Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive failure and lost files


  • Please log in to reply
26 replies to this topic

#1 PWKilla

PWKilla

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 24 November 2011 - 01:38 AM

It occured when i tried to open internet explorer while google chrome was downloading a file. However, I have always been able to do this when I attempted it previously, so I am not sure what made this time different, but after i clicked on internet explorer, everything i had open got immediately closed, my screen flashed black, and when it was back at my desktop, all my icons were gone aside from Recycling bin, Microsoft Word, and Powerpoint, and like 50 little message windows opened one after the other saying that files may have been lost because of damage done to the C drive. I cannot preform a system restore because it says there are no previous restore points, and all of my files (documents, pictures, downloads, music, programs) are no longer on my computer for some reason? Is this just a problem with my C drive that can be fixed and restored? Or are all of my files gone for good? Also, my PCtools Spy Doctor ran a scan and said: Adware.BHO.GEN (20 Infections) - High Threat. I realize I have to get this problem fixed as well...I just want to know first if all my files are gone or if there is a way to get them back. Anybody who can help, I really, really appreciate it. Thanks (Oh and btw, I have a Dell Desktop, not a laptop, if that helps.)

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 24 November 2011 - 02:11 PM

Possibly those files just got hidden.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 24 November 2011 - 04:48 PM

Thanks so much, I really appreciate the help and how detailed all the instructions are. So the first two programs worked and ill copy and paste the results here in this post, but when trying to download Malwarebytes Anti-Malware, i click on the link, it takes me to the download page, but when i click on the icon that says "click here to start download" it takes me to another page where it says "your download will begin in a moment", but the web page always freezes.
These were the results for when i did the Mini Tool Box scan (sorry for the length):

MiniToolBox by Farbar
Ran by Patrick (administrator) on 24-11-2011 at 12:18:12
Windows 7 Ultimate (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15090 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2) = Wireless Network Connection (Connected)
Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Patrick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2)
Physical Address. . . . . . . . . : F0-7D-68-11-88-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1c85:9c20:317f:6dc9%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, November 24, 2011 12:06:37 PM
Lease Expires . . . . . . . . . . : Thursday, December 01, 2011 12:06:50 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 368082280
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-84-FB-43-00-1D-09-9A-AD-AE
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1D-09-9A-AD-AE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.phub.net.cable.rogers.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A49EADAB-DB03-4375-B326-C6B9F0BC4439}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3cf4:dfe:9c1f:c04(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cf4:dfe:9c1f:c04%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www.phub.net.cable.rogers.com
Address: 192.168.0.1

Name: google.com
Addresses: 72.14.204.104
72.14.204.99
72.14.204.147
72.14.204.105
72.14.204.103


Pinging google.com [72.14.204.105] with 32 bytes of data:
Reply from 72.14.204.105: bytes=32 time=48ms TTL=55
Reply from 72.14.204.105: bytes=32 time=39ms TTL=55

Ping statistics for 72.14.204.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 48ms, Average = 43ms
Server: www.phub.net.cable.rogers.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=73ms TTL=53
Reply from 209.191.122.70: bytes=32 time=73ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 73ms, Average = 73ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...f0 7d 68 11 88 0b ......D-Link DWA-160 Xtreme N Dual Band USB Adapter(rev.A2)
11...00 1d 09 9a ad ae ......Intel® 82562V-2 10/100 Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.23 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.23 281
192.168.0.23 255.255.255.255 On-link 192.168.0.23 281
192.168.0.255 255.255.255.255 On-link 192.168.0.23 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.23 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.23 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:3cf4:dfe:9c1f:c04/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
12 281 fe80::1c85:9c20:317f:6dc9/128
On-link
13 306 fe80::3cf4:dfe:9c1f:c04/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/24/2011 10:26:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16869, time stamp: 0x4e4f21db
Faulting module name: jscript.dll, version: 5.8.7600.16762, time stamp: 0x4d5e0361
Exception code: 0xc0000005
Fault offset: 0x0002665f
Faulting process id: 0xd50
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/23/2011 11:37:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 955756

Error: (11/23/2011 11:37:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 955756

Error: (11/23/2011 11:37:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2011 11:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 954757

Error: (11/23/2011 11:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 954757

Error: (11/23/2011 11:37:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/23/2011 11:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 953759

Error: (11/23/2011 11:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 953759

Error: (11/23/2011 11:37:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/23/2011 10:08:58 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/23/2011 00:18:55 PM) (Source: DCOM) (User: Patrick)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Patrick-PCPatrickS-1-5-21-2122477247-671054090-2250009477-1000LocalHost (Using LRPC)

Error: (11/23/2011 00:18:54 PM) (Source: DCOM) (User: Patrick)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Patrick-PCPatrickS-1-5-21-2122477247-671054090-2250009477-1000LocalHost (Using LRPC)

Error: (11/22/2011 10:21:24 PM) (Source: DCOM) (User: Patrick)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Patrick-PCPatrickS-1-5-21-2122477247-671054090-2250009477-1000LocalHost (Using LRPC)

Error: (11/22/2011 10:21:24 PM) (Source: DCOM) (User: Patrick)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Patrick-PCPatrickS-1-5-21-2122477247-671054090-2250009477-1000LocalHost (Using LRPC)

Error: (11/22/2011 09:02:50 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/18/2011 00:18:40 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (11/18/2011 10:24:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service failed to start due to the following error:
%%1069

Error: (11/18/2011 10:24:31 AM) (Source: Service Control Manager) (User: )
Description: The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/18/2011 01:08:34 AM) (Source: Service Control Manager) (User: )
Description: The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Reader 9.4.0 (Version: 9.4.0)
Advanced Audio FX Engine (Version: 1.12.05)
ANIWZCS2 Service
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Bonjour (Version: 2.0.4.0)
Browser Defender 3.0 (Version: 3.0.0.313)
D-Link Xtreme N Dual Band DWA-160
D-Link Xtreme N Dual Band DWA-160 (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Dell Photo AIO Printer 926
DivX Setup (Version: 2.3.0.20)
DivX Web Player (Version: 1.5.0)
DVDVideoSoftTB Toolbar (Version: 6.3.3.3)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.10.8.815
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
LG USB Modem driver
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
QuickTime (Version: 7.69.80.9)
Rocketfish HD Webcam (1.00.06.00)
Rocketfish Live! Central (Version: 2.00.53)
SeaTools for Windows (Version: 1.2.0.5)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.112)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor 8.0 (Version: 8.0)
Trojan Killer 2.1
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
vGrabber (Version: 1.14)
Vgrabber Toolbar (Version: 6.7.0.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinZip 15.0 (Version: 15.0.9334)

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 2037.18 MB
Available physical RAM: 725.62 MB
Total Pagefile: 4074.35 MB
Available Pagefile: 2465.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:229.47 GB) (Free:71.01 GB) NTFS

========================= Users: ========================================

User accounts for \\PATRICK-PC

Administrator Guest Patrick


**** End of log ****


And here are the results from the security check:

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 24 November 2011 - 05:05 PM

What about GMER?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 24 November 2011 - 06:24 PM

Okay so i used GMER and it worked out, I preformed the scan and copied the log, here it is:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-24 15:20:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.ADA
Running: 45z3uvw7.exe; Driver: C:\Users\Patrick\AppData\Local\Temp\pwdiyfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88A2A0CC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88A2A394]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88A2A690]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x88A29B3C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A80539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 33C 82AAC99C 8 Bytes [CC, A0, A2, 88, 94, A3, A2, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 374 82AAC9D4 4 Bytes [90, A6, A2, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7C8 82AACE28 4 Bytes [3C, 9B, A2, 88]
.text user32.dll!SetForegroundWindow 7738D3AE 6 Bytes [FF, 25, 1E, 00, AE, 71] {JMP [0x71ae001e]}
.text user32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text user32.dll!SetWindowPos + 4 77393585 2 Bytes [A8, 71] {TEST AL, 0x71}
.text user32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes [FF, 25, 1E, 00, A5, 71] {JMP [0x71a5001e]}
.text user32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes [FF, 25, 1E, 00, A2, 71] {JMP [0x71a2001e]}
.text KernelBase.dll!LoadLibraryExW + E3 75D0B941 4 Bytes [0A, 00, 3F, 00]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[1732] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\taskhost.exe[1732] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[1732] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\system32\taskhost.exe[1732] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\taskhost.exe[1732] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2616] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2616] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2616] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2616] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2616] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\System32\igfxtray.exe[2628] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\igfxtray.exe[2628] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2628] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\System32\igfxtray.exe[2628] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\System32\igfxtray.exe[2628] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\System32\hkcmd.exe[2640] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\hkcmd.exe[2640] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2640] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\System32\hkcmd.exe[2640] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\System32\hkcmd.exe[2640] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\System32\igfxpers.exe[2684] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2720] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2720] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2720] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2720] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[2720] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe[2752] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe[2752] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe[2752] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe[2752] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe[2752] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2776] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2776] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2776] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[2776] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2776] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Rocketfish HD Webcam\Live! Central\RfLVCentral2.exe[2788] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Rocketfish HD Webcam\Live! Central\RfLVCentral2.exe[2788] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Rocketfish HD Webcam\Live! Central\RfLVCentral2.exe[2788] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Rocketfish HD Webcam\Live! Central\RfLVCentral2.exe[2788] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Rocketfish HD Webcam\Live! Central\RfLVCentral2.exe[2788] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\V0650Mon.exe[2804] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Windows\V0650Mon.exe[2804] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\V0650Mon.exe[2804] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Windows\V0650Mon.exe[2804] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Windows\V0650Mon.exe[2804] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\wuauclt.exe[2824] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\wuauclt.exe[2824] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[2824] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\wuauclt.exe[2824] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\wuauclt.exe[2824] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A30F5A
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[2828] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[2828] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[2828] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[2828] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[2828] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[2888] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[2888] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[2888] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[2888] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[2888] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3040] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3040] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3040] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3040] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3040] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3052] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3052] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3052] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3052] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3052] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3084] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3084] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3084] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3084] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3084] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3224] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3224] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3224] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A7, 71]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3224] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A50F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3224] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4456] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4456] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4456] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4456] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A60F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4456] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A30F5A
.text C:\Users\Patrick\Documents\45z3uvw7.exe[5816] USER32.dll!SetForegroundWindow 7738D3AE 6 Bytes JMP 71AF0F5A
.text C:\Users\Patrick\Documents\45z3uvw7.exe[5816] USER32.dll!SetWindowPos 77393581 3 Bytes [FF, 25, 1E]
.text C:\Users\Patrick\Documents\45z3uvw7.exe[5816] USER32.dll!SetWindowPos + 4 77393585 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Users\Patrick\Documents\45z3uvw7.exe[5816] USER32.dll!ChangeDisplaySettingsExA 773A81B7 6 Bytes JMP 71A60F5A
.text C:\Users\Patrick\Documents\45z3uvw7.exe[5816] USER32.dll!ChangeDisplaySettingsExW 773CFA61 6 Bytes JMP 71A30F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BDD8] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[632] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BFDC] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BDD8] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BFDC] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[1664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BAF8] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[1664] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCFC] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[1664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BAF8] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[1664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCFC] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsGui.exe[1664] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [0044BAF8] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1908] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75975E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 24 November 2011 - 06:27 PM

Also, I tried to download the Alwarebytes Anti Malware again but it didn't work

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 24 November 2011 - 11:26 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 November 2011 - 01:55 PM

Alright so the aswMBR worked and these are the results:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 10:41:06
-----------------------------
10:41:06.418 OS Version: Windows 6.1.7600
10:41:06.418 Number of processors: 4 586 0xF0B
10:41:06.420 ComputerName: PATRICK-PC UserName: Patrick
10:41:30.991 Initialize success
10:43:25.472 AVAST engine defs: 11112500
10:44:08.926 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:44:08.930 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
10:44:10.977 Disk 0 MBR read successfully
10:44:10.981 Disk 0 MBR scan
10:44:11.746 Disk 0 Windows 7 default MBR code
10:44:11.769 Disk 0 scanning sectors +488263545
10:44:13.093 Disk 0 scanning C:\Windows\system32\drivers
10:44:37.231 Service scanning
10:44:38.756 Modules scanning
10:44:49.230 Disk 0 trace - called modules:
10:44:49.252 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
10:44:49.258 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cab7f0]
10:44:49.264 3 CLASSPNP.SYS[8910a59e] -> nt!IofCallDriver -> [0x85cab020]
10:44:49.601 5 PCTCore.sys[88a176a9] -> nt!IofCallDriver -> [0x85b62918]
10:44:49.609 7 ACPI.sys[836ad3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e97908]
10:44:50.666 AVAST engine scan C:\Windows
10:44:54.154 AVAST engine scan C:\Windows\system32
10:47:41.618 AVAST engine scan C:\Windows\system32\drivers
10:47:57.445 AVAST engine scan C:\Users\Patrick
10:52:35.168 AVAST engine scan C:\ProgramData
10:53:07.473 Scan finished successfully
10:54:30.363 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
10:54:30.370 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 25 November 2011 - 08:29 PM

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Click on "Preferences" button.
  • Click the "Scanning Control" tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 27 November 2011 - 04:34 PM

Alright so the SUPERAnti Spyware worked and here is the Log from my last scan. And btw thank's for being such a huge help throughout this situation, I can't thank you enough:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/27/2011 at 01:11 PM

Application Version : 5.0.1136

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type : Complete Scan
Total Scan Time : 01:28:50

Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 364
Memory threats detected : 0
Registry items scanned : 37381
Registry threats detected : 1
File items scanned : 190619
File threats detected : 3

Adware.IWinGames
HKU\S-1-5-21-2122477247-671054090-2250009477-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP527\A0131153.EXE

Trojan.Agent/Gen-MalSec
C:\USERS\PATRICK\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\50\50700232-12D28E2B

Trojan.Dropper/Win-NV
C:\WINDOWS.OLD\PROGRAM FILES\DELL SUPPORT CENTER\HWDIAG\BIN\HTTP.DLL

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 27 November 2011 - 05:09 PM

What are the current issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 27 November 2011 - 05:43 PM

All my files are still missing. When i click on the start button and All Programs, there are folders for most of my programs, but it says they are all empty. I can't find my pictures, videos, downloads, music, I can't even find the internet explorer program. At the bottom right hand corner of my screen there are a bunch of little icons and there is one that looks like a white flag. When i click on that a little box opens with a bunch of options for me to chose and one of them is "find an antivirus program online" so i click on that and it takes me to the internet, so that's how I've been getting on to check this forum and download all those things youve told me to. The computer seems to be running smoother now that those virus scans are completed, and my tower no longer makes crazy noises like before, but i just still have no idea where to look to find all of my files and how to access them.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 27 November 2011 - 05:47 PM

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 PWKilla

PWKilla
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 27 November 2011 - 06:52 PM

It worked! Wow, you are a computer magician. Amazing. Thank you so much. Everything is back, and I thought i'd lost it forever! You're a beauty, again thank you so much. Is there any other steps I should take now? Just to ensure something like this doesn't happen again.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:59 PM

Posted 27 November 2011 - 07:00 PM

Good news :)

Run couple more steps for me and then I'll post some more advice for you....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users