Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Chitka pop ups (Vista)


  • Please log in to reply
22 replies to this topic

#1 glowinthedark

glowinthedark

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2013 - 10:33 AM

Thank you in advance for reading.  I have very limited tech savvy any help you can provide would be hugely appreciated.

 

I am running Windows Vista Home Premium Service Pack 2.

 

I was watching a youtube video and my screen scrambled and my computer froze.

 

I rebooted and scanned with malwarebytes. It found and removed several items.

 

I scanned with adaware. It found and removed  several more items.

 

I have re-scanned with both and found nothing.

 

Despite this, I still get chitka popups on certain sites, occasionally get redirected when searching in both Firefox and IE8, and any time I try to download a new program to help, it will download to my desktop and then immediately disappear before it can run. When I try to open Windows Defender I get a pop up error message stating "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 07 May 2013 - 10:49 AM

Security Check

§  Download Security Check from here or here and save it to your Desktop.

§  Double-click on SecurityCheck.exe

§  Follow the on-screen instructions.

§  Notepad document should open automatically called checkup.txt.

§  Please post the content of that document.

 

Farbar Service Scanner

§  Download Farbar Service Scanner.

§  Run it on the computer.

§  Make sure the following options are checked:

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory where you run the tool.

§  Please copy and paste the log to your reply.

 

MiniToolBox

§  Download MiniToolBox

§  Run it on the computer.

§  Checkmark following boxes:

§  Report IE Proxy Settings

§  Report FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices (do NOT change any settings here)

§  List Users, Partitions and Memory size

§  Click Go and post the result.

 

Malwarebytes’ Anti-Malware

§  Download Malwarebytes' Anti-Malware https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

§  Double-click mbam-setup.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

§  If an update is found, it will download and install the latest version.

§  Once the program has loaded, select Perform quick scan, then click Scan.

§  When the scan is complete, click OK, then Show Results to view the results.

§  Be sure that everything is checked, and click Remove Selected.

§  When completed, a log will open in Notepad.

§  Post the log back here.

§  Be sure to restart the computer.

§  The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

Malwarebytes’ Anti-Rootkit

§  Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

§  Unzip downloaded file.

§  Open the folder where the contents were unzipped and run mbar.exe

§  Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

§  DO NOT click on the Cleanup button. Simply exit the program.

§  When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

 AdwCleaner

·         Please download AdwCleaner by Xplode onto your desktop.

·         Close all open programs and internet browsers.

·         Double click on adwcleaner.exe to run the tool.

·         Click on Delete.

·         Confirm each time with Ok.

·         Your computer will be rebooted automatically. A text file will open after the restart.

·         Please post the contents of that logfile with your next reply.

·         You can find the logfile at C:\AdwCleaner[S1].txt as well.

Junkware Removal Tool

§  Please download Junkware Removal Tool to your desktop.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

 

Temp File Cleaner

§  Download Temp File Cleaner (TFC) Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

§  Double click on TFC.exe to run the program.

§  Click on Start button to begin cleaning process.

§  TFC will close all running programs, and it may ask you to restart computer.

§  NOTE. If it freezes in normal mode run it from safe mode. Be patient

 

Reset browsers

 

How to restore Google Chrome:
1. Close the Google Chrome browser, if it is running.
2. Go to Start menu, search for Run and open it. Or find it out from the Start menu, All programs, Accessories.
3. Type the following line according to the OS in the run box.

%LOCALAPPDATA%\Google\Chrome\User Data\ (in Windows 8/7/Vista)
%USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\ (in Windows Xp). And hit Enter.

4. There is a folder named Default and this folder contains all the current settings.

5. Rename the Default folder to Default.old.

6. Now lunch the Google Chrome.

See, all the original settings are restored. A new folder "Default" will be created and it will hold all settings for now.

 

How to restore Internet Explorer in Windows 8:

1.     Swipe in from the right edge of the screen (if you're using a mouse, point to the upper-right corner of the screen and move the mouse pointer down), and then tap or click Search. Enter Internet options in the search box, and then tap or click Settings.

 

2.     In the search results, tap or click Internet Options. Tap or click the Advanced tab and then tap or click Reset… 
Note:
 Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data. 

 

3.     In the Reset Internet Explorer Settings window tap or click Reset 
Note: 
To delete all personal settings,tap or click the checkbox for Delete personal settings.

 

4.     Close and then restart Internet Explorer for the changes to take effect.

 

How to restore Internet Explorer in Windows XP, Vista or 7:

1.     Exit all programs, including Internet Explorer.

 

2.     If you use Windows XP, click Start, and then click Run. Type the following command in the Open box, and then press Enter: inetcpl.cpl

If you use Windows 7 or Windows Vista, click Start

Type the following command in the Search box, and then press Enter: inetcpl.cpl

The Internet Options dialog box appears.

 

3.     Click the Advanced tab.

 

4.     Under Reset Internet Explorer settings, click Reset. Then click Reset again.
Click to select the Delete personal settings check box if you also want to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.

 

5.     When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.

 

6.     Start Internet Explorer again.

 

How to restore Firefox:

1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
and select Troubleshooting Information.

2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.

3. To continue, click Reset Firefox in the confirmation window that opens.

4. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

 

Please do the following :

§  Update Internet Explorer, Mozilla Firefox and Google Chrome

§  Update Java

§  Update Adobe Flash, Shockwave, Air and Reader

§  Update Windows

 

NOTE 1. Make sure all logs are pasted not attached.

NOTE 2. You must have only ONE antivirus on the computer. I recommend a paid antivirus like Norton 360, Kaspersky Pure or Malwarebytes Pro or a free antivirus like Avast, AVG or Microsoft Security Essentials



#3 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 07 May 2013 - 01:06 PM

 Results of screen317's Security Check version 0.99.63 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Aware  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player  11.6.602.180 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus Engine SBAMSvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

 

 

Farbar Service Scanner Version: 14-04-2013
Ran by Greg (administrator) on 07-05-2013 at 12:12:40
Running from "H:\"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 23:26] - [2013-01-04 07:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 22:23] - [2008-01-20 22:23] - 0272952 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

 



#4 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2013 - 01:07 PM

MiniToolBox by Farbar  Version:21-04-2013
Ran by Greg (administrator) on 07-05-2013 at 12:23:01
Running from "H:\"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Greg-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.oh.comcast.net.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.oh.comcast.net.
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-22-15-F8-FA-19
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25de:5e9b:bf2b:bea5%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.110(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 07, 2013 10:44:55 AM
   Lease Expires . . . . . . . . . . : Wednesday, May 08, 2013 10:44:56 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251666965
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-71-7A-90-00-22-15-F8-FA-19
   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.hsd1.oh.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns02.comcast.net
Address:  75.75.76.76

Name:    google.com
Addresses:  2a00:1450:4013:c00::71
   87.125.87.99

 

Pinging google.com [87.125.87.99] with 32 bytes of data:

Reply from 87.125.87.99: bytes=32 time=39ms TTL=49

Reply from 87.125.87.99: bytes=32 time=38ms TTL=49

 

Ping statistics for 87.125.87.99:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 38ms, Maximum = 39ms, Average = 38ms

DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  75.75.76.76

Name:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

 

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=660ms TTL=50

Reply from 98.139.183.24: bytes=32 time=118ms TTL=50

 

Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 118ms, Maximum = 660ms, Average = 389ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 10 ...00 22 15 f8 fa 19 ...... Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  isatap.hsd1.oh.comcast.net.
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.110     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.110    266
    192.168.1.110  255.255.255.255         On-link     192.168.1.110    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.110    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.110    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.110    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::25de:5e9b:bf2b:bea5/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/07/2013 10:45:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2013 10:06:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2013 09:35:02 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:35:02 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/07/2013 09:34:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/06/2013 09:05:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: AODDriver4.1%%2

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: amdide

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: AODDriver4.1%%2

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (05/07/2013 10:45:55 AM) (Source: Service Control Manager) (User: )
Description: 10083%%2

Error: (05/07/2013 10:45:15 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (05/07/2013 10:44:57 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer AMVONET Virtual Printer with shared resource name AMVONET Virtual Printer. Error 2114. The printer cannot be used by others on the network.

Error: (05/07/2013 10:44:57 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer HP Deskjet 1000 J110 series with shared resource name HP Deskjet 1000 J110 series. Error 2114. The printer cannot be used by others on the network.

Microsoft Office Sessions:
=========================
Error: (05/07/2013 10:45:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2013 10:06:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2013 09:35:02 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (05/07/2013 09:35:02 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\README.LNK

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK

Error: (05/07/2013 09:35:01 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\GREG\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD.LNK

Error: (05/07/2013 09:34:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/06/2013 09:05:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-05-06 17:53:22.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:22.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:21.689
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:21.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:21.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:20.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:20.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:20.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:19.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-06 17:53:19.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

µTorrent (Version: 1.8.2)
µTorrent (Version: 3.1.3)
7-Zip 4.65
Ad-Aware Antivirus (Version: 10.0.185.3207)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader 8.3.1 (Version: 8.3.1)
AI Suite (Version: 1.04.15)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Fuel (Version: 2012.0309.43.976)
AMD OverDrive (Version: 2.1.2.0136)
AMD VISION Engine Control Center (Version: 2012.0309.43.976)
AMVONET (Version: 4.5.4.17757)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Registration (Version: 3.00.0000)
avast! Free Antivirus (Version: 5.0.594.0)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0309.43.976)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0309.43.976)
CCC Help Chinese Standard (Version: 2012.0309.0042.976)
CCC Help Chinese Traditional (Version: 2012.0309.0042.976)
CCC Help Czech (Version: 2012.0309.0042.976)
CCC Help Danish (Version: 2012.0309.0042.976)
CCC Help Dutch (Version: 2012.0309.0042.976)
CCC Help English (Version: 2012.0309.0042.976)
CCC Help Finnish (Version: 2012.0309.0042.976)
CCC Help French (Version: 2012.0309.0042.976)
CCC Help German (Version: 2012.0309.0042.976)
CCC Help Greek (Version: 2012.0309.0042.976)
CCC Help Hungarian (Version: 2012.0309.0042.976)
CCC Help Italian (Version: 2012.0309.0042.976)
CCC Help Japanese (Version: 2012.0309.0042.976)
CCC Help Korean (Version: 2012.0309.0042.976)
CCC Help Norwegian (Version: 2012.0309.0042.976)
CCC Help Polish (Version: 2012.0309.0042.976)
CCC Help Portuguese (Version: 2012.0309.0042.976)
CCC Help Russian (Version: 2012.0309.0042.976)
CCC Help Spanish (Version: 2012.0309.0042.976)
CCC Help Swedish (Version: 2012.0309.0042.976)
CCC Help Thai (Version: 2012.0309.0042.976)
CCC Help Turkish (Version: 2012.0309.0042.976)
ccc-utility (Version: 2012.0309.43.976)
CCleaner (Version: 3.17)
Celtx (1.0) (Version: 1.0 (en-US))
Cisco Connect (Version: 1.3.11069.2)
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cool & Quiet
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision M (Version: 1.0)
CyberLink Blu-ray Disc Suite (Version: 6.0.1826)
CyberLink InstantBurn (Version: 5.0.4428)
CyberLink LabelPrint (Version: 2.0.2908)
CyberLink PowerDVD (Version: 7.3.5711.0)
Diablo II
Diablo III (Version: 1.0.7.15295)
Epson Event Manager (Version: 2.30.00)
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.4h)
EpsonNet Setup (Version: 3.1a)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.6203)
H&R Block Ohio 2011 (Version: 1.11.4101)
Heroes II Gold
Host OpenAL (ADI)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.003.001.001)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Magic Online III (Version: 3.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvell Miniport Driver (Version: 10.60.6.3)
Media Player Classic
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 (Version: 8.0.182)
NYKO Gamepad Mapping Tools 2.0.0
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Probe II (Version: 1.04.53)
PeerBlock 1.0.0 (r181) (Version: 1.0.0.181)
Photo Transport (Version: 1.0.1)
PowerTeacher Gradebook
QuickTime (Version: 7.73.80.64)
Recuva
SoundMAX (Version: 6.10.1.6480)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
StarCraft II (Version: 1.2.2.17811)
The Lord of the Rings FREE Trial  (Version: 1.00.0000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wohiper (Version: 010.000.1265)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Virtual Cable Tester (Version: 2.16.3.3)
VirtualCloneDrive
WD SmartWare (Version: 1.4.5.5)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
World of Warcraft (Version: 4.3.3.15354)
Xvid 1.1.3 final uninstall (Version: 1.1)
Yahoo! Detect

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3070.36 MB
Available physical RAM: 1571.36 MB
Total Pagefile: 6347.24 MB
Available Pagefile: 4920.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.09 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:364.71 GB) NTFS
4 Drive e: (My Book) (Fixed) (Total:1862.98 GB) (Free:1328.69 GB) NTFS
7 Drive h: () (Removable) (Total:7.45 GB) (Free:5.14 GB) FAT32

========================= Users: ========================================

User accounts for \\GREG-PC

Administrator            Greg                     Guest                   

**** End of log ****



#5 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2013 - 01:11 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.07.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19412
Greg :: GREG-PC [administrator]

5/7/2013 12:37:54 PM
mbam-log-2013-05-07 (12-37-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208042
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.07.06

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 8.0.6001.19412
Greg :: GREG-PC [administrator]

5/7/2013 1:17:38 PM
mbar-log-2013-05-07 (13-17-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29594
Time elapsed: 17 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj.1 (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 3
C:\Windows\system32\drivers\acpi.sys (Unknown Rootkit Driver Infection) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\@ (Trojan.Siredef.C) -> Delete on reboot.

(end)

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19412

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.608000 GHz
Memory total: 3219509248, free: 1570672640

------------ Kernel report ------------
     05/07/2013 12:59:22
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\System32\Drivers\CLBStor.SYS
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdLH3.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\sbtis.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\CLBUDF.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8a781478
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a607238
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff88c05ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87ec3110
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f32a38
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-4\
Lower Device Object: 0xffffffff86e2f030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
IRP handler 15 hooked
Load Function returned 0x0
Downloaded database version: v2013.05.07.06
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f32a38, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f32658, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f32a38, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e2f030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffd7d68e20, 0xffffffff86f32a38, 0xffffffff8a9d1950
Lower DeviceData: 0xffffffffbff8b410, 0xffffffff86e2f030, 0xffffffff8a6a9e80
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Replacement file found for a file C:\Windows\system32\drivers\acpi.sys
File C:\Windows\system32\drivers\acpi.sys --> [Forged file]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 737674B5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff88c05ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88c4a6a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88c05ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87ec3110, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffcbd38380, 0xffffffff88c05ac8, 0xffffffff8958a7e8
Lower DeviceData: 0xffffffffba0beb10, 0xffffffff87ec3110, 0xffffffff8a9072e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 21365

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a781478, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4df7f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a781478, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a607238, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbbd3dc30, 0xffffffff8a781478, 0xffffffff8a6af8d0
Lower DeviceData: 0xffffffffd47993c8, 0xffffffff8a607238, 0xffffffff8a978408
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 15633376

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 8004304896 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj.1 --> [Trojan.BHO]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Done!
Scan finished
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19412

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.608000 GHz
Memory total: 3219509248, free: 2009923584

=======================================



#6 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2013 - 01:14 PM

# AdwCleaner v2.300 - Logfile created 05/07/2013 at 13:39:45
# Updated 28/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Greg - GREG-PC
# Boot Mode : Normal
# Running from : H:\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19412

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\9ghk6vqt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2865 octets] - [07/05/2013 09:59:47]
AdwCleaner[R2].txt - [2925 octets] - [07/05/2013 10:01:31]
AdwCleaner[R3].txt - [1115 octets] - [07/05/2013 13:32:33]
AdwCleaner[R4].txt - [1175 octets] - [07/05/2013 13:39:18]
AdwCleaner[S1].txt - [3043 octets] - [07/05/2013 10:01:52]
AdwCleaner[S2].txt - [1107 octets] - [07/05/2013 13:39:45]

########## EOF - C:\AdwCleaner[S2].txt - [1167 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Greg on Tue 05/07/2013 at 13:48:59.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [File] C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\9ghk6vqt.default\extensions\jingjwyfpf@jingjwyfpf.org.xpi [Tracur]
Emptied folder: C:\Users\Greg\AppData\Roaming\mozilla\firefox\profiles\9ghk6vqt.default\minidumps [51 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/07/2013 at 13:51:43.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 07 May 2013 - 01:26 PM

Malwarebytes’ Anti-Rootkit

§  Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

§  Unzip downloaded file.

§  Open the folder where the contents were unzipped and run mbar.exe

§  Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

§  Click on the Cleanup button. Simply exit the program.

§  When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt



#8 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 07 May 2013 - 02:25 PM

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.07.08

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Greg :: GREG-PC [administrator]

5/7/2013 3:16:31 PM
mbar-log-2013-05-07 (15-16-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29580
Time elapsed: 20 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj (Trojan.BHO) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj.1 (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 2
c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\@ (Trojan.Siredef.C) -> Delete on reboot.

(end)

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19412

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.608000 GHz
Memory total: 3219509248, free: 1570672640

------------ Kernel report ------------
     05/07/2013 12:59:22
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\System32\Drivers\CLBStor.SYS
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdLH3.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\sbtis.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\CLBUDF.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff8a781478
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a607238
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff88c05ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87ec3110
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f32a38
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-4\
Lower Device Object: 0xffffffff86e2f030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
IRP handler 15 hooked
Load Function returned 0x0
Downloaded database version: v2013.05.07.06
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f32a38, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f32658, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f32a38, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e2f030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffd7d68e20, 0xffffffff86f32a38, 0xffffffff8a9d1950
Lower DeviceData: 0xffffffffbff8b410, 0xffffffff86e2f030, 0xffffffff8a6a9e80
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Replacement file found for a file C:\Windows\system32\drivers\acpi.sys
File C:\Windows\system32\drivers\acpi.sys --> [Forged file]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 737674B5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff88c05ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88c4a6a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88c05ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87ec3110, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffcbd38380, 0xffffffff88c05ac8, 0xffffffff8958a7e8
Lower DeviceData: 0xffffffffba0beb10, 0xffffffff87ec3110, 0xffffffff8a9072e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 21365

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a781478, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4df7f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a781478, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a607238, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbbd3dc30, 0xffffffff8a781478, 0xffffffff8a6af8d0
Lower DeviceData: 0xffffffffd47993c8, 0xffffffff8a607238, 0xffffffff8a978408
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 15633376

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 8004304896 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj.1 --> [Trojan.BHO]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Done!
Scan finished
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19412

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.608000 GHz
Memory total: 3219509248, free: 2009923584

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: FAT32
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.608000 GHz
Memory total: 3219509248, free: 1619517440

------------ Kernel report ------------
     05/07/2013 14:55:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv61xx.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\System32\Drivers\CLBStor.SYS
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdLH3.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\sbtis.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\Drivers\CLBUDF.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff88fd1ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xffffffff88fc3830
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8949bac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff89496cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86f4dac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-4\
Lower Device Object: 0xffffffff86e2f030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
IRP handler 15 hooked
Load Function returned 0x0
Downloaded database version: v2013.05.07.07
Downloaded database version: v2013.05.07.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86f4dac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f4d7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f4dac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86e2f030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffaa3c09a8, 0xffffffff86f4dac8, 0xffffffff865347e0
Lower DeviceData: 0xffffffffaccf55a0, 0xffffffff86e2f030, 0xffffffff86772bf8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 737674B5

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8949bac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8914a6a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8949bac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff89496cb8, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb4359980, 0xffffffff8949bac8, 0xffffffff867a3040
Lower DeviceData: 0xffffffffb8cf79d8, 0xffffffff89496cb8, 0xffffffff866c49b8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 21365

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3906961408

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff88fd1ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff891e46a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88fd1ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88fc3830, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffa5588140, 0xffffffff88fd1ac8, 0xffffffff86534040
Lower DeviceData: 0xffffffffae5d8f48, 0xffffffff88fc3830, 0xffffffff86618450
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 15633376

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 8004304896 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\DNSCache.DNSCacheObj.1 --> [Trojan.BHO]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\@ --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-2959847234-3651604504-3426194970-1000\$d0024f473f49b29d1fd3ac1e8007729c --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Removal successful. No system shutdown is required.
=======================================

 



#9 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 07 May 2013 - 03:04 PM

Unfortunately, while attempting to update  Adobe, etc. I've noticed  I'm still having the problem.



#10 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 07 May 2013 - 07:03 PM

1. I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal


  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

 

2- Update Java and Adobe Reader
 
3- Remove these from the control panel
µTorrent (Version: 1.8.2)
µTorrent (Version: 3.1.3)
avast! Free Antivirus (Version: 5.0.594.0)
Bing Bar (Version: 7.0.609.0)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Yahoo! Detect
 
4- Remove Lavasoft Ad-Aware  
Go to the Start button, in the Start Search box, type in Services. It should be listed at the top of the left pane.
Next, scroll thru the list of services and find one for Ad-Aware or a similiar name.
Right click on the Service and select Properties. 
Go to the Startup Status and select "Disable" Do not choose manual or automatic.
Next, reboot your computer. 
You should now be able to remove the Ad-Aware program thru Control Panel or you can try the Revo uninstaller 
 
5- Install Microsoft Security Essentials


#11 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2013 - 12:42 AM

C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\16de90ca-342ffc49 a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\486e0994-567921fd a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\afff03-2310eb29 a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\632d1129-21451277 a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3f054e06-71e1ceaf multiple threats cleaned by deleting - quarantined
 

 

I followed all of the above steps, however:

 

I installed Microsoft Security Essentials

It prompted a restart.

It automatically scanned after boot.

It found nothing and prompted another restart.

 

After restarting, my computer will no longer load windows.

 

A message appears "windows failed to start. a recent hardware or software change might be the problem".

I tried starting in safe mode but that didn't work either.

 

It starts to load windows, I see a flash of a blue screen, and it restarts.

 

:(



#12 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 09 May 2013 - 02:51 AM

Can you provide me a photo of the blue screen?

#13 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 09 May 2013 - 09:17 AM

459423_4786647261936_226559047_o.jpg

 

 

 

The screen flashes for a fraction of a second so this is the best I could do.



#14 Guest_Francis Houle_*

Guest_Francis Houle_*

  • Guests
  • OFFLINE
  •  

Posted 09 May 2013 - 12:25 PM

To Fix this, follow the steps in method 1, it that doesn’t fix the issue, follow the steps in method 2.

Method 1: Use the Last Known Good Configuration to start Windows
When starting the PC using the Last Known Good Configuration, your computer starts with the conficuration from the last time your PC booted successfully. To do this, follow these steps:
  1. Click the Start button, then click the arrow next to Shut Down, then click Restart.
  2. As your computer starts, press and hold the F8 button. If the Windows logo appears, you'll need to try again by shutting down and restarting your computer.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Last Known Good Configuration (advanced), and then press Enter. Windows will start normally.
If you still can't boot into Windows sucessfully, proceed to Method 2.
 
Method 2: Use the Startup Repair feature


Startup Repair can detect and fix certain types of system problems that might prevent Windows from starting.

To run Startup Repair using preinstalled recovery options:
  1. Restart your computer using the PC's power button. Do one of the following:
    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.
  2. On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then pressEnter.
  3. Select a keyboard layout, and then click Next.
  4. On the System Recovery Options menu, click Startup Repair, and then follow the on screen instructions.
To run Startup Repair using the Windows installation disc or a system repair disc:
  1. Insert the Windows 7 or Windows Vista installation disc or a system repair disc, and then shut down your computer.
  2. Restart your computer using the computer's power button.
  3. If prompted, press any key and then follow the instructions that appear.
  4. On the Install Windows page, or on the System Recovery Options page, choose your language and other preferences, and then click Next.
  5. If you're using the Windows installation disc, click Repair your computer.
  6. Select the Windows installation you want to repair, and then click Next.
  7. On the System Recovery Options menu, click Startup Repair, and then follow the on screen instructions.


#15 glowinthedark

glowinthedark
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 09 May 2013 - 01:30 PM

Last known configuration did not work.  "Repair your computer" doesn't seem to be an option.  My options are as follows:

 

safe mode

safe mode with networking

safe mode with command prompt

 

enable boot logging

enable low resolution video

last known good configuration

directory services restore mode

debugging mode

disable automatic restart on system failure

disable driver signature enforcement






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users