[Sophia L]

Thanks! Here it is, and I'm going to start and end with a Thank You, every time! =====================================================================================================================================================================================================================================================================================================================(I put the lines in for "spacing") aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 18:17:11
-----------------------------
18:17:11.841 OS Version: Windows 6.0.6002 Service Pack 2
18:17:11.842 Number of processors: 2 586 0xF0D
18:17:11.844 ComputerName: SOPHIA-PC UserName:
18:17:13.516 Initialize success
18:18:05.888 AVAST engine defs: 12050601
18:18:55.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:18:55.981 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
18:18:56.001 Disk 0 MBR read successfully
18:18:56.005 Disk 0 MBR scan
18:18:56.031 Disk 0 unknown MBR code
18:18:56.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144067 MB offset 63
18:18:56.074 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8558 MB offset 295049790
18:18:56.084 Disk 0 scanning sectors +312576705
18:18:56.162 Disk 0 scanning C:\Windows\system32\drivers
18:19:14.088 Service scanning
18:19:25.933 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
18:19:25.996 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
18:19:26.174 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
18:19:26.211 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
18:19:57.563 Modules scanning
18:20:09.826 Disk 0 trace - called modules:
18:20:09.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:20:09.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8713eac8]
18:20:09.872 3 CLASSPNP.SYS[895618b3] -> nt!IofCallDriver -> [0x8507c950]
18:20:09.879 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a3d028]
18:20:12.193 AVAST engine scan C:\Windows
18:20:17.030 AVAST engine scan C:\Windows\system32
18:24:48.994 AVAST engine scan C:\Windows\system32\drivers
18:25:10.490 AVAST engine scan C:\Users\Administrator
18:25:53.984 AVAST engine scan C:\ProgramData
18:31:26.169 Scan finished successfully
18:33:10.059 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:33:10.079 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
18:35:21.333 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:35:21.340 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR2.txt"

[Advertisements]

Good job getting these files for me to look at.

Before I send you the first fix I have a few more questions:

Did you uninstall Lavasoft's Ad-Aware? I do not see it in the uninstall list but it has left drivers all over the place.



Did you run TDSSKiller recently?

If so could you post the log from it?


If you can please answer these questions and then do the following steps:

Step 1.

OK next we will check the disc and then the file structure

• On the desktop click the My Computer icon
• Right click your main drive (I am on C) and select properties
• Select the tools tab
• Select error checking
• Place a tick in both boxes
• Press start
• You will get a warning that it needs to reboot to continue
• Allow it to do so

Once completed go on to next step

Step 2.

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator


In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow





After all this is completed could you update me on the problems being experienced

[CompCav]

Good job getting these files for me to look at.

Before I send you the first fix I have a few more questions:

Did you uninstall Lavasoft's Ad-Aware? I do not see it in the uninstall list but it has left drivers all over the place.



Did you run TDSSKiller recently?

If so could you post the log from it?


If you can please answer these questions and then do the following steps:

Step 1.

OK next we will check the disc and then the file structure

• On the desktop click the My Computer icon
• Right click your main drive (I am on C) and select properties
• Select the tools tab
• Select error checking
• Place a tick in both boxes
• Press start
• You will get a warning that it needs to reboot to continue
• Allow it to do so

Once completed go on to next step

Step 2.

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator


In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow





After all this is completed could you update me on the problems being experienced

[Sophia L]

Thanks! I am trying to get in, or on, again. In the meantime, I can answer from a different computer.

I did uninstall Ad-Aware. I think I couldn't run TDSSKiller, though I may be confusing it with something else, but I can't get on the laptop to check right now. I remember running some boot scanner that crashed both times I tried and I later read that it was now part of the overall software package. That scan, before it would crash, would show me a one page narrow log of something it found, and both times there were about 20 entries, most with Chinese alphabet, in red, if I'm not mistaken. I couldn't save these - they would pop and disappear and then that scan would crash.

Thanks, CompCav!

[Sophia L]

Thanks for the help! I think it was that one that wouldn't finish, but I am looking now. In the meantime, here's one from Malwarebytes.===============================================================================================================================================================================================================Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.03.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SOPHIA-PC [administrator]

5/2/2012 9:46:01 PM
mbam-log-2012-05-02 (21-46-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 454114
Time elapsed: 1 hour(s), 48 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Administrator\Downloads\Adobe.Photoshop.Elements.v10.0.Multilingual.Incl.Keymaker-CORE[www.lokotorrents.com]\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

(end)
Thanks!

[Sophia L]

TY!

Are .housecall6.6 logs useful for anything? I see many error reports there, but I have no idea what it is... (though I think they're from 2009...

Thanks!

[Sophia L]

Thanks, CompCav, for letting me drive you nuts... Still looking. Found this one by rootkitbuster:===================



























2012/04/23 19:57:08 GMT-07:00 5204:1952 00 F [LogWritter_setEnable()]: -+-+-+ RootkitBuster-5.00.01050,2012/04/23 19:57:08 Turn ON logging -+-+-+ [ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 F [LogWritter_setEnable()]: -+-+-+ RootkitBuster-5.00.01050,2012/04/23 19:57:08 Turn ON logging -+-+-+ [ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [getModuleFolder]: Module path: C:\Users\Sophia\Downloads
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Working Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Module Path: C:\Users\Sophia\Downloads
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: DB Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\DB
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Sqlite Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\sqlite3.dll
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Schema Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\scan_db.sql
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Component Info Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\component_info.cfg
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: iAU SDK Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\IAU_SDK.exe
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Backup DB Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\DB
[ (0)]
2012/04/23 19:57:08 GMT-07:00 5204:1952 00 E [Setting::init]: Backup Virus Path: C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\Virus
[ (0)]
2012/04/23 19:57:14 GMT-07:00 5204:1952 00 E [UpdateModuleIfNewer()]: CopyFile(C:\Users\Sophia\AppData\Local\Temp\RootkitBuster\tmcomm.sys,C:\Windows\system32\drivers\tmcomm.sys) fail:5 [ (0)]
2012/04/23 19:57:21 GMT-07:00 5204:1952 00 E [UpdateModuleIfNewer()]: Unable to copy driver to system32\drivers. The program will now terminate. Verify that you are logged in as an administrator and that the hard drive is not full, and then try again. [ (0)]
2012/04/23 19:57:22 GMT-07:00 5204:1952 00 E [TMRKB_DeInitMiniportAPI]: g_hRkbDevice:-1 [ (0)]
2012/04/23 19:57:22 GMT-07:00 5204:1952 00 E [TMRKB_DeInitializeRKB]: g_hRkbDevice:-1 [ (0)]
2012/04/23 19:57:24 GMT-07:00 5204:1952 00 E [WinAppDestructor()]: (Needn't waiting)bStopped=0 [ (0)]
2012/04/23 19:57:24 GMT-07:00 5204:1952 00 F [LogWritter_setEnable()]: -+-+-+ RootkitBuster-5.00.01050,2012/04/23 19:57:24 Turn OFF logging -+-+-+ [ (0)]

[Sophia L]

Thank you, CompCav. I don't think I have it. It may have been the one which crashed, or else it got erased. I do still have the application in Downloads so I could try and run it again, if you want me to.


Did a search everywhere, indexed and non-indexed locations... I think I might have to do my homework (from you) tomorrow after work. I still have to do some stuff tonight for my job tomorrow. So, if I don't get to it tonight - please forgive me, it's not for the lack of enthusiasm... Thanks again!

Edited by Sophia L, 06 May 2012 - 10:28 PM.

[Sophia L]

=============================================================================================================================================================== CompCav,thanks, I tried to do all this but as they say, "Houston, we have a problem!" Actually - we have two problems. ==============================================================================================================================================================================================================================================

• On the desktop click the My Computer icon
• Right click your main drive (I am on C) and select properties
• Select the tools tab
• Select error checking
• Place a tick in both boxes
• Press start
• You will get a warning that it needs to reboot to continue
• Allow it to do so

=========================================================================================================================================================================================

• 1.I followed your instructions. I didn't get a warning but rather it said that it cannot check the drive while in use and will do so next time I start the computer. I restarted the computer, it went to the HP screen. I clicked on esc.and it seemed like it was going to start, except a message came up saying CANNOT OPEN VOLUME FOR DIRECT ACCESS. WINDOWS HAS FINISHED CHECKING THE DISK. I did this twice - same result. I tried to go to F2 from the HP screen, but even though I can navigate in that page with the tab key, I can't get anything to happen because the "enter" key has been dead for a couple of days now.

Once completed go on to next step

Step 2.

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator


In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

• 2.This didn't work either. First - my black box didn't say C:\Windows\System32> like your picture shows. Mine said C:\Users\Administrator> ==========================Regardless, I typed sfc \scannow after "Administrator" but I cannot press enter, remember? I mean, I can press it but it doesn't respond. So... failure on both fronts...

========================================================================================================================================= Thanks.

After all this is completed could you update me on the problems being experienced

[CompCav]

Thank you for all the effort! We will get there, we need to run a disk check on this machine.

Try this:

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in C:\ and press ENTER
[*]Then at the C:\ prompt type chkdsk /r and press ENTER.
[*]We want to force a dismount so type Y and press ENTER
[*]Let check disk run to completion, it will take a while, then let the computer reboot and see if it boots normally.[/list]
Please update me after trying this.

If you cannot get to the Repair your computer screen, please let me know what operating system you have on the computer you are using

[Sophia L]

Thanks, ConpCav. You may have missed one thing I said a few times and the reason I type everything as a run-on sentence - I AM UNABLE TO PRESS ENTER. The ENTER key has been disabled somehow. I will try,of course, but it's not going to work, unless ENTER key comes back to life... Thanks.

[Sophia L]

Thanks for YOUR effort!
Well, I tried, got to F8 screen, but since I cannot press ENTER, all I could do is go up and down the menu. I tried my double-click or touchpad "trick" that sometimes works instead of ENTER, but it doesn't work in that screen. I've tried this before myself - it just doesn't wotk without the ability the press ENTER... Thanks. By the way, when I press ESC to exit that screen, it reboots...

[CompCav]

Is your keyboard wireless?

Do you have another keyboard to try?

[CompCav]

There is an alternate key combination for ENTER

Try holding down the Ctrl key and press m


If it works let me know and I will remind you to use it in any future instructions.


Ctrl+M

[Sophia L]

Thanks,CompCav. I'll try CTL+M. Are you an "aggregate" of more than one person? You asked me about the computer and I told you it was an HP Pavilion laptop. How can a laptop keybord be wireless?... Thanks! Going to try now.

[Sophia L]

Thanks!

Got into command prompt window. Multiple ines are running in it and the prompt (all lines) look like this:

X:\windows\system32>

I am unable to backspace it, and there is no C prompt. I typed C:\ after it, which looks like:

X:\windows\system32>C:\

the result - ACCESS DENIED

Same after trying a few times...

Thanks.