Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Alureon.DX Rootkit + Antivirus problems

Started by Itachirumon , Jul 10 2011 03:46 AM

This topic is locked

#16
Essexboy

Posted 12 July 2011 - 12:31 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you run this programme please as there is a new variant that I want to check for

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#17
Itachirumon

Posted 12 July 2011 - 03:31 PM

Member

Topic Starter
Member
77 posts

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9000 (RP114UA#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 160):
0x81E0F000 \SystemRoot\system32\ntkrnlpa.exe
0x821C9000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80610000 \SystemRoot\system32\PSHED.dll
0x80621000 \SystemRoot\system32\BOOTVID.dll
0x80629000 \SystemRoot\system32\CLFS.SYS
0x8066A000 \SystemRoot\system32\CI.dll
0x8074A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82802000 \SystemRoot\system32\drivers\acpi.sys
0x82848000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82851000 \SystemRoot\system32\drivers\msisadrv.sys
0x82859000 \SystemRoot\system32\drivers\pci.sys
0x82880000 \SystemRoot\System32\drivers\partmgr.sys
0x8288F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82892000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8289C000 \SystemRoot\system32\drivers\volmgr.sys
0x828AB000 \SystemRoot\System32\drivers\volmgrx.sys
0x828F5000 \SystemRoot\system32\drivers\pciide.sys
0x828FC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8290A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8291A000 \SystemRoot\system32\drivers\atapi.sys
0x82922000 \SystemRoot\system32\drivers\ataport.SYS
0x82940000 \SystemRoot\system32\drivers\nvstor.sys
0x8294D000 \SystemRoot\system32\drivers\storport.sys
0x8298E000 \SystemRoot\system32\drivers\fltmgr.sys
0x829C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x829D0000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A06000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A77000 \SystemRoot\system32\drivers\ndis.sys
0x82B82000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAD000 \SystemRoot\system32\drivers\NETIO.SYS
0x87A03000 \SystemRoot\System32\drivers\tcpip.sys
0x87AED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1B000 \SystemRoot\system32\drivers\volsnap.sys
0x87D54000 \SystemRoot\System32\Drivers\spldr.sys
0x87D5C000 \SystemRoot\System32\Drivers\mup.sys
0x87D6B000 \SystemRoot\System32\drivers\ecache.sys
0x87D92000 \SystemRoot\system32\drivers\disk.sys
0x87DA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87DC4000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87B08000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87DFC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87B18000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x87B1B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87B2B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87B32000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B408000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8BA09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C13B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1DB000 \SystemRoot\System32\drivers\watchdog.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8C1EA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B550000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B58E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B59D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C1F4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B5B5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B5C5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B5D3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B5ED000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x87B3B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x87B4F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C60C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C699000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C799000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C7AC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8C7B1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C7BC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C7EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C7EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87BA0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C600000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87BCF000 \SystemRoot\system32\DRIVERS\bridge.sys
0x82BE8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x87BEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x829D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CA02000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CA17000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA27000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA29000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA53000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CA5D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CA6A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CA73000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CAA8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CAB9000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CAEA000 \SystemRoot\system32\drivers\portcls.sys
0x8CB17000 \SystemRoot\system32\drivers\drmk.sys
0x8CB3C000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CE06000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CF09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CFBE000 \SystemRoot\system32\drivers\modem.sys
0x8CFCB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CB7A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CFEB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CB9B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8CFF3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CBBE000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBC5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CBCC000 \SystemRoot\System32\drivers\vga.sys
0x8CBD8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B400000 \SystemRoot\system32\drivers\rdpencdd.sys
0x87BF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D20E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D21C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D225000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D23B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D24F000 \SystemRoot\system32\drivers\afd.sys
0x8D297000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D2C9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D2DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D2ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D300000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D33C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D346000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D35D000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8D398000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D3A5000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8D3AF000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x952D0000 \SystemRoot\System32\win32k.sys
0x8D3BC000 \SystemRoot\System32\drivers\Dxapi.sys
0x954F0000 \SystemRoot\System32\TSDDD.dll
0x95510000 \SystemRoot\System32\cdd.dll
0x8D3D5000 \SystemRoot\system32\drivers\luafv.sys
0x9BA02000 \SystemRoot\system32\drivers\spsys.sys
0x9BAB2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BAC2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BAEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BAF6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BB09000 \SystemRoot\system32\drivers\HTTP.sys
0x9BB76000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BB93000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BBAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BBC1000 \SystemRoot\system32\drivers\mrxdav.sys
0x87DCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CA03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CA3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CA54000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CA7C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CACB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CACF000 \SystemRoot\system32\drivers\peauth.sys
0x9CBAD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CBB7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CBC3000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9CBD3000 \SystemRoot\system32\drivers\tdtcp.sys
0x9CBDE000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA0201000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA0234000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA0243000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA024C000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{327D92F6-53BB-44FA-94F4-8D84D68A12E5}\MpKsl5911013b.sys
0xA0252000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77B80000 \WINDOWS\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
444 C:\WINDOWS\System32\smss.exe
576 csrss.exe
628 C:\WINDOWS\System32\wininit.exe
640 csrss.exe
672 C:\WINDOWS\System32\services.exe
688 C:\WINDOWS\System32\lsass.exe
696 C:\WINDOWS\System32\lsm.exe
840 C:\WINDOWS\System32\winlogon.exe
856 C:\WINDOWS\System32\svchost.exe
912 C:\WINDOWS\System32\nvvsvc.exe
940 C:\WINDOWS\System32\svchost.exe
1000 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1156 C:\WINDOWS\System32\svchost.exe
1236 C:\WINDOWS\System32\svchost.exe
1264 C:\WINDOWS\System32\svchost.exe
1340 C:\WINDOWS\System32\audiodg.exe
1364 C:\WINDOWS\System32\svchost.exe
1384 C:\WINDOWS\System32\SLsvc.exe
1428 C:\WINDOWS\System32\svchost.exe
1488 C:\WINDOWS\System32\rundll32.exe
1648 C:\WINDOWS\System32\svchost.exe
1900 C:\WINDOWS\System32\spoolsv.exe
1936 C:\WINDOWS\System32\svchost.exe
200 C:\WINDOWS\System32\wlanext.exe
724 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
644 C:\WINDOWS\System32\svchost.exe
924 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1248 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1460 C:\Program Files\Bonjour\mDNSResponder.exe
1412 C:\WINDOWS\System32\svchost.exe
1568 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
1668 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2132 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2172 C:\WINDOWS\System32\svchost.exe
2188 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2204 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2232 C:\WINDOWS\System32\svchost.exe
2336 C:\WINDOWS\System32\svchost.exe
2356 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2412 C:\WINDOWS\System32\SearchIndexer.exe
2464 C:\WINDOWS\System32\drivers\XAudio.exe
2500 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2536 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2572 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2720 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
3116 C:\WINDOWS\System32\taskeng.exe
3176 C:\WINDOWS\System32\dwm.exe
3224 C:\WINDOWS\System32\taskeng.exe
3240 C:\WINDOWS\explorer.exe
3808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3820 C:\Program Files\HP\QuickPlay\QPService.exe
3840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3888 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1112 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1760 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3448 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3212 C:\Program Files\Microsoft Security Essentials\msseces.exe
3500 C:\WINDOWS\System32\rundll32.exe
3620 WmiPrvSE.exe
12 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3456 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2564 C:\Program Files\iTunes\iTunesHelper.exe
964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2144 C:\Program Files\Windows Sidebar\sidebar.exe
4048 C:\WINDOWS\ehome\ehtray.exe
3648 C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
2860 C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
2476 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3788 C:\WINDOWS\ehome\ehmsas.exe
1472 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4244 C:\Program Files\iPod\bin\iPodService.exe
4544 C:\WINDOWS\System32\svchost.exe
4600 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4620 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
3012 C:\Program Files\AIM\aim.exe
1396 C:\WINDOWS\System32\wuauclt.exe
3976 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
4084 C:\Program Files\Internet Explorer\iexplore.exe
4740 C:\Program Files\Internet Explorer\iexplore.exe
1964 C:\WINDOWS\System32\Macromed\Flash\FlashUtil10e.exe
2976 C:\WINDOWS\System32\SearchProtocolHost.exe
3756 C:\WINDOWS\System32\SearchFilterHost.exe
4184 C:\Program Files\Internet Explorer\iexplore.exe
5936 C:\Users\TEST\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRN3VN0E\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`4cceca00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2120BH PL, Rev: 892C

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#18
Essexboy

Posted 12 July 2011 - 03:40 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you now run this programme please

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#19
Itachirumon

Posted 12 July 2011 - 08:44 PM

Member

Topic Starter
Member
77 posts

Just to be safe I'm posting the MBR log that came with it too.

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software
Run date: 2011-07-12 19:40:44
-----------------------------
19:40:44.180 OS Version: Windows 6.0.6002 Service Pack 2
19:40:44.180 Number of processors: 2 586 0x4802
19:40:44.181 ComputerName: JAKE UserName: TEST
19:40:51.549 Initialize success
19:41:10.822 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
19:41:10.825 Disk 0 Vendor: FUJITSU_ 892C Size: 114473MB BusType: 8
19:41:13.042 Disk 0 MBR read successfully
19:41:13.051 Disk 0 MBR scan
19:41:13.059 Disk 0 unknown MBR code
19:41:15.077 Disk 0 scanning sectors +234436545
19:41:15.243 Disk 0 scanning C:\Windows\system32\drivers
19:41:47.753 Service scanning
19:41:53.244 Disk 0 trace - called modules:
19:41:53.478 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
19:41:53.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851ac1b8]
19:41:53.509 3 CLASSPNP.SYS[87da88b3] -> nt!IofCallDriver -> [0x84bb0128]
19:41:53.525 5 acpi.sys[8280a6bc] -> nt!IofCallDriver -> \Device\0000006a[0x84bb0b60]
19:41:53.540 Scan finished successfully
19:42:14.444 Disk 0 MBR has been saved successfully to "C:\Users\TEST\Desktop\MBR.dat"
19:42:14.600 The log file has been saved successfully to "C:\Users\TEST\Desktop\aswMBR.txt"

3ÿ¾ Ž×¼ z» ‹ÎŽÛŽÃó¤êr z f‹U´BÆ |2Àf‰" ¾ ²€Í‚Â >þUªÃ¬
Àtú´» Íëò¸_fºQPH_Ís3Û€ã
ÛÃ‹é‹ÙÆ* ¿î¹ 8mt9è¢ÿu!f¸RECOf9t f9ðu
Æ* ‹ßÆE ëŠE<t
<t$õ<u‹ïˆ-ƒïâ»Ûtít‹ûöNuGöNuDè|ÿu;ë=f3ÒèDÿº ±¿¾Òu€} uB€=€t=ƒÇâìJtä‹6Qè>ÿ‹6Sè7ÿ´ ÍÍ‹ïë * ˆE‹ýÆ€€&Nùf3ÒÆ z´Cè÷þèéþ‹6OuÆê | PW\chErr2
Err1 Err3
Press F11 for Emergency Recovery s a key
MóÙ¯i € þÿÿ? &g&
Áÿþÿÿeg&
\ÐÒ Uª

#20
Essexboy

Posted 13 July 2011 - 12:21 PM

GeekU Moderator

Retired Staff
69,964 posts

OK thanks for that - it explains the unknown MBR, your recovery system is there and it has changed it. When you install Webroot, do you right click the icon and select run as administrator ?

From the Start menu, select all programmes, accessories
then right click the command prompt and run as administrator
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

#21
Itachirumon

Posted 13 July 2011 - 01:02 PM

Member

Topic Starter
Member
77 posts

It says Windows Resource Protection did not find any integrity violations

#22
Essexboy

Posted 13 July 2011 - 01:13 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you download a fresh copy of webroot

Remove all of webroot using AppRemover

Then Install webroot, right click run as administrator

Then let me know what happens

#23
Itachirumon

Posted 13 July 2011 - 01:37 PM

Member

Topic Starter
Member
77 posts

AppRemover didn't find a copy of Webroot on the computer, when I go into Computer and right-click the CD to run as admin it doesn't give me the option

#24
Essexboy

Posted 13 July 2011 - 01:41 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets try an experiment in case it is a bad CD - we can uninstall this on completion

Download Avast and install

Let me know if that works or fails

#25
Itachirumon

Posted 13 July 2011 - 01:59 PM

Member

Topic Starter
Member
77 posts

avast! is able to install successfully. Now I'm not entirely sure if the CD is bad or if there's something wrong with my CD drive. Following the hinge repair in 12/2008 it would occasionally not read cds that were inside. Notably in my music appreciation class, the CD would have info on it and even be workable from another computer but fail to read or even register it existed when placed in this one. This cd can at least be recognized but the disk drive issue might be related at this point.

#26
Essexboy

Posted 13 July 2011 - 02:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Ok I would recommend that you download Webroot from the online area. You should have the licence key with the CD

So download webroot from this page
Select the one you have the licence for and click download trial

Download aswClear to your desktop
Uninstall Avast via Programs and features
Reboot and then run aswClear
Reboot and install webroot

Once done could you let me know what problems remain

#27
Itachirumon

Posted 13 July 2011 - 02:50 PM

Member

Topic Starter
Member
77 posts

All actions completed, Webroot is successfully loaded onto the computer. Would it be better if I brought up the Disk drive thing on a more appropriate board? I'm not sure if it's something with the driver software glitching out or if it's just a hardware issue. I only didn't mention it before the last post because I figured it was a hardware issue and wouldn't be relevant to the Alureon fix. But I figure I'll ask and see what happens but if nothing can be done, no harm no foul. You have been fantastic, I'm very very grateful for all the assistance, it's easily added another year or two of life to what was left over on this outdated laptop. I couldn't really afford it last year and money's still kinda tight but I really want to at least make a $25 donation for all you guys have done, you deserve so much more though. Thank you.

#28
Essexboy

Posted 13 July 2011 - 03:09 PM

GeekU Moderator

Retired Staff
69,964 posts

Shucks

and thank you, if you could post in the hardware forum and post the link here I will ask one of the more technically minded to help you

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For aswMBR just delete the file from the desktop

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup an select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:

#29
Essexboy

Posted 15 July 2011 - 02:18 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.