Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where do I begin...


  • Please log in to reply
23 replies to this topic

#1 RavensPoet9

RavensPoet9

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 05 August 2012 - 10:46 PM

About a week ago, I got a notice not during a scan, but when logging on that MS Security Essentials had found and Quarantined the Blackole trojan, this was the first such notice but said it had been quarantined since the 21st of July O.o. It said to remove it and I did. Then I noticed, my computer running super sluggishly. The fan sounding like it was going to fly out of the back of it, as processes whirred doing who knows what to my computer... :hysterical: then I pulled out Spybot. last night. it found Facebook.Messanger yes the bad one as I have never downloaded the other and this is the first time any of this is happening to my computer. I said well if Spybot found something, let's see if Super-Anti Spyware finds something...OMG, my brother, He has been going on my computer using it on PORN :woot: sites and it found "something Installmanager.exe, which is further listed as Heur.Agent/Gen-Whitebox and furthermore ONLY ON HIS LOGIN, 1179 Tracking cookies :blink: Now every sight except Google+& I had to change FB to Secure browsing as well so I could just log in as every other page is unencrypted on Chrome I seriously don't know where to begin, what to do, I am not computer illiterate but these things were found only in the last couple of days on his login. I noticed something was WRONG when I logged onto mine and it said "Windows had been shut down unexpectedly" That is my computers code for telling me, YOUR BROTHER has done something horribly wrong and get it help :( Sorry this is crazy sounding, I really want to pull my hair out.

I would be grateful for any information that you could give me. :(

Thank you Kindly,

Sincerely, Erin

PS I do not run any of the others at any other time, unless I see there is something wrong, they are always kept updated, but I do not run them in RT, only MS SE

PSS All the Tracking cookies just come back as I cannot find them with the path given in SuperAnti Spyware. There is no such folder and I have the "show hidden folders" on. :lmao:

Also MS SE NEEDS CONTANT MANUAL UPDATING EVEN THOUGH IT IS SET TO AUTO Update and these updates never show in windows updater

Edited by RavensPoet9, 06 August 2012 - 12:49 AM.


BC AdBot (Login to Remove)

 


#2 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 06:00 PM

Is there a REASON no one will even look at mine if so, I would gladly change what needs to be changed, I am lucky I can even get here, though your site is not even encrypted when I sign in and each time even though it has my name saved (not pass) it says I have never been here before now.

Things are not better they are worse, Startup is being affected now, I have to go into tskmgr to kill process to even get it to start, while I am on the pc, it seems as though it hitches , when I say hitches it is almost like someone else is in control, I can only get Youtube to open up on secure if I click a link from a video I have shared to Google+ but not if I click the link on the taskbar of Google+ for Youtube. Only while on the secure https do the videos run normally, otherwise my computer is VERY SLOW. This computer has never been slow and is well maintained, all of a sudden, I notice my brother not on the computer that is a red flag, iI get on and get the above problems.....

It will not let HP do all it's start up that is necessary that is where it is interfereing....or jumping in....

Again sorry if I am wasting your time, I am ready to throw the computer out the window :killcomp:

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 PM

Posted 06 August 2012 - 08:28 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 09:25 PM

Thank you So Much Broni :)

Checkup.txt Results

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
PC Cleaners
Java™ 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

#5 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 09:28 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Badbh (administrator) on 06-08-2012 at 19:27:03
Running from "C:\Users\Badbh\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 19:32] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 10:16] - [2012-03-30 05:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 19:14] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-06-09 21:51] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-06-09 21:52] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-06-09 21:51] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:33] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-06-09 21:52] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#6 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 09:31 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Badbh (administrator) on 06-08-2012 at 19:30:19
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= IP Configuration: ================================

USB Wireless 802.11 b/g Adaptor = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Badbh-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : socal.rr.com

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor
Physical Address. . . . . . . . . : 00-22-5F-1E-B1-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : socal.rr.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-23-54-8B-B8-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::edc4:732c:6793:6f31%10(Preferred)
IPv4 Address. . . . . . . . . . . : 76.94.254.236(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 7:30:45 PM
Lease Expires . . . . . . . . . . : Monday, August 06, 2012 8:05:18 PM
Default Gateway . . . . . . . . . : 76.94.254.1
DHCP Server . . . . . . . . . . . : 255.255.255.255
DHCPv6 IAID . . . . . . . . . . . : 251667284
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-B5-21-96-00-23-54-8B-B8-5A
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.socal.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7994808E-8C40-4A8C-97B3-A4AB19B6EF59}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4007:800::1002
74.125.239.6
74.125.239.7
74.125.239.8
74.125.239.9
74.125.239.14
74.125.239.0
74.125.239.1
74.125.239.2
74.125.239.3
74.125.239.4
74.125.239.5



Pinging google.com [74.125.239.0] with 32 bytes of data:

Reply from 74.125.239.0: bytes=32 time=18ms TTL=55

Reply from 74.125.239.0: bytes=32 time=14ms TTL=55



Ping statistics for 74.125.239.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 18ms, Average = 16ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=92ms TTL=53

Reply from 72.30.38.140: bytes=32 time=30ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 92ms, Average = 61ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 5f 1e b1 07 ...... USB Wireless 802.11 b/g Adaptor
10 ...00 23 54 8b b8 5a ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.socal.rr.com
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
17 ...00 00 00 00 00 00 00 e0 isatap.{7994808E-8C40-4A8C-97B3-A4AB19B6EF59}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 76.94.254.1 76.94.254.236 20
76.94.254.0 255.255.254.0 On-link 76.94.254.236 276
76.94.254.236 255.255.255.255 On-link 76.94.254.236 276
76.94.255.255 255.255.255.255 On-link 76.94.254.236 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 76.94.254.236 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 76.94.254.236 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::edc4:732c:6793:6f31/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/06/2012 01:21:06 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (08/06/2012 01:12:11 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (08/06/2012 00:35:08 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (08/06/2012 10:31:39 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (08/06/2012 07:37:59 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (08/05/2012 10:50:52 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (08/05/2012 09:10:09 PM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (08/05/2012 09:10:09 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/05/2012 09:10:08 PM) (Source: Perflib) (User: )
Description: EmdCache4

Error: (08/05/2012 07:33:22 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml


System errors:
=============
Error: (08/06/2012 01:14:39 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch

Error: (08/06/2012 01:14:09 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch

Error: (08/06/2012 01:13:39 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch

Error: (08/06/2012 01:13:09 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch

Error: (08/06/2012 01:12:22 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/06/2012 01:08:27 PM) (Source: Service Control Manager) (User: )
Description: Connectify3600001Restart the service

Error: (08/06/2012 01:07:55 PM) (Source: Service Control Manager) (User: )
Description: Connectify2100001Restart the service

Error: (08/06/2012 01:07:38 PM) (Source: Service Control Manager) (User: )
Description: Connectify1100001Restart the service

Error: (08/06/2012 00:55:01 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch

Error: (08/06/2012 00:54:31 PM) (Source: Service Control Manager) (User: )
Description: 30000WSearch


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.5)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe CSI CS4 x64 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
Connectify (Version: 3.5.1.24187)
Hardware Diagnostic Tools (Version: 5.1.4976.17)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP MediaSmart SmartMenu (Version: 2.0.8)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Logitech SetPoint 6.0 (Version: 6.00.68)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Shop for HP Supplies (Version: 10.0)
SUPERAntiSpyware (Version: 5.0.1146)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)

========================= Devices: ================================

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

#7 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 09:45 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Badbh :: BADBH-PC [administrator]

8/6/2012 7:35:48 PM
mbam-log-2012-08-06 (19-35-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 261240
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Okay now going to REBOOT :blink:

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:08 PM

Posted 06 August 2012 - 09:50 PM

I would uninstall Microsoft security essentials then run the removal tool.
http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

Reboot and install Avast free.
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe

Edit:

Also might give eset online scanner a shot.
http://www.eset.com/us/online-scanner/

Edited by InadequateInfirmity, 06 August 2012 - 09:51 PM.


#9 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 10:23 PM

I notice that it is basically only showing results for my login only on Malwarebytes, I am an admin, but he is too, would you like me to do these from his login? Or run them as ADMIN? It is the same computer, different login... Sorry you said computer and I am noticing with the avast it is only scanning my login, and btw as soon as the scan started with avast, MS SE went "orange" so sick of that, cannot believe a programmer suggested that to me. <_<

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:08 PM

Posted 06 August 2012 - 10:33 PM

You need to remove Microsoft Security Essentials then run the removal tool you can not have two antivirus apps on one machine also if you scan with avast from an admin account all is well.

#11 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 06 August 2012 - 11:32 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 20:03:37
-----------------------------
20:03:37.972 OS Version: Windows x64 6.0.6002 Service Pack 2
20:03:37.973 Number of processors: 4 586 0x203
20:03:37.974 ComputerName: BADBH-PC UserName: Badbh
20:03:40.418 Initialize success
20:04:43.703 AVAST engine defs: 12080601
20:06:01.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
20:06:01.907 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
20:06:01.925 Disk 0 MBR read successfully
20:06:01.929 Disk 0 MBR scan
20:06:02.027 Disk 0 unknown MBR code
20:06:02.030 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 496962 MB offset 63
20:06:02.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99999 MB offset 1017780224
20:06:02.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13515 MB offset 1222578630
20:06:02.187 Disk 0 scanning C:\Windows\system32\drivers
20:06:21.769 Service scanning
20:07:04.820 Modules scanning
20:07:04.831 Disk 0 trace - called modules:
20:07:04.854 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
20:07:04.862 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80067203e0]
20:07:04.869 3 CLASSPNP.SYS[fffffa6000799c33] -> nt!IofCallDriver -> [0xfffffa8004e70b10]
20:07:04.877 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80064399e0]
20:07:07.209 AVAST engine scan C:\Windows
20:07:14.880 AVAST engine scan C:\Windows\system32
20:13:36.373 AVAST engine scan C:\Windows\system32\drivers
20:14:01.132 AVAST engine scan C:\Users\Badbh
21:03:43.378 AVAST engine scan C:\ProgramData
21:17:14.332 Scan finished successfully
21:31:25.324 Disk 0 MBR has been saved successfully to "C:\Users\Badbh\Desktop\MBR.dat"
21:31:25.398 The log file has been saved successfully to "C:\Users\Badbh\Desktop\aswMBR.txt"

Edited by RavensPoet9, 06 August 2012 - 11:33 PM.


#12 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 August 2012 - 02:36 AM

:censored: Just as an asides to this, sorry, it is hard to take in every bit of everything that is going on .... ANYTIME and I mean ANYTIME I mouse over any hyperlink, where you used to see it down at the bottom on Chrome, it is now a bunch of garbled mess, you cannot tell what you may be clicking on. It just looks all scrambled together on top of one another. Again Thank you :flowers: :smash:

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:08 PM

Posted 07 August 2012 - 03:40 PM

You need to remove Microsoft Security Essentials then run the removal tool you can not have two antivirus apps on one machine also if you scan with avast from an admin account all is well.

He's not running two AV programs. Why would he uninstall MSE?

==================================

Raven
So far I don't see anything malicious.

What are the current issues except for some Chrome issues?

Uninstall Chrome...

  • Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  • Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  • Select the default browser you'd like to use.
  • Click OK in the confirmation prompt.
The uninstall process will begin.


Install fresh copy.






My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:08 PM

Posted 07 August 2012 - 04:09 PM

He's not running two AV programs. Why would he uninstall MSE?



It just does not seem like a good idea to get virus protection from people who are in the business of selling computers.I think it is garbage,any way good day keep up the good work. :thumbup2:

#15 RavensPoet9

RavensPoet9
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 August 2012 - 10:35 PM

Okay wait :police: First off no need to argue (yes I know it is a cranberries song), secondly I am a SHE, thirdly.....Yes this is showing users Badbh, that is me, it is not however showing User Ryan, that is my brother I will out him I have no shame in the game, I was not looking at Porn not that there is anything wrong with Porn, but ever since then, I have had nothing but problems with the computer. Lastly I want Google Chrome as my default. I like Google Chrome other than the way it has been acting. I have TONS of favorties due to the fact that I am a genealogist, I am not a child. I have been doing genealogy for 15 years. I imported most of those from IE, but I hate IE, and FF is too bogged down and slow. Yes I have my HD backed up but after running your last program, it says I have no back up plan now on my external HD??? Again and I will say this as I type I can see it is not backing anything up?????

My problems are: 1. No encrypted connection on any website but Google + or FB and I have to click a link from skype that is a Castle Age Assist link in skype to get an encrypted log on for FB, otherwise NO.
2. Start up, it is running poorly, after my REBOOT on your one program before aswMBR, I signed into a black screen, and had to reboot again the WRONG WAY... as there was no other way.
3. Again today I came to a black screen, after my brother had been on the computer....I reboot, it says NO BACK UP PLAN for my EXTERNAL and it also says would I like to share my IP through connectify to friends??? UMMM NO I WILL NOT. :killcomp:


So here we are again... :( nothing malicious, maybe I got rid of it??? I doubt it, because the computer still runs like crap, I would like to run those things on his log in and see the difference, OR a full scan, you told me to run a quick scan.... that is doing nothing, and there was an option to FIX MBR, you told me only to save log, that was it...am I missing anything ??? :luke:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users