Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

settings being changed in security center and i cant change them back??


  • Please log in to reply
39 replies to this topic

#1 westsyde

westsyde

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 27 August 2011 - 05:44 PM

hello, im running windows xp and avira and spybot s&d for antivirus protection. ...i dont even know where to start whith the problems :wacko: well first my computer wont turn off . i can go to start and turn off and it just goes back to the screen. when i do restart it manually (holding power button) than turn it back on i can only access programs for a short time. than 10-20 minutes later i cant access IE, any antivirus programs and a couple other things. i have updated and scanned my computer what came up was:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride(is not)dword:0 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter\Firewalloverride(is not)dword:0. and they were detected because my fire wall and av settings were changed and i cant even change them back?? i triied to look for a solution online and it said to restart and go in to safe mode and download and scan with malware bites which i have not triied because my computer wont shut down??? i am so fusterated any help is very apprieciated. thank you
(to be a little more spacific programs dont open on my computer. i can open files though)

Edited by westsyde, 27 August 2011 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 27 August 2011 - 10:00 PM

Turn computer off manually (power button).
Restart in Safe Mode and see if you can run MBAM from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 02:22 AM

Thank you broni for your responce. i ran malwarebites in safe mode and it found 2 trojans.fakealert and 3 pum.disable.securitycenter alerts. mbam removed them and i restarted my computer and in windows security center it says that automatic updates is off and i go to turn it on, i get a msg saying we are sorry the security center could not change your automatic updates settings to try changing these settings yourself go to system in control panel select automatic and click ok^^^^^ than i go to do that and it says that its turned on.?????... and about 10 -15 minutes later my computer is unresponsive but not frozen (my mouse still moves and start pops up) any help is greatly appriciated thanks again :)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 11:29 AM

Restart computer in Safe Mode with Networking, update MBAM, run it again and post it's log.

Then....

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 12:39 PM

hello broni thanx for the quick responceMBAM scan came back clean here is the log ( i can also post 1st log that had the viruses if need be)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7590

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

28/08/2011 11:17:43 AM
mbam-log-2011-08-28 (11-17-43).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 247087
Time elapsed: 32 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and now i will download and run gmer it may take a while cuz my computers slow :) (you didnt say to do it in safe mode so i will do this step in regular mode)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 12:48 PM

OK :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 01:23 PM

hers my gmer log GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-28 12:17:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD2000BB-00GUC0 rev.08.02D08
Running: s3q5767f[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxlcypob.sys


---- System - GMER 1.0.15 ----

SSDT F291AFDC ZwClose
SSDT F291AF96 ZwCreateKey
SSDT F291AFE6 ZwCreateSection
SSDT F291AF8C ZwCreateThread
SSDT F291AF9B ZwDeleteKey
SSDT F291AFA5 ZwDeleteValueKey
SSDT F291AFD7 ZwDuplicateObject
SSDT F291AFAA ZwLoadKey
SSDT F291AF78 ZwOpenProcess
SSDT F291AF7D ZwOpenThread
SSDT F291AFB4 ZwReplaceKey
SSDT F291AFAF ZwRestoreKey
SSDT F291AFEB ZwSetContextThread
SSDT F291AFA0 ZwSetValueKey
SSDT F291AF87 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF51773A0, 0x59FFE5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[316] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02C4000A
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 02C5000A
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 02C6000A
.text C:\WINDOWS\System32\svchost.exe[980] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 02A2000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7000A
.text C:\WINDOWS\Explorer.EXE[1488] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F5000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-1b 834BF51B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-13 834BF51B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Brother MFC-210C USB Printer@ChangeID 751109

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----


with gmer can i use it on my computer on a regular basis or should i only use it if i think their may be a problem??? thank you for all ur help

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 01:28 PM

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 04:57 PM

i went to restart my computer after scan with TDSSKiller and my computer froze at the blue windows is logging off screen ( i waited like 2 hrs) so i had to manually (push button) shut down my comp. so i relly hope that didnt interfere with the removal of the rootkit i can always scan again if need be. here is the log:
2011/08/28 12:33:53.0703 3028 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 12:33:55.0703 3028 ================================================================================
2011/08/28 12:33:55.0703 3028 SystemInfo:
2011/08/28 12:33:55.0703 3028
2011/08/28 12:33:55.0703 3028 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/28 12:33:55.0703 3028 Product type: Workstation
2011/08/28 12:33:55.0703 3028 ComputerName: EMACHINES
2011/08/28 12:33:56.0015 3028 UserName: Owner
2011/08/28 12:33:56.0015 3028 Windows directory: C:\WINDOWS
2011/08/28 12:33:56.0015 3028 System windows directory: C:\WINDOWS
2011/08/28 12:33:56.0015 3028 Processor architecture: Intel x86
2011/08/28 12:33:56.0015 3028 Number of processors: 1
2011/08/28 12:33:56.0015 3028 Page size: 0x1000
2011/08/28 12:33:56.0015 3028 Boot type: Normal boot
2011/08/28 12:33:56.0015 3028 ================================================================================
2011/08/28 12:34:06.0656 3028 Initialize success
2011/08/28 12:34:22.0234 1628 ================================================================================
2011/08/28 12:34:22.0234 1628 Scan started
2011/08/28 12:34:22.0234 1628 Mode: Manual;
2011/08/28 12:34:22.0234 1628 ================================================================================
2011/08/28 12:34:30.0000 1628 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/28 12:34:30.0875 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/28 12:34:31.0656 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/28 12:34:32.0421 1628 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/28 12:34:34.0031 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/28 12:34:35.0500 1628 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/28 12:34:36.0593 1628 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/28 12:34:37.0609 1628 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/28 12:34:38.0484 1628 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/28 12:34:39.0312 1628 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/28 12:34:40.0140 1628 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/28 12:34:40.0984 1628 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/28 12:34:41.0718 1628 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/28 12:34:42.0406 1628 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/28 12:34:43.0015 1628 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/08/28 12:34:43.0640 1628 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/28 12:34:44.0421 1628 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/28 12:34:45.0453 1628 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/28 12:34:46.0703 1628 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/28 12:34:47.0671 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/28 12:34:48.0703 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/28 12:34:50.0062 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/28 12:34:50.0765 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/28 12:34:51.0234 1628 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/28 12:34:52.0390 1628 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/28 12:34:53.0156 1628 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/28 12:34:53.0875 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/28 12:34:54.0500 1628 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/08/28 12:34:55.0187 1628 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/28 12:34:56.0031 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/28 12:34:56.0781 1628 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/28 12:34:57.0406 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/28 12:34:58.0031 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/28 12:34:58.0843 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/28 12:34:59.0921 1628 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/28 12:35:00.0406 1628 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/28 12:35:01.0250 1628 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/28 12:35:02.0203 1628 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/28 12:35:03.0406 1628 DC21x4 (bb005cb49d0638039703ac4f67fe0a05) C:\WINDOWS\system32\DRIVERS\dc21x4.sys
2011/08/28 12:35:04.0156 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/28 12:35:05.0296 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/28 12:35:06.0390 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/28 12:35:07.0140 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/28 12:35:07.0718 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/28 12:35:08.0312 1628 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/28 12:35:09.0109 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/28 12:35:09.0968 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/28 12:35:11.0078 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/28 12:35:11.0656 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/28 12:35:12.0328 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/28 12:35:12.0984 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/28 12:35:13.0593 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/28 12:35:14.0265 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/28 12:35:15.0031 1628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 12:35:15.0546 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/28 12:35:16.0187 1628 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/08/28 12:35:16.0859 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/28 12:35:17.0531 1628 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/28 12:35:18.0203 1628 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/28 12:35:19.0406 1628 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/28 12:35:21.0031 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/28 12:35:22.0109 1628 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/28 12:35:22.0687 1628 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/28 12:35:23.0531 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/28 12:35:24.0562 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/28 12:35:26.0000 1628 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/28 12:35:31.0921 1628 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/28 12:35:37.0468 1628 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/28 12:35:38.0343 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/28 12:35:39.0250 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/28 12:35:40.0015 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/28 12:35:40.0656 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/28 12:35:41.0562 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/28 12:35:42.0437 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/28 12:35:43.0031 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/28 12:35:43.0937 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/28 12:35:45.0296 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/28 12:35:47.0078 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/28 12:35:49.0625 1628 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/28 12:35:51.0312 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/28 12:35:52.0609 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/28 12:35:54.0171 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/28 12:35:56.0375 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/28 12:35:58.0328 1628 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/28 12:35:59.0187 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/28 12:36:02.0906 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/28 12:36:06.0671 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/28 12:36:08.0437 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/28 12:36:09.0421 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/28 12:36:09.0937 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/28 12:36:10.0843 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/28 12:36:12.0000 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/28 12:36:12.0937 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/28 12:36:14.0265 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/28 12:36:15.0531 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/28 12:36:17.0734 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/28 12:36:19.0125 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/28 12:36:21.0000 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/28 12:36:22.0906 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/28 12:36:25.0156 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/28 12:36:28.0390 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/28 12:36:32.0156 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/28 12:36:46.0609 1628 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/28 12:37:03.0218 1628 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/28 12:37:04.0718 1628 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/28 12:37:07.0265 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/28 12:37:08.0296 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/28 12:37:09.0562 1628 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/28 12:37:11.0046 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/28 12:37:12.0359 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/28 12:37:12.0890 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/28 12:37:13.0843 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/28 12:37:16.0109 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/28 12:37:18.0390 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/28 12:37:30.0531 1628 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/28 12:37:31.0875 1628 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/28 12:37:34.0562 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/28 12:37:37.0062 1628 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/28 12:37:39.0281 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/28 12:37:40.0343 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/28 12:37:42.0578 1628 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/28 12:37:44.0093 1628 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/28 12:37:45.0531 1628 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/28 12:37:46.0640 1628 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/28 12:37:48.0765 1628 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/28 12:37:50.0906 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/28 12:37:52.0234 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/28 12:37:54.0109 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/28 12:37:55.0765 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/28 12:37:57.0390 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/28 12:38:00.0015 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/28 12:38:01.0734 1628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/28 12:38:05.0140 1628 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/28 12:38:07.0328 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/28 12:38:08.0453 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/28 12:38:11.0906 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/28 12:38:13.0921 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/28 12:38:16.0140 1628 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/28 12:38:18.0578 1628 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/28 12:38:20.0531 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/28 12:38:22.0906 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/28 12:38:26.0421 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/28 12:38:29.0062 1628 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/28 12:38:31.0046 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/28 12:38:32.0765 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/28 12:38:34.0015 1628 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/28 12:38:34.0953 1628 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/28 12:38:36.0140 1628 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/28 12:38:37.0859 1628 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/28 12:38:39.0781 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/28 12:38:41.0312 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/28 12:38:44.0218 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/28 12:38:45.0765 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/28 12:38:46.0578 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/28 12:38:47.0562 1628 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/28 12:38:49.0031 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/28 12:38:50.0796 1628 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/28 12:38:52.0078 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/28 12:38:53.0531 1628 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/28 12:38:54.0375 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/28 12:38:55.0218 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/28 12:38:55.0875 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/28 12:38:56.0828 1628 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/28 12:38:57.0640 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/28 12:39:00.0093 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/28 12:39:01.0859 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/28 12:39:02.0968 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/28 12:39:06.0156 1628 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/28 12:39:08.0843 1628 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/28 12:39:10.0453 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/28 12:39:11.0937 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/28 12:39:13.0703 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/28 12:39:15.0812 1628 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/28 12:39:17.0875 1628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/28 12:39:19.0078 1628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/28 12:39:19.0640 1628 MBR (0x1B8) (a2a0c6ca4dfd2fb81772487aa7e9c2e8) \Device\Harddisk0\DR0
2011/08/28 12:39:19.0671 1628 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/28 12:39:19.0703 1628 Boot (0x1200) (2856d254479b4b19a3f5c58ccac70eff) \Device\Harddisk0\DR0\Partition0
2011/08/28 12:39:19.0718 1628 Boot (0x1200) (b101a5f38fe4f2311817f096565d2477) \Device\Harddisk0\DR0\Partition1
2011/08/28 12:39:19.0734 1628 ================================================================================
2011/08/28 12:39:19.0734 1628 Scan finished
2011/08/28 12:39:19.0734 1628 ================================================================================
2011/08/28 12:39:21.0578 3460 Detected object count: 1
2011/08/28 12:39:21.0578 3460 Actual detected object count: 1
2011/08/28 12:51:07.0109 3460 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/28 12:51:07.0234 3460 \Device\Harddisk0\DR0 - ok
2011/08/28 12:51:07.0312 3460 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/28 12:52:23.0656 3804 Deinitialize success
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
my computer is still running very slow and my CPU usage is between 20% to 100% when all i have up is bleeping computer site(which usually works fast on my computer) thank you

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 05:06 PM

Let's double check...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 05:55 PM

Here is the log for the rootkit unhooker:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF5EDE000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0xEF350000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4083712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5D4F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF5B90000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xF5CA2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF72EC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEB882000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF2746000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB79A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7ADE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD61F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7845000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5E4C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 225280 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF7467000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7D66000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72BF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF73C2000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB69A8000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEB8F2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5C7A000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEB772000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEB74B000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xEB85C000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB727000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xEF2D6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5EA6000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5E83000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB91D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73A2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7437000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72A5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73EE000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF7407000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEB70F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF741F000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB87E9000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7379000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5B5B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB86E4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5ECA000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB7F3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7390000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7456000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5B4A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB7F50000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF71ED000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF034B000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF71DD000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEFDBD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF05D1000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75F6000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75C6000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF05B1000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xF76E6000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF7656000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF720D000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76F6000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7636000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7626000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7716000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7686000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76B6000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7696000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF76A6000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF7776000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF71FD000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75A6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7706000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7676000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7596000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF0611000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF71CD000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF7616000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75E6000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7666000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF3375000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB7770000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7646000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7726000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7746000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF75D6000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7606000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF78E6000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEE9B8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7846000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7856000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78D6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF782E000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF787E000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7816000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7876000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF784E000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF785E000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7866000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF78DE000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78C6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEE9B0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xEE9C8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF786E000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF783E000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7836000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xEE9C0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF781E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF4B9E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF4B96000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7826000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEE66C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79B2000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79C2000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF79CA000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF79AE000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF79BA000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF79C6000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF6E87000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2CE2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79B6000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF79A6000 00000016 12288 bytes
0xF79BE000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF79AA000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEB812000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7271000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF79A6000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB7EA5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF6E7B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEEDC8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A98000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7AA6000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7B44000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AA2000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A9A000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xEEEF0000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B40000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AA0000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B46000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AA4000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7B48000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B30000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A9C000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7B3C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A9E000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A96000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C2E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B61000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEAC9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B5E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 06:00 PM

Looks good :)

Is normal mode working OK now?
If so, update MBAM, run quick scan and post new log.

===========================================================

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 07:27 PM

Hello again, thx so much you have been so helpful. yes my computer seems to be running good in normal mode ( a little slow but its old and always kind of slow) the only thing is im still getting the windows security alert saying "we are sorry the security center could not change your automatic updates settings to try changing these settings yourself go to system in control panel select automatic and click ok^^^^^" and than i do so and it still says that autoupdate is on in control panel while security center says its off. here is the mBam log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7600

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/08/2011 6:04:27 PM
mbam-log-2011-08-28 (18-04-27).txt

Scan type: Quick scan
Objects scanned: 190275
Time elapsed: 35 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
======================================================================
here is the security check log:
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
==============================================================
And lastly here is the log for Mini toolbox:
MiniToolBox by Farbar
Ran by Owner (administrator) on 28-08-2011 at 18:16:38
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : EMachines

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.invalid



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : domain.invalid

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #2

Physical Address. . . . . . . . . : 00-16-17-33-74-59

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

192.168.1.254

Lease Obtained. . . . . . . . . . : August 28, 2011 3:26:22 PM

Lease Expires . . . . . . . . . . : August 29, 2011 3:26:22 PM

Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.73.106, 74.125.73.147, 74.125.73.99, 74.125.73.103
74.125.73.104, 74.125.73.105



Pinging google.com [74.125.73.104] with 32 bytes of data:



Reply from 74.125.73.104: bytes=32 time=135ms TTL=52

Reply from 74.125.73.104: bytes=32 time=111ms TTL=52



Ping statistics for 74.125.73.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 111ms, Maximum = 135ms, Average = 123ms

Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=113ms TTL=52

Reply from 209.191.122.70: bytes=32 time=114ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 114ms, Average = 113ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 17 33 74 59 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.65 192.168.1.65 20
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 20
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 20
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 20
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2011 03:34:37 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2011 03:34:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2011 03:34:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2011 03:34:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2011 03:34:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2011 00:33:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (08/27/2011 02:56:50 PM) (Source: Application Error) (User: )
Description: Faulting application bitlord.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [bitlord.exe!ws!]

Error: (08/27/2011 00:34:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Error: (08/26/2011 11:56:17 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Error: (08/26/2011 03:30:49 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/28/2011 03:30:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (08/28/2011 03:30:02 PM) (Source: Service Control Manager) (User: )
Description: The Avira AntiVir Guard service hung on starting.

Error: (08/28/2011 01:01:48 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2011 00:59:48 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2011 00:57:48 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2011 00:55:45 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2011 11:53:49 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/28/2011 11:53:49 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/28/2011 11:53:48 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (08/28/2011 11:52:56 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (08/28/2011 03:34:37 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/28/2011 03:34:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/28/2011 03:34:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/28/2011 03:34:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/28/2011 03:34:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/28/2011 00:33:29 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe connection with the server was terminated abnormally

Error: (08/27/2011 02:56:50 PM) (Source: Application Error)(User: )
Description: bitlord.exe0.0.0.00.0.0.000000000

Error: (08/27/2011 00:34:12 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

Error: (08/26/2011 11:56:17 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

Error: (08/26/2011 03:30:49 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.700)
BitLord 1.2
Bonjour (Version: 2.0.5.0)
Browser Address Error Redirector
ContentManager (Version: 0.5)
Coupon Printer for Windows (Version: 5.0.0.0)
Digital Media Reader (Version: 1.13)
File Type Assistant
Free File Viewer 2011
Google Update Helper (Version: 1.3.21.65)
iTunes (Version: 10.2.2.14)
J2SE Runtime Environment 5.0 Update 2 (Version: 1.5.0.20)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Digital Image Starter Edition 2006 (Version: 11.0.0422)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.0422)
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.0422)
Microsoft Money 2005 (Version: 14)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Microsoft XML Parser (Version: 8.70.1104.04)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Multimedia Keyboard Driver
NetAssistant (Version: 3.8.3)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Software Suite eMachines (Version: 1.00.0000)
Soft Data Fax Modem with SmartCP
Speccy (Version: 1.09)
Spybot - Search & Destroy (Version: 1.6.2)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 66%
Total physical RAM: 383.36 MB
Available physical RAM: 130.14 MB
Total Pagefile: 1243.56 MB
Available Pagefile: 810.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:182.65 GB) (Free:159.44 GB) NTFS
2 Drive d: () (Fixed) (Total:3.65 GB) (Free:1.39 GB) FAT32

========================= Users: ========================================

User accounts for \\EMACHINES

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****
(what programs out of the ones that i downloaded today should i keep and what ones can i uninstall)
Thank you

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:30 AM

Posted 28 August 2011 - 07:58 PM

(what programs out of the ones that i downloaded today should i keep and what ones can i uninstall)

I'll let you know at the end of this topic.

Your computer could use another 512MB of RAM for better performance:

Total physical RAM: 383.36 MB


Now, we seem to have "hosts" file missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 westsyde

westsyde
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:30 AM

Posted 28 August 2011 - 08:20 PM

Hello, Yes i know my computer despratly needs more memory its just something i havent gotten around to..lol :P
here is the system look log:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:18 on 28/08/2011 by Owner
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
lmhosts.sam --a---- 3683 bytes [16:55 10/08/2004] [19:00 04/08/2004]
networks --a---- 407 bytes [16:55 10/08/2004] [19:00 04/08/2004]
protocol --a---- 799 bytes [16:56 10/08/2004] [19:00 04/08/2004]
services --a---- 7116 bytes [16:56 10/08/2004] [19:00 04/08/2004]

---Folders---
None found.

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users