Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

worm blaster 32?


  • This topic is locked This topic is locked

#31
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
listen Dakeyras i have just read your reply and i just want you to know that i understand that the whole use at your own risk is probably a safety thing but if my computer blew up, or came to life and attacked me i would just accept it. you have helped me far too much for me to disrespect you in any way. n going to try it now.
  • 0

Advertisements


#32
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
here is the report from the program. the computer has not changed in any way. still no internet


AVAST
Right- click on the avast! icon in system tray (looks like this: but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.

AVG 8
Open the AVG 8 Control Center, by right-clicking on the AVG 8 icon on task bar.
•Click on Tools.

•Select Advanced.

•In the left hand pane, scroll down to "Resident Shield".

•In the main pane, deselect the option to "Enable Resident Shield."

•To re-enable AVG 8, please select "Enable Resident Shield" again.

AVG 8.5
Please open the AVG 8.5 Control Center, by right clicking on the AVG icon on task bar.
•Click on Open AVG Interface.

•Double click on Resident Shield

•Deselect the option to "Enable Resident Shield."

•Save changes, and exit the application.

•To re-enable AVG 8.5, please select "Enable Resident Shield" again.

•Also see AVG FAQ 1209: How to temporarily disable AVG Free Edition 8.5

AVG 9.0
Please refer to the instructions provided in AVG FAQ 2429: How to temporarily disable AVG Free Edition 9.0.

AVG 2011
Open the AVG 2011 Control Center, by right-clicking on the AVG icon on task bar.
•Click on Open AVG User Interface.

•On the Menu Bar, click on Tools, then click Advanced Settings.

•In the screen which opens, scroll down to Temporarily disable AVG protection.

•Click on it to highlight and in the right hand pane, check the box for Temporarily disable AVG protection.

•Click Apply.

•In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button and click OK.

•To re-enable, just check Enable on the main GUI interface. You may also need to click Fix (enable becomes Fix if all components do not start).
AVG FAQ 3857: Disabling AVG 2011 temporarily
AVG FAQ 3902: Disabling Specific AVG components

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
•right click it-> untick the option AntiVir Guard enable.

•You should now see a closed, white umbrella on a red background (looks to this: )

BIT DEFENDER
•Double click on the system icon for Bit Defender.

•When the Bit Defender window appears, move mouse arrow to the left side and click >> Virus Shield.

•Move mouse arrow to the black check by Virus Shield is enabled and click.

•The black works will change to red, >> Virus Shield is disabled.

•Move mouse arrow to the top right corner and click the down arrows.

•Bit Defender is now inactive.

•To enable Bit Defender, do the same steps except click to enable.

CA Internet Security Suite 2010
•To turn off the Firewall, right-click on the CA Shield icon in the system tray, click My Internet, then click Disable Firewall.

•To turn it back on, right click system tray icon, click My Internet, then click Enable Firewall.


•To temporarily disable the Antivirus, right-click the CA Shield icon in the system tray, click My Computer, then click Enable Snooze.

•Enter the snooze time in minutes (up to 999, approx 16 2/3 hours) in the box and click Snooze.

•To end snooze, follow the same procedure and click Wake Now on the page for entering snooze time.

•To disable Antivirus on a longer basis, double-click the CA Shield icon in the system tray.

•When Security Center comes up, click Update Settings in the My Computer tab.

•Then click the red X next to Auto Scan.

•To re-enable, follow the same procedure and click the green checkmark.

ESET NOD32 ANTIVIRUS V4
•Double click on the system tray icon: on the bottom right hand corner.

•Select Disable real-time file system protection.

•A popup will ask "Are you sure you want to disable...protection?"

•Click "Yes" to disable the Antivirus guard.

ESET SMART SECURITY
•Double click on the system tray icon: to open the main application window.

•Or via Start >> All Programs >> ESET >> ESET Smart Security.

•Click on Setup >> Antivirus and antispyware >> Temporarily disable Antivirus and antispyware protection.

•When prompted to confirm temporarily disable select Yes.

•Note: Protection will be automatically started after a system reboot.
  • 0

#33
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorryn i was in a ruch last night and posted the wrong thing (by the way tinker tailor soldier spy is very good) so here is teh right report.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8FE09000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9793536 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.44 )
0x82212000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82212000 PnpManager 3907584 bytes
0x82212000 RAW 3907584 bytes
0x82212000 WMIxWDM 3907584 bytes
0x9DE80000 Win32k 2105344 bytes
0x9DE80000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A80C000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8AE0E000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AA04000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9684C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F8AC000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1036288 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8AC05000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x8FCAE000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8066D000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA100D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8A607000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0x96A06000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA110F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8A204000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x8FC02000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A473000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x8F801000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8A575000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8074D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8A33E000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x8A944000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0x8A3A8000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x8A0D8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x96995000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8A004000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8062C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A2E5000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x9680E000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8AD94000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x96C07000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A6E1000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
0x8AB75000 C:\Windows\system32\drivers\CHDRT32.sys 241664 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8AB3A000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8AF26000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8AD3A000 C:\Windows\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8F9B6000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825CC000 ACPI_HAL 208896 bytes
0x825CC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A76A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9694F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FD92000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8ABB0000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A71D000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
0x8AB0F000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x907C8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x96C6A000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8AF8B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x96B36000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8A05B000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8A40D000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x807CC000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8A7AC000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90762000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8ABDD000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8A199000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8A9DD000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
0x96B15000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x96B90000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A749000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x8A2AD000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8A091000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x8A1C2000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
0x8ACF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x96CCB000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8A17E000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8A539000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
0x8A2CB000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
0x8A164000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x8F88E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8A553000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
0x96C53000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FDCC000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x96AE9000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8A447000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x8A45D000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0xA11BF000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x969DD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x96BE3000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x96D25000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x90799000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8AF67000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x8A9A6000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0x96B00000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8A433000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0x90785000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x96981000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8AD1C000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x96CF6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x96AD6000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x8ADE1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8AFB2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F9EB000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80613000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A79C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8A511000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x96CE6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A154000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x907B8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8A082000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x96CBC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AF7C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8A0AD000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8AD0D000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FDEE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8ADD2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8A0C9000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9E0C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x96800000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8A6D3000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x96BCC000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x96AC8000 C:\Windows\system32\drivers\nvhda32v.sys 57344 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0x8A129000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x807BE000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x96C92000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x96ABB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8A326000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8A999000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
0x8F9A9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8A521000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0x8A52D000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
0x8A9BB000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
0xA10F5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x96B84000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FCA2000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x96C9F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A333000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
0x8AD2F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8AD73000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8A6BE000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
0x96BC1000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FDE3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A9C7000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
0x8A9D2000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
0x8FDC1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AFEC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A0BF000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x96CB2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A507000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
0x8A56B000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8A6C9000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x907F2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x96C43000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA10EB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8AD8A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA11D5000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8AFC3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x96B5D000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x96BDA000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9E0A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AFF7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AE00000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8A04A000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8A2A5000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80624000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8A14C000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x96CAA000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8A053000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8AD82000 C:\Windows\system32\DRIVERS\nvsmu.sys 32768 bytes (NVIDIA Corporation, NVIDIA nForce™ SMU Microcontroller Driver)
0x96BB1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x96BB9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AF5F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8A1BA000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x8AF1E000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0xA1101000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8A13E000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x8A145000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x96B6D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x96B7D000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8A122000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8060C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x96B66000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A137000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F8A6000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xA1109000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A42A7859-E51A-4F0C-9D90-8FA5399AED17}\MpKsl9390ed4b.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x96C4D000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A42A7859-E51A-4F0C-9D90-8FA5399AED17}\MpKslf75a7b16.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x96BF9000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8AE09000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x8AD7E000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x96D21000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8A0BC000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x90760000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.44 )
0x8FDFD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8AD71000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x822BA7AA-->822BA7B1 [ntkrnlpa.exe]
  • 0

#34
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

listen Dakeyras i have just read your reply and i just want you to know that i understand that the whole use at your own risk is probably a safety thing but if my computer blew up, or came to life and attacked me i would just accept it. you have helped me far too much for me to disrespect you in any way. n going to try it now.

OK.

here is the report from the program. the computer has not changed in any way. still no internet

sorryn i was in a ruch last night and posted the wrong thing (by the way tinker tailor soldier spy is very good) so here is teh right report.

Not a problem, I recall the original series...anyway you posted a RKUnhooker log again...Did you not understand my instructions in Post #30? If not fair play and I will post such again in a different manner.
  • 0

#35
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
sorry about last report. i guess i just got mixed up. i have ran combofix and aftethe program stopped and i tried to open any other application like ccleaner or finepx or anything else a warning came up saying trying to perform an illegal operation on a reigstry key. not sure what this means. anyway here is the report.

ComboFix 11-10-01.03 - Ase 03/10/2011 19:12:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1878 [GMT 1:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 18:21 . 2011-10-03 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-01 21:17 . 2011-10-01 21:25 -------- d-----w- c:\windows\PLA
2011-09-30 14:53 . 2011-09-30 14:53 -------- d-----w- c:\users\Ase\AppData\Roaming\Malwarebytes
2011-09-30 14:53 . 2011-09-30 14:53 -------- d-----w- c:\programdata\Malwarebytes
2011-09-30 14:53 . 2011-10-03 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-30 14:08 . 2011-09-30 14:08 -------- d-----w- C:\_OTL
2011-09-30 14:02 . 2011-09-30 14:03 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 11:04 . 2011-08-30 09:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-30 09:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-30 09:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-30 09:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-30 09:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-30 09:24 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-30 09:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-30 09:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ase^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-02-18 13:49 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-23 15:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-04-19 17:58 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-18 20:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-28 09:32 1557800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 hsogjgji;hsogjgji;c:\windows\system32\drivers\hsogjgji.sys [x]
R1 MpKsl08236c64;MpKsl08236c64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D253FE1F-F399-49E8-A782-A6AB706FEF00}\MpKsl08236c64.sys [x]
R1 MpKsl1d1b0920;MpKsl1d1b0920;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCA827A8-55AC-41D5-B872-008F34B0BDC2}\MpKsl1d1b0920.sys [x]
R1 MpKsl29f98c13;MpKsl29f98c13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2145C60-208D-474B-A74C-8B52B0DBBDC7}\MpKsl29f98c13.sys [x]
R1 MpKsl375ee472;MpKsl375ee472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl375ee472.sys [x]
R1 MpKsl39d74165;MpKsl39d74165;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCA827A8-55AC-41D5-B872-008F34B0BDC2}\MpKsl39d74165.sys [x]
R1 MpKsl3f6f376b;MpKsl3f6f376b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsl3f6f376b.sys [x]
R1 MpKsl48e65f67;MpKsl48e65f67;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7B1AAF4-137A-4F38-8C8A-EF82E889C655}\MpKsl48e65f67.sys [x]
R1 MpKsl5cbe567e;MpKsl5cbe567e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DC8CA4-C8F9-4497-8334-25872A925F46}\MpKsl5cbe567e.sys [x]
R1 MpKsl68dc08a5;MpKsl68dc08a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl68dc08a5.sys [x]
R1 MpKsl72c7b4b7;MpKsl72c7b4b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsl72c7b4b7.sys [x]
R1 MpKsl77156db0;MpKsl77156db0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C834FED4-915C-468E-8177-FBD283BB564D}\MpKsl77156db0.sys [x]
R1 MpKsl89566c05;MpKsl89566c05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC23864A-F35C-40F8-8E57-EAC97517BEED}\MpKsl89566c05.sys [x]
R1 MpKsl8aa5b4a3;MpKsl8aa5b4a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FC85184-850D-4601-AC13-F7A3D8D157CB}\MpKsl8aa5b4a3.sys [x]
R1 MpKsl91c9cc55;MpKsl91c9cc55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{907250F5-AE04-445B-8DF6-BA81ACF27D9E}\MpKsl91c9cc55.sys [x]
R1 MpKsl9ecdc07a;MpKsl9ecdc07a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl9ecdc07a.sys [x]
R1 MpKsla2e1673e;MpKsla2e1673e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D253FE1F-F399-49E8-A782-A6AB706FEF00}\MpKsla2e1673e.sys [x]
R1 MpKsla726e444;MpKsla726e444;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsla726e444.sys [x]
R1 MpKslafaa7e75;MpKslafaa7e75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AC65D9A-6F3C-4A1D-8B61-631EE8B91525}\MpKslafaa7e75.sys [x]
R1 MpKslb2240631;MpKslb2240631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2145C60-208D-474B-A74C-8B52B0DBBDC7}\MpKslb2240631.sys [x]
R1 MpKslbeeeae50;MpKslbeeeae50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKslbeeeae50.sys [x]
R1 MpKslc2c7f70c;MpKslc2c7f70c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A97F5F46-AD49-43B1-A28E-977779E62BC0}\MpKslc2c7f70c.sys [x]
R1 MpKslc8071c1d;MpKslc8071c1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89C74EF-844F-4977-85AB-A664E98ACF60}\MpKslc8071c1d.sys [x]
R1 MpKslcbb540b2;MpKslcbb540b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11DD0C8C-B07A-4B11-A10A-8C9949EE221C}\MpKslcbb540b2.sys [x]
R1 MpKslda602f14;MpKslda602f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKslda602f14.sys [x]
R1 MpKslf9bd51f9;MpKslf9bd51f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B852B71D-6E0D-4F95-AA2D-BF5F83EC3615}\MpKslf9bd51f9.sys [x]
R1 tjlzzpbj;tjlzzpbj;c:\windows\system32\drivers\tjlzzpbj.sys [x]
R1 uhduflap;uhduflap;c:\windows\system32\drivers\uhduflap.sys [x]
R1 weiskufd;weiskufd;c:\windows\system32\drivers\weiskufd.sys [x]
R3 98C04914;98C04914;c:\windows\system32\98C04914.exe [x]
R3 AE923B2E;AE923B2E;c:\windows\system32\AE923B2E.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-21 12872]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 gupdate1c968822c240e0;Google Update Service (gupdate1c968822c240e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R4 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-21 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-09 67656]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-12 16:35]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 21:41]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 21:41]
.
2011-09-28 c:\windows\Tasks\HPCeeScheduleForAse.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-08-04 22:14]
.
2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{1486EFEE-ED09-47EE-8049-97A2D686CCE7}.job
- c:\windows\system32\msfeedssync.exe [2011-08-30 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 19:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-03 19:25:10
ComboFix-quarantined-files.txt 2011-10-03 18:25
ComboFix2.txt 2011-10-01 21:24
.
Pre-Run: 87,516,766,208 bytes free
Post-Run: 87,428,767,744 bytes free
.
- - End Of File - - E2B25684722F2B55D95A88025B50763B
  • 0

#36
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

sorry about last report. i guess i just got mixed up

Not a problem...

i have ran combofix and aftethe program stopped and i tried to open any other application like ccleaner or finepx or anything else a warning came up saying trying to perform an illegal operation on a reigstry key. not sure what this means.

OK, merely reboot(restart) the machine.

It appears you ran ComboFix from the USB Drive, this is not a problem but I would prefer the executable to be on the Desktop. At present it is located here:-

F:\ComboFix.exe

So after you have rebooted the machine...move the executable to the Desktop as I mentioned prior and provide myself with a quick update please and we will go from there, thank you.
  • 0

#37
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
hey Dakeyras
sorry for the poor communication of recent. well i have ran combofix from the desk top and rebooted the machine however same problem is happening with the turn on network discovery. it continues to flash and go back to off position after i apply the changes. i had not reboot the system and from what you said that is why i was getting the error message. understood and done so no message. i did not frealize that running the prgoram from the f disk was any different: now i know. here is the combofix from the desk top.

ComboFix 11-10-01.03 - Ase 04/10/2011 18:56:01.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1947 [GMT 1:00]
Running from: c:\users\Ase\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 18:03 . 2011-10-04 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-01 21:17 . 2011-10-01 21:25 -------- d-----w- c:\windows\PLA
2011-09-30 14:53 . 2011-09-30 14:53 -------- d-----w- c:\users\Ase\AppData\Roaming\Malwarebytes
2011-09-30 14:53 . 2011-09-30 14:53 -------- d-----w- c:\programdata\Malwarebytes
2011-09-30 14:53 . 2011-10-03 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-30 14:08 . 2011-09-30 14:08 -------- d-----w- C:\_OTL
2011-09-30 14:02 . 2011-09-30 14:03 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-23 11:04 . 2011-08-30 09:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00 . 2011-08-30 09:24 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59 . 2011-08-30 09:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59 . 2011-08-30 09:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:59 . 2011-08-30 09:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:03 . 2011-08-30 09:24 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27 . 2011-08-30 09:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25 . 2011-08-30 09:24 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ase^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-02-18 13:49 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-23 15:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-04-19 17:58 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-18 20:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-08-28 09:32 1557800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 hsogjgji;hsogjgji;c:\windows\system32\drivers\hsogjgji.sys [x]
R1 MpKsl08236c64;MpKsl08236c64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D253FE1F-F399-49E8-A782-A6AB706FEF00}\MpKsl08236c64.sys [x]
R1 MpKsl1d1b0920;MpKsl1d1b0920;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCA827A8-55AC-41D5-B872-008F34B0BDC2}\MpKsl1d1b0920.sys [x]
R1 MpKsl29f98c13;MpKsl29f98c13;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2145C60-208D-474B-A74C-8B52B0DBBDC7}\MpKsl29f98c13.sys [x]
R1 MpKsl375ee472;MpKsl375ee472;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl375ee472.sys [x]
R1 MpKsl39d74165;MpKsl39d74165;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCA827A8-55AC-41D5-B872-008F34B0BDC2}\MpKsl39d74165.sys [x]
R1 MpKsl3f6f376b;MpKsl3f6f376b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsl3f6f376b.sys [x]
R1 MpKsl48e65f67;MpKsl48e65f67;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7B1AAF4-137A-4F38-8C8A-EF82E889C655}\MpKsl48e65f67.sys [x]
R1 MpKsl5cbe567e;MpKsl5cbe567e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78DC8CA4-C8F9-4497-8334-25872A925F46}\MpKsl5cbe567e.sys [x]
R1 MpKsl68dc08a5;MpKsl68dc08a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl68dc08a5.sys [x]
R1 MpKsl72c7b4b7;MpKsl72c7b4b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsl72c7b4b7.sys [x]
R1 MpKsl77156db0;MpKsl77156db0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C834FED4-915C-468E-8177-FBD283BB564D}\MpKsl77156db0.sys [x]
R1 MpKsl89566c05;MpKsl89566c05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC23864A-F35C-40F8-8E57-EAC97517BEED}\MpKsl89566c05.sys [x]
R1 MpKsl8aa5b4a3;MpKsl8aa5b4a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FC85184-850D-4601-AC13-F7A3D8D157CB}\MpKsl8aa5b4a3.sys [x]
R1 MpKsl91c9cc55;MpKsl91c9cc55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{907250F5-AE04-445B-8DF6-BA81ACF27D9E}\MpKsl91c9cc55.sys [x]
R1 MpKsl9ecdc07a;MpKsl9ecdc07a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57F9B9A1-CF03-4FDF-A0A1-31DCBB7ED828}\MpKsl9ecdc07a.sys [x]
R1 MpKsla2e1673e;MpKsla2e1673e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D253FE1F-F399-49E8-A782-A6AB706FEF00}\MpKsla2e1673e.sys [x]
R1 MpKsla726e444;MpKsla726e444;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKsla726e444.sys [x]
R1 MpKslafaa7e75;MpKslafaa7e75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9AC65D9A-6F3C-4A1D-8B61-631EE8B91525}\MpKslafaa7e75.sys [x]
R1 MpKslb2240631;MpKslb2240631;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2145C60-208D-474B-A74C-8B52B0DBBDC7}\MpKslb2240631.sys [x]
R1 MpKslbeeeae50;MpKslbeeeae50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKslbeeeae50.sys [x]
R1 MpKslc2c7f70c;MpKslc2c7f70c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A97F5F46-AD49-43B1-A28E-977779E62BC0}\MpKslc2c7f70c.sys [x]
R1 MpKslc8071c1d;MpKslc8071c1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E89C74EF-844F-4977-85AB-A664E98ACF60}\MpKslc8071c1d.sys [x]
R1 MpKslcbb540b2;MpKslcbb540b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11DD0C8C-B07A-4B11-A10A-8C9949EE221C}\MpKslcbb540b2.sys [x]
R1 MpKslda602f14;MpKslda602f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{379C34C3-32A2-46C1-843A-9B233CC91655}\MpKslda602f14.sys [x]
R1 MpKslf9bd51f9;MpKslf9bd51f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B852B71D-6E0D-4F95-AA2D-BF5F83EC3615}\MpKslf9bd51f9.sys [x]
R1 tjlzzpbj;tjlzzpbj;c:\windows\system32\drivers\tjlzzpbj.sys [x]
R1 uhduflap;uhduflap;c:\windows\system32\drivers\uhduflap.sys [x]
R1 weiskufd;weiskufd;c:\windows\system32\drivers\weiskufd.sys [x]
R3 98C04914;98C04914;c:\windows\system32\98C04914.exe [x]
R3 AE923B2E;AE923B2E;c:\windows\system32\AE923B2E.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-21 12872]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 gupdate1c968822c240e0;Google Update Service (gupdate1c968822c240e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R4 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2009-12-14 149904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-21 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-09 67656]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-12 16:35]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 21:41]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-28 21:41]
.
2011-09-28 c:\windows\Tasks\HPCeeScheduleForAse.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-08-04 22:14]
.
2011-10-03 c:\windows\Tasks\User_Feed_Synchronization-{1486EFEE-ED09-47EE-8049-97A2D686CCE7}.job
- c:\windows\system32\msfeedssync.exe [2011-08-30 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 19:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-10-04 19:06:13
ComboFix-quarantined-files.txt 2011-10-04 18:06
ComboFix2.txt 2011-10-03 18:25
ComboFix3.txt 2011-10-01 21:24
.
Pre-Run: 87,406,264,320 bytes free
Post-Run: 87,345,201,152 bytes free
.
- - End Of File - - A5734D4C16E8D7B4ECD61B406D9136AE
  • 0

#38
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :)

I have bad new I'm afraid it is looking to myself like the actual Operating System is damaged beyond repair now most unfortunately.

The use of the Fixtool for W32.Blaster, which is not Vista compatible has caused some of the issues, if not made them worse overall. The best course of action now would be to perform a reformat and reinstallation of the Windows Operating System.

Now since your partners machine is a Compaq Notebook, you can invoke something called HP Recovery, which basically will reset the machine to back as was when first purchased/switched on etc. How to do so, instructions can be read on the below web-page:-

Recover Windows Vista Operating System Using HP Recovery

Once on the aforementioned web-page scroll down to:-

Recover the PC to the original operating condition in the event of a critical system failure

Click once on that link to expand, follow the instructions...

Afterwards reinstall Microsoft Security Essentials, then install all Critical Updates and Service Packs etc via...

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#39
keers

keers

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
listen thanks for your help. can you tell me what we have done to cause this just so we know not to do the same thing in the future?

chief thanks for your help

i let you know what happens with whatever we do

again
thanks
  • 0

#40
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Hi. :yes:

listen thanks for your help

You're welcome!

can you tell me what we have done to cause this just so we know not to do the same thing in the future?

What I mentioned in my last post undoubtedly played a major factor in the overall situation...the below is worth reading for future reference:-

Preventing Malware and Safe Computing

i let you know what happens with whatever we do

:)
  • 0

Advertisements


#41
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,714 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP