Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected? rootkit


  • Please log in to reply
25 replies to this topic

#1 moparfan1234

moparfan1234

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 December 2012 - 08:09 PM

I'm running windows 7 64bit. well i was doing some searching on google and clicked on the wrong site i guess. my avast poped up showing it had blocked a threat. it blocked Win32:Injector-AXQ[Tjri] and Win32:Rootkit-gen[Rtk both show up 2 times in the logs. well as soon as avast warned me i backed out as fast as i could and closed all tabs. i thought well great it blocked it but just to be safe i ran avast full scan and it found more. under avast web shield log it shows threat JS:Pdfka-gen[Expl] JS:Pdfka-gen@bhv[Expl] JS:ScriptIP-inf[Trj] TTF:CVE-2011-3402[Expl] This last one shows up 2 times. also placed in avast Virus chest it shows checkmate121_com[1].htm this one showed up 2 times! also in the chest gtjhsvglfswype.exe jar_cache378007907867886428.tmp kwknvqvebhtuupwbwp.exe ZHA2GACG0.exe

so far i have not noticed anything odd "yet" but i am worried that if some of it didn't get blocked by avast and avast had to find them in a scan what els got by avast and still has not been found by avast?


I also tried using avasts boot scan (recomened by avast after it found the infection from the scan) with no more found. then i tried Malwarebytes and it did not find anything ether. so i went back to avast and reset it's scan settings to the most sensative and indepth i could and did another scan with no more virus's found. like i said i am still worried there mite be more avast and malwarebytes can't find. i also did some reading on rootkits and what i read was they can make my computer seem normal while letting others steel all my info. this computer has to much personal info to let some one get a peak at it.

any and all help, advice, or comfort will be greatly appreciated!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 13 December 2012 - 08:58 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 December 2012 - 09:39 PM

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 33
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 10-12-2012
Ran by derrick and renee (administrator) on 14-12-2012 at 19:48:55
Running from "C:\Users\derrick and renee\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



MiniToolBox by Farbar Version: 25-11-2012
Ran by derrick and renee (administrator) on 14-12-2012 at 19:51:41
Running from "C:\Users\derrick and renee\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : derrickandrenee
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-26-2D-18-55-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f04e:8aa9:532f:2361%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, December 14, 2012 5:35:45 PM
Lease Expires . . . . . . . . . . : Friday, December 14, 2012 8:35:49 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234888562
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-3B-15-F3-00-26-2D-18-55-9B
DNS Servers . . . . . . . . . . . : 66.168.128.20
24.205.224.36
68.190.192.35
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{76C09F17-3DAB-4FF0-8A0B-AE83015E5F44}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vip01krnyne.krny.ne.charter.com
Address: 66.168.128.20

Name: google.com
Addresses: 2607:f8b0:4009:800::1004
74.125.225.64
74.125.225.72
74.125.225.70
74.125.225.65
74.125.225.67
74.125.225.73
74.125.225.71
74.125.225.78
74.125.225.69
74.125.225.68
74.125.225.66


Pinging google.com [74.125.225.72] with 32 bytes of data:
Reply from 74.125.225.72: bytes=32 time=63ms TTL=54
Reply from 74.125.225.72: bytes=32 time=65ms TTL=54

Ping statistics for 74.125.225.72:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 65ms, Average = 64ms
Server: vip01krnyne.krny.ne.charter.com
Address: 66.168.128.20

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=113ms TTL=47
Reply from 98.139.183.24: bytes=32 time=140ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 113ms, Maximum = 140ms, Average = 126ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 26 2d 18 55 9b ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 266
192.168.0.2 255.255.255.255 On-link 192.168.0.2 266
192.168.0.255 255.255.255.255 On-link 192.168.0.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::f04e:8aa9:532f:2361/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/13/2012 09:31:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 09:30:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 09:30:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 09:30:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 09:30:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 08:01:00 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80070002, "iehistory://{S-1-5-21-3272341667-353522691-1099539268-1000}/">.

Error: (12/13/2012 07:48:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2012 00:05:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/12/2012 09:49:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/12/2012 09:49:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/14/2012 05:36:05 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/14/2012 05:35:41 PM) (Source: Service Control Manager) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%1058

Error: (12/14/2012 01:58:38 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/14/2012 01:58:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/13/2012 05:51:50 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/13/2012 05:37:42 PM) (Source: Service Control Manager) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%1058

Error: (12/12/2012 11:45:12 PM) (Source: Service Control Manager) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%1058

Error: (12/12/2012 08:51:07 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/12/2012 08:49:52 PM) (Source: Service Control Manager) (User: )
Description: The SPCA1528 Video Camera Service service failed to start due to the following error:
%%1058

Error: (12/12/2012 03:28:54 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advertising Center (Version: 0.0.0.2)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression (Version: 1.2.33.353)
avast! Internet Security (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
CDDRV_Installer (Version: 4.60)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DTCLookup
eMachines Games (Version: 1.0.0.71)
eMachines Recovery Management (Version: 4.05.3005)
eMachines Registration (Version: 1.02.3006)
eMachines ScreenSaver (Version: 1.1.0812)
eMachines Updater (Version: 1.01.3017)
erLT (Version: 1.20.0137)
Feedback Tool (Version: 1.1.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Identity Card (Version: 1.00.3002)
ImagXpress (Version: 7.0.74.0)
Inbox Toolbar (Version: 1.0.0)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
KhalInstallWrapper (Version: 2.00.0000)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MP3 Rocket
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.7.201)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.7.201)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.9.100)
Nero InfoTool (Version: 6.4.7.201)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.8.1)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.11.209)
Nero StartSmart Help (Version: 9.4.11.208)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.10.505)
neroxml (Version: 1.0.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7305)
Oregon Trail® 5
PVSonyDll (Version: 1.00.0001)
SPCA1528 PC Driver (Version: 2.2.2.0)
swMSM (Version: 12.0.0.1)
The Weather Channel App
The Weather Channel Desktop 6
The Weather Channel Toolbar
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2596)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0424)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0209)
TurboTax 2011 wneiper (Version: 011.000.1243)
TurboTax 2011 wrapper (Version: 011.000.0120)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update Installer for WildTangent Games App
WebAlert
Welcome Center (Version: 1.00.3008)
WildTangent Games App (Version: 4.0.9.7)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Devices: ================================

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 1790.49 MB
Available physical RAM: 739.09 MB
Total Pagefile: 3580.98 MB
Available Pagefile: 2072.8 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.8 MB

========================= Partitions: =====================================

1 Drive c: (eMachines) (Fixed) (Total:285.99 GB) (Free:231.56 GB) NTFS
2 Drive d: (Documentation CD) (CDROM) (Total:0.21 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\DERRICKANDRENEE

Administrator derrick and renee Guest


**** End of log ****


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
derrick and renee :: DERRICKANDRENEE [administrator]

12/14/2012 8:17:54 PM
mbam-log-2012-12-14 (20-17-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 205406
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I can't find anything that will open the log for aswMBR

EDIT: i also know java has been out of date and it keeps popping up for the update every time i turn on the computer but if i let it update the update fails! it has done this for a long time. long before this hole deal.

Edited by moparfan1234, 14 December 2012 - 09:41 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 14 December 2012 - 09:42 PM

On completion of the scan click "Save log", save it to your desktop and post in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 December 2012 - 09:49 PM

On completion of the scan click "Save log", save it to your desktop and post in your next reply.



I can't open it to post it?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 14 December 2012 - 09:51 PM

What file are you trying to open?
I hope it's not MBR.dat.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 December 2012 - 09:57 PM

What file are you trying to open?
I hope it's not MBR.dat.


yes. don't you need that info?

#8 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 December 2012 - 10:10 PM

ohh cool i gained babylon search virus! while fallowing microsofts advice of a tool to open that log.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 14 December 2012 - 11:52 PM

No, there is another file on your desktop, aswMBR.txt which is a log from aswMBR.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2012 - 12:00 AM

this babylon has really messed with the computer so i am now using a different computer to reply.


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-14 19:57:09
-----------------------------
19:57:09.786 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:09.786 Number of processors: 1 586 0x7F02
19:57:09.786 ComputerName: DERRICKANDRENEE UserName:
19:57:12.316 Initialize success
19:57:12.996 AVAST engine defs: 12121400
19:57:39.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
19:57:39.746 Disk 0 Vendor: ST332041 CC44 Size: 305245MB BusType: 3
19:57:39.756 Disk 0 MBR read successfully
19:57:39.766 Disk 0 MBR scan
19:57:39.766 Disk 0 unknown MBR code
19:57:39.776 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
19:57:39.796 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
19:57:39.806 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292855 MB offset 25372672
19:57:39.916 Disk 0 scanning C:\Windows\system32\drivers
19:57:55.030 Service scanning
19:58:24.544 Modules scanning
19:58:24.554 Disk 0 trace - called modules:
19:58:24.574 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
19:58:24.914 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80022b84d0]
19:58:24.924 3 CLASSPNP.SYS[fffff8800194843f] -> nt!IofCallDriver -> [0xfffffa8001f687d0]
19:58:24.934 5 ACPI.sys[fffff88000f287a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8001f68060]
19:58:25.594 AVAST engine scan C:\Windows
19:58:28.136 AVAST engine scan C:\Windows\system32
20:02:32.979 AVAST engine scan C:\Windows\system32\drivers
20:02:47.781 AVAST engine scan C:\Users\derrick and renee
20:07:02.467 AVAST engine scan C:\ProgramData
20:08:12.172 Scan finished successfully
20:16:55.875 Disk 0 MBR has been saved successfully to "C:\Users\derrick and renee\Desktop\MBR.dat"
20:16:55.885 The log file has been saved successfully to "C:\Users\derrick and renee\Desktop\aswMBR.txt"

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 15 December 2012 - 12:05 AM

It's always a good idea to ask if you're not sure instead of trying to do something on your own.

We'll try to get rid of Babylon in a moment but first I'd like to see one more log.

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2012 - 01:11 AM

well i run the scan and it found nothing but there are no logs now! also all my pics music ECT are gone! atlest they are gone under pictures or music but i can still get my music threw windows media player but the pics are most inportin! but i can't find them. also the hole window to view pics ECT is totally different then it was. so i guess that babylon screwed it all up?

#13 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2012 - 01:44 AM

ok after a restart my pics and everything come back? so i am working to get them copied to a flash drive. how do i know nothing like a virus fallowed onto the flash drive? at this point as long as i can keep the pics and stuff and keep the virus ect from being transfered with the flash drive i am ready to do a reformat and reinstall if you feel that should be done?

also i will try another scan with malwarebytes anti-rootkit and see if i can get a log for you while i wait for a reply.

#14 moparfan1234

moparfan1234
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2012 - 02:09 AM

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
derrick and renee :: DERRICKANDRENEE [administrator]

12/14/2012 11:57:31 PM
mbar-log-2012-12-14 (23-57-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30145
Time elapsed: 34 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 15 December 2012 - 12:56 PM

I still need system-log.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users