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Repair Service (providercomcast) service failed to start due to the following error:
%%2

Error: (06/30/2011 07:09:58 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service depends on the following nonexistent service: EventSystem

Error: (06/30/2011 07:08:42 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (06/30/2011 07:03:19 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (06/30/2011 07:03:19 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.

Error: (06/30/2011 07:03:19 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Repair Service (providercomcast) service failed to start due to the following error:
%%2

Error: (06/30/2011 07:03:19 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service depends on the following nonexistent service: EventSystem

Error: (06/30/2011 07:02:14 PM) (Source: 0) (User: )
Description: \Device\CdRom1

Error: (06/30/2011 06:56:27 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (06/30/2011 06:56:27 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.


Microsoft Office Sessions:
=========================
Error: (06/30/2011 07:09:24 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/30/2011 07:02:36 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/30/2011 06:55:41 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (12/31/2004 11:02:52 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/27/2011 07:12:27 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/27/2011 07:07:22 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/27/2011 05:47:13 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/27/2011 00:54:51 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/27/2011 10:41:02 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Error: (06/26/2011 08:17:54 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2047.48 MB
Available physical RAM: 1256.49 MB
Total Pagefile: 3945.98 MB
Available Pagefile: 3194 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.8 MB

========================= Partitions: =====================================

2 Drive c: (Windows XP System) (Fixed) (Total:37.27 GB) (Free:23.45 GB) NTFS
3 Drive d: (Backup Drive) (Fixed) (Total:74.53 GB) (Free:74.45 GB) NTFS
5 Drive f: (980517_1247) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\CENTURY-A41987C

Administrator Guest HelpAssistant
Hunter SUPPORT_388945a0


== End of log ==

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7193

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/18/2005 4:37:41 PM
mbam-log-2005-01-18 (16-37-41).txt

Scan type: Quick scan
Objects scanned: 143143
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

****************************************************

gmer is not able to finish.
it gets as far as devices during the scan and the machine hangs while attempting to scan "NTPNP_PCI0007"

*******************************************************

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 18 July 2011 - 05:29 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 18 July 2011 - 08:05 PM

updated the gpu drivers for the card that was in pci slot 7 and gmer managed to finish, here are the results as requested, thank you...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2005-01-18 20:25:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400BB-00DEA0 rev.05.03E05
Running: v5w3bucm.exe; Driver: C:\DOCUME~1\Hunter\LOCALS~1\Temp\kwkdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB9B84738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB9B847DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB9B84878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB9B84914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86FC360, 0x37388D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

#6 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 18 July 2011 - 08:29 PM

i download RKU and ran it as specified above and it seems to close itself before finishing its report, it cranks away for about 2-3 minutes before closing, after the second attempt and repeated close of the RKU program, i have decided to call it a night, will check back tomorrow, thanks for you help. 8)

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 18 July 2011 - 08:33 PM

GMER log looks fine.

Are you having any current issues?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 21 July 2011 - 07:26 PM

temp file cleaner found some stuff and removed it not sure what, although i am still having problems. the pc will not complete RKU scan nor the online scan, it reboots during both scans, and the rku shows an entry while running about a faked service or something like that, then it reboots. AAAHHH! 8) any ideas? thanks for your help thus far.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 21 July 2011 - 08:41 PM

Instead of Eset...

Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 26 July 2011 - 03:05 PM

i tried to run the latest scan you requested and both times i ran it the pc restarted, my friend suggested hijackthis, i ran a scan and found a "startup /install" file and removed it along with some other old program entries, and i will monitor for awhile to see if it had any effect.

#11 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 26 July 2011 - 04:19 PM

tried to run advanced systemcare 4 and it got to a point where it contacted a windows server for hotfix's and it restarted. anything funny here?

Mod Edit: Removed HJT data, not to be posted in this forum ~ Hamluis.

Edited by hamluis, 26 July 2011 - 07:42 PM.


#12 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 26 July 2011 - 04:25 PM

also tried to run rootkit unhooker again and this time it did not reboot the pc, although it did close itself out after it worked away for awhile, tried again, same thing. i got a piece of it, but it was not clear what i removed, it was a non specific name.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 26 July 2011 - 07:20 PM

Advanced SystemCare program is not recommended.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


================================================================================

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

Posted Image

============================================================================

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

========================================================================

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System


Under Select type to list, select:
Critical (Vista only)
Error


Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 27 July 2011 - 02:29 PM

Sensor Value Min Max
CENTURY-A41987C
PT800-8237
Voltages
CPU VCORE 1.33 V 1.30 V 1.34 V
VIN1 2.16 V 0.99 V 3.44 V
+3.3V 3.23 V 3.15 V 3.25 V
+5V 5.00 V 4.92 V 5.03 V
+12V 11.58 V 11.26 V 11.65 V
-12V -11.26 V -13.12 V -4.74 V
-5V -7.49 V -12.74 V -4.35 V
+5V VCCH 4.95 V 4.95 V 4.97 V
VBAT 3.18 V 3.18 V 3.18 V
Temperatures
THRM 40 C (103 F) 40 C (103 F) 40 C (103 F)
TMPIN0 49 C (120 F) 48 C (118 F) 70 C (157 F)
TMPIN2 66 C (150 F) 11 C (51 F) 124 C (255 F)
TMPIN1 108 C (226 F) 0 C (32 F) 123 C (253 F)
Fans
FANIN0 3068 RPM 3013 RPM 3125 RPM
Fans PWM
FANPWM0 0 % 0 % 0 %
FANPWM1 0 % 0 % 0 %
FANPWM2 0 % 0 % 0 %
WDC WD800EB-00DJF0
Temperatures
Assembly 37 C (98 F) 37 C (98 F) 49 C (120 F)


****bluescreenview found 0 crashes nothing to report****


Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/07/2011 3:14:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/07/2011 3:32:53 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/07/2011 3:29:13 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/07/2011 3:23:09 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/07/2011 3:07:44 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 30/06/2011 8:09:24 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 30/06/2011 8:02:36 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 30/06/2011 7:55:41 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 31/12/2004 11:02:52 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 27/06/2011 8:12:27 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 27/06/2011 8:07:22 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 27/06/2011 6:47:13 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 27/06/2011 1:54:51 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 27/06/2011 11:41:02 AM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 9:17:54 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 7:40:23 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 7:25:42 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 7:11:30 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 6:02:54 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 26/06/2011 4:36:40 PM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

Log: 'Application' Date/Time: 01/01/2005 12:04:44 AM
Type: error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/07/2011 5:30:55 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 5:14:00 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 4:18:23 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Generate Activation Context failed for C:\Program Files\AVG\AVG10\avgdiagex.exe. Reference error message: The operation completed successfully. .

Log: 'System' Date/Time: 26/07/2011 4:18:23 PM
Type: error Category: 0
Event: 59 Source: SideBySide
Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .

Log: 'System' Date/Time: 26/07/2011 4:18:23 PM
Type: error Category: 0
Event: 32 Source: SideBySide
Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

Log: 'System' Date/Time: 26/07/2011 4:12:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 4:11:00 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 4:10:59 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:58:55 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 3:57:31 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:33:29 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 3:33:29 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The System Event Notification service depends on the following nonexistent service: EventSystem

Log: 'System' Date/Time: 26/07/2011 3:33:02 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:32:56 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:32:49 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:32:42 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:32:37 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:32:29 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom1, has a bad block.

Log: 'System' Date/Time: 26/07/2011 3:30:02 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 26/07/2011 3:30:02 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The System Event Notification service depends on the following nonexistent service: EventSystem

#15 Jaest

Jaest
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 27 July 2011 - 02:30 PM

siw also showed that my bios reports incorrect memory values




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users