WiredWX Hobby Weather ToolsLog in

 


descriptionPC Acting Strange! - Page 2 EmptyRe: PC Acting Strange!

more_horiz
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

PC Acting Strange! - Page 2 AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

PC Acting Strange! - Page 2 AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
***********************************************************
Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

descriptionPC Acting Strange! - Page 2 EmptyRe: PC Acting Strange!

more_horiz
Thanks for the speedy response i am guessing you are seeing things out of the norm?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 20:29:06
-----------------------------
20:29:06.907 OS Version: Windows x64 6.1.7601 Service Pack 1
20:29:06.907 Number of processors: 8 586 0x3A09
20:29:06.909 ComputerName: MAIN-PC UserName: Seth
20:29:08.394 Initialize success
20:29:23.068 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:29:23.071 Disk 0 Vendor: TOSHIBA_ AX00 Size: 715404MB BusType: 3
20:29:23.085 Disk 0 MBR read successfully
20:29:23.089 Disk 0 MBR scan
20:29:23.092 Disk 0 Windows VISTA default MBR code
20:29:23.104 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:29:23.114 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699283 MB offset 3074048
20:29:23.140 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14620 MB offset 1435205632
20:29:23.174 Disk 0 scanning C:\windows\system32\drivers
20:29:27.046 Service scanning
20:29:57.561 Modules scanning
20:29:57.562 Disk 0 trace - called modules:
20:29:57.574 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll
20:29:57.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078a4060]
20:29:57.578 3 CLASSPNP.SYS[fffff88001dc043f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80077bd710]
20:29:57.578 5 thpdrv.sys[fffff88001d092b0] -> nt!IofCallDriver -> [0xfffffa80072ef910]
20:29:57.579 7 ACPI.sys[fffff88000f687a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80072f5050]
20:29:57.579 Scan finished successfully
20:31:47.220 Disk 0 MBR has been saved successfully to "C:\Users\Seth\Documents\PC Security\MBR.dat"
20:31:47.224 The log file has been saved successfully to "C:\Users\Seth\Documents\PC Security\aswMBR.txt"


Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 15.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:682 Go - Free:551 Go )
D:\ [CD_Rom]
.
Scan : 20:30.17
Path : C:\Users\Seth\Downloads\Rooter.exe
User : Seth ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (432)
Locked avgrsa.exe (604)
Locked avgcsrva.exe (656)
Locked csrss.exe (392)
Locked wininit.exe (592)
Locked csrss.exe (544)
Locked services.exe (1028)
Locked lsass.exe (1036)
Locked lsm.exe (1044)
Locked svchost.exe (1148)
Locked svchost.exe (1224)
Locked svchost.exe (1288)
Locked svchost.exe (1320)
Locked svchost.exe (1360)
Locked svchost.exe (1468)
Locked winlogon.exe (1520)
Locked svchost.exe (1624)
Locked wlanext.exe (1732)
Locked conhost.exe (1740)
Locked spoolsv.exe (1992)
Locked svchost.exe (1008)
Locked AppleMobileDeviceService.exe (1584)
Locked avgidsagent.exe (1420)
Locked avgwdsvc.exe (2076)
Locked mDNSResponder.exe (2120)
Locked EvtEng.exe (2156)
Locked HeciServer.exe (2192)
Locked IntelMeFWService.exe (2232)
Locked Jhi_service.exe (2252)
Locked mbamscheduler.exe (2300)
Locked mbamservice.exe (2680)
Locked avgnsa.exe (2860)
Locked avgemca.exe (2872)
Locked SymcPCCULaunchSvc.exe (2532)
Locked ccSvcHst.exe (1920)
Locked RegSrvc.exe (2668)
Locked svchost.exe (2776)
Locked ThpSrv.exe (2712)
Locked TODDSrv.exe (2796)
Locked TosCoSrv.exe (3080)
Locked ToolbarUpdater.exe (3132)
Locked WLIDSVC.EXE (3224)
Locked ZeroConfigService.exe (3264)
Locked SDWinSec.exe (3316)
Locked WLIDSVCM.EXE (3340)
Locked unsecapp.exe (3504)
Locked TecoService.exe (3612)
Locked WmiPrvSE.exe (3676)
Locked svchost.exe (3728)
______ ???"?????? (4304)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (4368)
______ ???"?????? (4388)
Locked ccSvcHst.exe (4400)
______ ???"?????? (4432)
______ ???"?????? (2824)
______ ???"?????? (4160)
______ ???"?????? (4136)
______ ???"?????? (4176)
______ ???"?????? (4228)
______ ???"?????? (4752)
______ ???"?????? (4876)
______ ???"?????? (4252)
______ ???"?????? (4364)
______ ???"?????? (4852)
______ ???"?????? (4932)
______ ???"?????? (4668)
______ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (4840)
______ ???"?????? (4908)
______ C:\Program Files (x86)\RocketDock\RocketDock.exe (4648)
______ ???"?????? (4904)
Locked SearchIndexer.exe (4476)
______ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (4628)
______ C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe (3496)
______ C:\Program Files (x86)\AVG\AVG2013\avgui.exe (5124)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5256)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (5448)
______ ???"?????? (5604)
______ ???"?????? (5620)
______ C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (5728)
______ ???"?????? (5520)
______ ???"?????? (5504)
Locked iPodService.exe (5784)
Locked wmpnetwk.exe (5820)
Locked SynTPHelper.exe (6068)
Locked svchost.exe (5528)
Locked svchost.exe (6504)
______ ???"?????? (6380)
Locked dllhost.exe (7520)
Locked TMachInfo.exe (8064)
Locked LMS.exe (8004)
Locked UNS.exe (6364)
Locked TPCHSrv.exe (7740)
Locked TosSmartSrv.exe (5880)
______ ???"?????? (7228)
______ ???"?????? (7340)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6444)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5424)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3560)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8144)
Locked SearchProtocolHost.exe (1772)
Locked SearchFilterHost.exe (3924)
Locked audiodg.exe (6480)
Locked aswMBR.exe (5888)
______ C:\Users\Seth\Downloads\Rooter.exe (4420)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 (Start_Offset:1573912576 | Length:733251371008)
\Device\Harddisk0\Partition3 (Start_Offset:734825283584 | Length:15330181120)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:30.20
.
C:\Rooter$\Rooter_1.txt - (03/10/2012 | 20:30.20)





descriptionPC Acting Strange! - Page 2 EmptyRe: PC Acting Strange!

more_horiz
Bump

descriptionPC Acting Strange! - Page 2 EmptyRe: PC Acting Strange!

more_horiz
Please take not of this warning in the Security Checker.
Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)

SSD means Solid State Drive

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

PC Acting Strange! - Page 2 NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

PC Acting Strange! - Page 2 NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

PC Acting Strange! - Page 2 RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

PC Acting Strange! - Page 2 Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionPC Acting Strange! - Page 2 EmptyRe: PC Acting Strange!

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum