PDA

View Full Version : System Care Antivirus Problem



geeky
2013-04-08, 23:00
Hi

A program calling its self System Care Antivirus has installed on my laptop. It is preventing anything from running please help.

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16470
Run by Jane at 20:45:11 on 2013-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3999.3233 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.orange.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
EB: Delicious Sidebar: {9D19C405-BA93-461B-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [iasap] rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset
uRun: [ndxmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\ndxmsr.dll",_ascii_strtod
uRun: [{21FF751D-F6C0-2F71-DA24-A558EB9B5010}] C:\Users\Jane\AppData\Roaming\Qao\uvzape.exe
uRun: [redbj] "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags
uRunOnce: [F84159B29EC9513B0000F84061765553] C:\ProgramData\F84159B29EC9513B0000F84061765553\F84159B29EC9513B0000F84061765553.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jane\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Jane\AppData\Local\Temp\_uninst_.bat
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: WallpaperStyle = 2
IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972}
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0985480C-B9DE-442A-B6E8-415D3C5ED732} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\341627C647F6E6F525F6F6D637F575966496 : DHCPNameServer = 192.168.15.254
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\671696C62716361757564736C65726 : DHCPNameServer = 207.119.38.1 209.142.169.250 66.112.11.88
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\671696C677966696 : DHCPNameServer = 207.119.31.1 209.142.169.250 66.112.11.88
TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\96261686E6F536F6E666562756E63696E676 : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-3 52856]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-31 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-14 227896]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-2-7 139264]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-7 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-04-08 19:07:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-04-08 18:34:57 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2013-04-08 18:00:24 -------- d-----w- C:\ProgramData\F84159B29EC9513B0000F84061765553
2013-04-08 18:00:16 446464 ----a-w- C:\Users\Jane\AppData\Roaming\redbj.dll
2013-04-08 17:59:54 733184 ----a-w- C:\Users\Jane\AppData\Roaming\ndxmsr.dll
2013-04-08 17:59:03 186880 ----a-w- C:\Users\Jane\AppData\Roaming\iasap.dll
2013-04-08 17:58:44 -------- d-----w- C:\Users\Jane\AppData\Roaming\Rooselu
2013-04-08 17:58:44 -------- d-----w- C:\Users\Jane\AppData\Roaming\Qao
2013-04-06 15:04:06 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{520523F7-D538-41DB-94B8-CFD5A6D6A23D}\mpengine.dll
2013-04-06 15:03:30 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-23 06:25:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
.
==================== Find3M ====================
.
2013-03-21 20:15:22 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-21 20:15:22 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:45:20.18 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/12/2009 14:32:28
System Uptime: 08/04/2013 20:25:10 (0 hours ago)
.
Motherboard: Quanta | | 3069
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | CPU | 2095/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 83.745 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.108 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP327: 15/01/2013 18:14:15 - Windows Update
RP328: 20/01/2013 14:56:23 - Windows Update
RP329: 26/01/2013 14:28:03 - Windows Update
RP330: 31/01/2013 20:21:36 - Windows Update
RP331: 05/02/2013 19:54:13 - Windows Update
RP332: 10/02/2013 10:28:12 - Windows Update
RP333: 13/02/2013 19:20:30 - Windows Update
RP334: 13/02/2013 21:42:59 - Windows Update
RP335: 04/03/2013 12:51:06 - Windows Update
RP336: 08/03/2013 23:23:29 - Windows Update
RP337: 21/03/2013 19:32:06 - Windows Update
RP338: 23/03/2013 06:21:00 - Windows Update
RP339: 01/04/2013 21:34:29 - Windows Update
RP340: 06/04/2013 16:03:33 - Windows Update
RP341: 08/04/2013 18:56:26 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2 MUI
Any Video Converter 3.1.8
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros Driver Installation Program
BlackBerry Desktop Software 4.7
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Delicious Add-on for Internet Explorer
Dropbox
EA Download Manager
ERUNT 1.1j
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
iCloud
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 38
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Orange Mobile Partner
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Roxio Media Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 5.10
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Late Night
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
08/04/2013 20:42:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 20:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
08/04/2013 20:27:56, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 20:26:26, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 20:26:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
08/04/2013 20:26:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/04/2013 20:26:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
08/04/2013 20:26:12, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
08/04/2013 20:26:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
08/04/2013 20:25:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
08/04/2013 20:25:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
08/04/2013 20:25:54, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 20:23:37, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
08/04/2013 20:19:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
08/04/2013 19:52:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service RichVideo with arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}
08/04/2013 19:40:00, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:39:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
08/04/2013 19:39:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
08/04/2013 19:38:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
08/04/2013 19:38:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
08/04/2013 19:26:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
.
==== End Of File ===========================


The aswMBR is:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 20:45:22
-----------------------------
20:45:22.794 OS Version: Windows x64 6.1.7601 Service Pack 1
20:45:22.794 Number of processors: 2 586 0x170A
20:45:22.794 ComputerName: JANE-PC UserName: Jane
20:45:24.151 Initialize success
20:46:49.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:46:49.171 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
20:46:49.296 Disk 0 MBR read successfully
20:46:49.311 Disk 0 MBR scan
20:46:49.311 Disk 0 unknown MBR code
20:46:49.327 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:46:49.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292147 MB offset 409600
20:46:49.358 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12897 MB offset 598726656
20:46:49.389 Disk 0 scanning C:\Windows\system32\drivers
20:46:58.219 Service scanning
20:47:15.691 Modules scanning
20:47:15.691 Disk 0 trace - called modules:
20:47:15.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:47:15.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd9060]
20:47:15.753 3 CLASSPNP.SYS[fffff8800115843f] -> nt!IofCallDriver -> [0xfffffa800473c520]
20:47:15.753 5 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800468a680]
20:47:15.769 Scan finished successfully
20:48:05.174 Disk 0 MBR has been saved successfully to "C:\Users\Jane\Desktop\MBR.dat"
20:48:05.190 The log file has been saved successfully to "C:\Users\Jane\Desktop\aswMBR.txt"


Any help is appreciated.

Thanks

shelf life
2013-04-13, 16:41
hi geeky,

To start you can download and run the free version of Malwarebytes:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
NOTE: The free version must be updated manually and a scan started manually.

geeky
2013-04-15, 23:27
Thank you for your assistance. This is the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jane :: JANE-PC [administrator]

Protection: Enabled

15/04/2013 19:08:03
mbam-log-2013-04-15 (19-08-03).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 542638
Time elapsed: 2 hour(s), 8 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ndxmsr (Trojan.RedirRdll3.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\ndxmsr.dll",_ascii_strtod -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

(end)

shelf life
2013-04-16, 00:43
ok. Good. We will get another download to use:


Download and save RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to to your desktop.
Double click to start
For Vista or Windows 7, right-click and select run as Admin.
Once the prescan has finished click on the scan button.
Once the scan is done a report.txt will be on your desktop.
Exit Rougekiller by going to File>Quit.
copy/paste the RK[1]report into your reply.

geeky
2013-04-16, 20:50
Hi

This is the RogueKiller report.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jane [Admin rights]
Mode : Scan -- Date : 04/16/2013 18:45:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Jane\AppData\Roaming\redbj.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Jane\AppData\Roaming\redbj.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3121070403-1088618337-3181964479-1001[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3121070403-1088618337-3181964479-1001[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++
--- User ---
[MBR] 373c856a7cbf98223337408b2a19faac
[BSP] ab38bb93027df82801cf7afd00737177 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292147 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598726656 | Size: 12897 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04162013_02d1845.txt >>
RKreport[1]_S_04162013_02d1845.txt

Just FYI I uninstalled ERUNT as it kept causing my computer to crash out to the blue screen.
If this is an issue please let me know and I can reinstall.

shelf life
2013-04-17, 01:19
ok. Good. Now you can run Roguekiller like you did before and after the final scan is done under Options click the delete button. It will produce another Rk[] report on your desktop and reboot your machine. Please post the log in your reply. If ERUNT is blue screening your machine then leave it uninstalled.

After the reboot we will get one more download to use.

Its a utility from ESET to remove a specific rootkit. The link is here (http://kb.eset.com/esetkb/index?page=content&id=SOLN2895) Read the instructions, following steps I & II (if needed.) then download the cleaner tool to your desktop to use. It will also produce a txt file on your desktop. If the rootkit is found you will be prompted to reboot 2 times during the process, as stated in the directions.

geeky
2013-04-17, 22:10
Hi

The Rouguekiller log is:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jane [Admin rights]
Mode : Remove -- Date : 04/17/2013 19:23:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++
--- User ---
[MBR] 373c856a7cbf98223337408b2a19faac
[BSP] ab38bb93027df82801cf7afd00737177 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292147 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598726656 | Size: 12897 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_04172013_02d1923.txt >>
RKreport[1]_S_04162013_02d1845.txt ; RKreport[2]_S_04172013_02d1918.txt ; RKreport[3]_S_04172013_02d1920.txt ; RKreport[4]_D_04172013_02d1923.txt



The ESET report is:

[2013.04.17 20:02:59.593] -
[2013.04.17 20:02:59.593] - ....................................
[2013.04.17 20:02:59.593] - ..::::::::::::::::::....................
[2013.04.17 20:02:59.593] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Sirefef
[2013.04.17 20:02:59.593] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.1.0.9
[2013.04.17 20:02:59.593] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Apr 16 2013
[2013.04.17 20:02:59.593] - .::EE:::::::::::::SS:.EE..........TT......
[2013.04.17 20:02:59.593] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2013.04.17 20:02:59.609] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2013.04.17 20:02:59.609] - ....................................
[2013.04.17 20:02:59.609] -
[2013.04.17 20:02:59.609] - --------------------------------------------------------------------------------
[2013.04.17 20:02:59.609] -
[2013.04.17 20:02:59.609] - INFO: OS: 6.1.7601 SP1
[2013.04.17 20:02:59.609] - INFO: Product Type: Workstation
[2013.04.17 20:02:59.609] - INFO: WoW64: True
[2013.04.17 20:02:59.609] - INFO: Machine guid: B8489B8B-8319-4309-A5F8-90C253055DF0
[2013.04.17 20:02:59.609] -
[2013.04.17 20:02:59.609] - INFO: Scanning for system infection...
[2013.04.17 20:02:59.609] - --------------------------------------------------------------------------------
[2013.04.17 20:02:59.609] -
[2013.04.17 20:02:59.609] - INFO: System modules modification not detected...
[2013.04.17 20:02:59.609] - INFO: Current Shell HKLM [explorer.exe].
[2013.04.17 20:02:59.609] - INFO: Current SubSystems [%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16].
[2013.04.17 20:02:59.625] - INFO: Win32/Sirefef not found
[2013.04.17 20:03:09.188] -
[2013.04.17 20:03:09.188] - --------------------------------------------------------------------------------
[2013.04.17 20:03:09.188] - INFO: Logging finished successfully...
[2013.04.17 20:03:09.188] - --------------------------------------------------------------------------------

I think this has all run successfully but I had to run the ESET a number of times because I kept getting blue screen. I am not sure what is causing it. I have disabled Kaspersky and it seems to be ok now.

shelf life
2013-04-17, 23:58
Ok, looks good. What AV are you using? I dont see one in the list of software and you mention Kaspersky and your DDS shows Norton. Only need one resident AV per machine. Did you have Norton at one time?

geeky
2013-04-18, 20:09
Yes I did have Norton but I uninstalled it (or I thought I did). I have installed Kaspersky so it is strange that it is not showing up. Any suggestions?

shelf life
2013-04-19, 01:03
You can download and run Nortons uninstaller.

The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer

Link. (https://support.norton.com/sp/en/us/home/current/solutions/kb20071130124653EN_EndUserProfile_en_us)

Is your machine stable now, no blue screens? Kaspersky wont do you much good if you have to keep it disabled. Other than that hows everything else looking now?

geeky
2013-04-22, 21:25
Hi

Sorry for the delay in replying.

I have now removed Norton and Kaspersky is running. I am still having a problem with blue screen and I cant figure out the cause.

I can boot up without an issue and then after a few minutes I will get the blue screen and the computer will automatically restart. This does not happen every time. After it has restarted it seems to be stable.

shelf life
2013-04-23, 02:33
The default action for a BSOD is to automatically reboot the machine. This can be changed but lets see if you have any BSOD dump files. You can get a download to use which will find and display them for you. The info will be useful for narrowing things down. Its called bluescreenview. (http://www.nirsoft.net/utils/blue_screen_view.html) You can right click on a dump file and save it has a report.

geeky
2013-04-25, 21:18
Crash List

Hi

This is the latest dump file. Do you need any others?

Created by using BlueScreenView
Dump File Crash Time Bug Check String Bug Check Code Parameter 1 Parameter 2 Parameter 3 Parameter 4 Caused By Driver Caused By Address File Description Product Name Company File Version Processor Crash Address Stack Address 1 Stack Address 2 Stack Address 3 Computer Name Full Path Processors Count Major Version Minor Version Dump File Size
042513-26816-01.dmp 25/04/2013 19:09:08 DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 00000000`00000004 00000000`00000002 00000000`00000000 fffff880`05055bd4 athrx.sys athrx.sys+1cbd4 x64 ntoskrnl.exe+75c00 C:\Windows\Minidump\042513-26816-01.dmp 2 15 7601 301,072

shelf life
2013-04-26, 02:38
hi,

That one is good for now.Thanks for the info. Lets get another download to check something out. Its called TDSSkiller.


Download Tdsskiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) to your desktop


Click the icon, then on Change Parameters. Check the option: Detect TDLFS file system, then click ok and Start Scan

Once the scan is done you will find a .txt file in your root drive Local Disk (C) labeled as: TDSSKILLER.2.8.13.0_15.04.2013_17.34.06_log.txt (version,date time)

Please copy/paste the log file in your reply.

shelf life
2013-05-02, 01:02
hi geeky,

Topic will be closed in 2 days if no reply.

tashi
2013-05-09, 04:29
Topic re-opened.

shelf life
2013-05-09, 23:42
Ok we are back. I did see your TDSSkiller .txt and it looks ok. Try this: boot your machine into safe mode by tapping the f8 key during a computer restart, chose the first option from the list: safe mode. Log into your normal account. see if the machine is stable, ie: no BSOD while in safe mode. Then reboot normally. Is that a HP laptop your running?

geeky
2013-05-14, 20:20
Hi

Thanks for restarting this.

Ok have booted in safe mode and it seems stable,

Yes I am using a HP laptop.

shelf life
2013-05-15, 02:44
That BSOD is related to to your wireless driver, which in safe mode only wouldnt be in use. Do you recall updating it recently or anything? If you get updates automatically from HP you may not even know. You could also visit the HP support website where you could download the latest drivers for your machine, assuming thats the cause.