Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I don't know what I have, it's malware please read! [Solve

Started by Bigbug12 , Nov 20 2012 06:44 PM

  • This topic is locked This topic is locked

#16
Bigbug12
Posted 30 November 2012 - 08:59 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi
I know that some thing had control of my computer!! Like I said it would not let me go into Save Mode!! Also it would not let me do a Clean install!!! It was inbaded in Windows!! When I tried to do a clean install it would not let me boot from CD it would start in Windows and then it would say want to boot from CD. Also when re installing Windows! In installation after formatting I would have say C: 49489 and Free space would say (49364) It controlled the 125 some megabytes it would not let me format those megabytes!! It had some information in those 125 megabytes. When reinstalled it would act exactly as before!!
I would not be able to go into save mode, computer acted the same as before. I'm sorry that you where not able to find out what it was. The thing is it still moves the typing around!!!! It still feels like there is something on here!!!

I ran the test and it comes up negative. I have AVG Free and Malwarebytes on the computer. I ran update on AVG and it went up to 60% and stopped and said update complete, I restarted update and it starts and goes up to 15% and then says update complete! Usually it would say no new updates available, but it does not and every time I run update it does the same thing!! It is acting FUNNY! I'm going to have to keep my eye on it! When I get a chance I'm going to go into Save mode and run AVG and Malwarebytes! Also I will find out if I can go into Save mode!! Thank you Walt
  • 0

Advertisements

#17
Bigbug12
Posted 30 November 2012 - 11:14 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Jasmyne we have a problem!! The Son of a [bleep] still has a hold of my Computer!! In the set up the hard drive still has a + in front of it!! order is CD then +HDD. Also when I went into Save Mode it starts in Windows screen and also the Recyling Bin was on the Desktop!! Could it be in Dos or in BIOS?? When I reformatted the partitions 1 megabyte was let in every partition that was not FREE! Is that enough space to put information in?? The Inspiron with Windows XP seems to be OK?!? I think?!? Pleas put your thinking cap on!! We are still looking for Thing!!Thank you Walt
  • 0

#18
Jasmyne
Posted 30 November 2012 - 12:13 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I'm discussing possible issues with my instructor, could you please post the results from the ESET scan and run a new OTL Scan?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under Extra Registry choose Use Safelist
  • Then click the Run Scan button at the top
  • When the scan completes, it will open two notepad files, OTL.Txt and Extras.txt. It will be saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, and post them in your topic

  • 0

#19
Jasmyne
Posted 30 November 2012 - 12:16 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Also, can you please open Disc Management and post a screenshot of all partitions?
  • 0

#20
Bigbug12
Posted 30 November 2012 - 06:25 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Jasmyne
Ran OTL an EST But I don't know where to find the Disk Manager or the EST Report.
OTL Extras logfile created on: 11/30/2012 1:23:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Walt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.77% Memory free
6.13 Gb Paging File | 4.90 Gb Available in Paging File | 79.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126.80 Gb Total Space | 87.09 Gb Free Space | 68.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.90 Gb Free Space | 98.99% Space Free | Partition Type: NTFS
Drive E: | 161.13 Gb Total Space | 27.37 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive G: | 246.72 Mb Total Space | 74.12 Mb Free Space | 30.04% Space Free | Partition Type: FAT

Computer Name: WALT-PC | User Name: Walt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C776AA4-E880-4363-B4CA-7C4BE2C878FF}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{0EEA067F-0D30-445C-9113-CC72F1AA2E9F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{2EEA76A9-D729-4FB0-BE15-1B323F346B69}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{3ABBAA8F-AA70-4F9F-9069-916BD92295B4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{6ACFD28D-BA88-467B-B15F-684B74EAF61A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{6EF97CBF-0D17-4627-A149-A32B109FADD9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{876172F5-F6CC-406C-95B7-4A4CAE880BFA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{A5F25280-222F-4719-9458-17C990989C49}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{BF248BEE-F03C-43E8-B773-45A3C021668E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{DE5C16C3-50E6-42FD-9117-3F2E263FD793}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{F1900215-7CC2-42C6-8C7F-0A16E02C0635}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBD41DA9-D486-4596-ABF0-36234B3390BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{FE25CB9B-C374-4FD0-9BCD-31BC03A4C9C8}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65E4B9D4-D276-B3BF-51E7-800D2ADFEB08}" = ATI Catalyst Install Manager
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5CC15D-BA72-431B-A676-0FE5F2513178}" = AVG 2013
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}" = Intel® PROSet/Wireless WiFi Driver
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"Canon iP4700 series User Registration" = Canon iP4700 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"DealCabby" = DealCabby
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox Packages" = Mozilla Firefox Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2012 3:47:32 PM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/29/2012 3:54:41 PM | Computer Name = Walt-PC | Source = VSS | ID = 8194
Description =

Error - 11/29/2012 8:34:41 PM | Computer Name = Walt-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/29/2012 8:37:37 PM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2012 9:31:21 AM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2012 11:57:38 AM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2012 11:57:48 AM | Computer Name = Walt-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/30/2012 12:50:16 PM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2012 1:16:57 PM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/30/2012 4:39:40 PM | Computer Name = Walt-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/30/2012 5:19:19 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:19:34 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:19:39 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:20:23 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:20:28 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:21:07 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:21:50 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:22:05 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:22:20 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/30/2012 5:23:04 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >
  • 0

#21
Jasmyne
Posted 30 November 2012 - 07:17 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
The ESET Scan should be located at C:\Program Files\EsetOnlineScanner\log.txt. The log you posted is the Extras.txt from the OTL log scan, can you also post the OTL.txt log that was also created? (It should be located on your desktop)

To access Disk Management:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Maintenance link.
    Note: If you're viewing the Classic View of Control Panel, you won't see this link. Just double-click on the Administrative Tools icon and skip to Step 4.
  • In the System and Maintenance window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left.
    Disk Management should appear on the right side of the Computer Management window after just a few seconds of loading.
    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of Storage.

Then you should be able to take screenshots of your partitions. :)
  • 0

#22
Bigbug12
Posted 30 November 2012 - 08:02 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Jasmyne
I'm a novice! How do I do a print screen? I held shift, Cntr, Alt and Print screen and nothing happened?? Also I tried opening drive D: and their is only Boot $ Recycle Bin need more information. Sorry Thanks Walt Or would want me to delete all the other partitions?
  • 0

#23
Jasmyne
Posted 30 November 2012 - 08:53 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Bigbug12,

To make a screen shot you can do one of two things:

  • If you go Start > All Programs > Accessories
    You will find the snipping tool which you can use to make a screenshot.
    Snipping Tool.jpg
  • If you don't have or unable to use the snipping tool, press the Print Screen button then open the Windows Paint program and then Paste (Ctrl-V) and that should paste it into the file. :)

For right now just post the scan logs & the screenshots. Whenever you make changes to your system, it leaves us having to re-do things to try to chase down the problem.

Jasmyne
  • 0

#24
Bigbug12
Posted 01 December 2012 - 10:48 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
HI Jasmyne
This is the second time that I'm typing a message to you! It ereased the first message!! Poof!! I'm getting frustrated wit this Malware! How can we eliminate this Malware so I can do a clean install please, there is nothing worth saving on this Computer and I don't care about the other partitions if we could eliminate them would be OK we me. All I have is Norton Partition Magic with will not work on Vista. Please we are looking in the wrong place I personally thing it is in the Windows program!!! And if it's written information in Windows there is no Malware program that will find it. And it seems like it is adopting to what we are doing and changing!! This thing is getting the better of me. Has any one else had some thing like this on there Computer?? Frustrated Walt Thank you
I tried to do a Fresh install and it will not let me like before!!!!
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 12/01/2012 06:05:07 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/01/2012 06:05:15 AM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

ComboFix 12-12-01.01 - Walt 12/01/2012 6:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.2068 [GMT -8:00]
Running from: G:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 14:19 . 2012-12-01 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 13:24 . 2012-12-01 13:24 -------- d-----w- c:\program files\Symantec
2012-12-01 04:03 . 2012-12-01 04:03 -------- d-----w- c:\programdata\MediaDirect
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-29 15:38 . 2012-11-29 15:38 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-11-29 15:37 . 2012-11-29 15:38 -------- d-----w- c:\program files\QuickTime
2012-11-29 15:37 . 2012-11-29 15:37 -------- d-----w- c:\programdata\Apple Computer
2012-11-29 15:35 . 2012-11-29 19:55 -------- d-----w- c:\programdata\ArcSoft
2012-11-29 15:35 . 2012-11-29 15:35 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-11-29 15:35 . 2012-11-29 15:35 -------- d-----w- c:\program files\ArcSoft
2012-11-29 15:32 . 2012-11-29 15:33 -------- d-----w- c:\program files\Common Files\Kodak
2012-11-29 15:32 . 2008-03-11 03:18 422400 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-11-29 15:30 . 2012-11-29 15:34 -------- d-----w- c:\program files\Kodak
2012-11-29 15:28 . 2012-11-29 15:38 -------- d-----w- c:\programdata\Kodak
2012-11-29 05:27 . 2012-11-29 05:27 -------- d--h--w- c:\programdata\CanonBJ
2012-11-29 05:27 . 2009-03-24 13:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1.DLL
2012-11-29 05:27 . 2009-03-24 13:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1.DLL
2012-11-29 05:27 . 2012-11-29 05:27 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-11-29 05:27 . 2009-03-24 13:00 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2012-11-29 05:27 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA1.DLL
2012-11-29 05:25 . 2012-11-29 05:29 -------- d-----w- c:\program files\Canon
2012-11-29 02:29 . 2012-11-29 02:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-29 02:29 . 2012-11-29 02:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-29 02:29 . 2012-11-29 02:29 -------- d-----w- c:\windows\system32\Macromed
2012-11-29 00:20 . 2012-11-29 00:20 -------- d-----w- c:\program files\Microsoft FrontPage
2012-11-28 20:07 . 2012-11-28 20:07 -------- d-----w- c:\users\Tania
2012-11-28 20:03 . 2012-11-28 20:03 -------- d-----w- c:\program files\Common Files\Skype
2012-11-28 20:03 . 2012-11-28 20:03 -------- d-----r- c:\program files\Skype
2012-11-28 20:03 . 2012-11-28 20:03 -------- d-----w- c:\programdata\Skype
2012-11-28 16:01 . 2012-11-28 16:01 -------- d-----w- c:\program files\ESET
2012-11-28 15:48 . 2012-11-28 15:48 -------- d-----w- c:\programdata\ATI
2012-11-28 15:47 . 2012-11-28 15:47 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-28 15:35 . 2012-11-28 15:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-28 15:17 . 2012-11-28 15:17 -------- d-----w- c:\programdata\Dell
2012-11-28 15:17 . 2012-12-01 04:03 -------- d-----w- c:\programdata\CyberLink
2012-11-28 15:17 . 2012-11-28 15:17 -------- d-----w- c:\program files\CyberLink
2012-11-28 15:17 . 2008-07-04 21:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-28 15:17 . 2008-07-04 21:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-28 15:17 . 2008-07-04 21:23 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2012-11-28 15:17 . 2008-07-04 21:23 89088 ----a-w- c:\windows\system32\atl71.dll
2012-11-28 15:17 . 2008-07-04 21:23 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-11-28 15:06 . 2012-11-28 15:06 -------- d-----w- c:\programdata\Malwarebytes
2012-11-28 15:06 . 2012-11-28 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-28 15:06 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 15:00 . 2012-11-28 15:01 -------- d-----w- c:\programdata\AVG2013
2012-11-28 15:00 . 2012-11-28 15:00 -------- d-----w- C:\$AVG
2012-11-28 14:59 . 2012-11-28 14:59 -------- d-----w- c:\program files\AVG
2012-11-28 14:57 . 2012-12-01 01:59 -------- d-----w- c:\programdata\MFAData
2012-11-28 14:57 . 2012-11-28 14:57 -------- d--h--w- c:\programdata\Common Files
2012-11-28 14:49 . 2012-11-28 14:49 -------- d-----w- c:\program files\Intel
2012-11-28 14:47 . 2012-12-01 13:23 -------- d-----w- c:\program files\Common Files\InstallShield
2012-11-28 14:47 . 2008-09-19 09:03 277440 ----a-w- c:\windows\system32\drivers\OA001Vid.sys
2012-11-28 14:47 . 2008-08-21 09:01 24576 ----a-w- c:\windows\system32\OA001Srv.exe
2012-11-28 14:47 . 2008-08-02 01:18 94208 ----a-w- c:\windows\CtDrvIns.exe
2012-11-28 14:47 . 2008-06-04 01:30 144672 ----a-w- c:\windows\system32\drivers\OA001Ufd.sys
2012-11-28 14:47 . 2008-04-15 09:01 53248 ----a-w- c:\windows\system32\OA001Pin.dll
2012-11-28 14:47 . 2008-04-15 09:01 32768 ----a-w- c:\windows\OA001Cfg.exe
2012-11-28 14:47 . 2007-12-21 09:00 31256 ----a-w- c:\windows\system32\OA001Pin.crl
2012-11-28 14:47 . 2007-06-08 09:00 148056 ----a-w- c:\windows\system32\drivers\OA001Afx.sys
2012-11-28 14:45 . 2008-02-16 02:01 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-11-28 14:45 . 2007-07-30 19:54 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-11-28 14:45 . 2007-07-30 18:42 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-11-28 14:45 . 2007-07-25 20:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-11-28 14:45 . 2004-09-04 11:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-11-28 14:45 . 2012-12-01 13:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-11-28 14:45 . 2012-11-28 14:45 -------- d-----w- C:\dell
2012-11-28 14:44 . 2012-11-28 15:17 -------- d-----w- c:\program files\Dell
2012-11-28 14:44 . 2012-11-28 14:44 -------- d-----w- c:\windows\system32\vmm32
2012-11-28 14:43 . 2012-12-01 13:25 -------- d-sh--w- c:\windows\Installer
2012-11-28 14:40 . 2012-11-29 15:34 -------- d-----w- c:\users\Walt
2012-11-28 14:38 . 2012-11-28 15:47 -------- d-----w- c:\windows\Debug
2012-11-28 14:29 . 2012-11-28 14:37 -------- d-----w- c:\windows\Panther
2012-11-28 14:28 . 2012-11-28 14:28 -------- d-----w- c:\windows\system32\OEM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 21:02 . 2012-10-22 21:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 11:48 . 2012-10-15 11:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 11:32 . 2012-10-05 11:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 11:30 . 2012-10-02 11:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 11:46 . 2012-09-21 11:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 11:46 . 2012-09-21 11:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 11:45 . 2012-09-21 11:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 11:05 . 2012-09-14 11:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-10-24 17:50 . 2012-11-28 15:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PQNTDRV
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
FF - ProfilePath - c:\users\Walt\AppData\Roaming\Mozilla\Firefox\Profiles\724763f2.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DealCabby - c:\users\Walt\AppData\Local\dealcabby\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 06:19
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-12-01 06:20:53
ComboFix-quarantined-files.txt 2012-12-01 14:20
.
Pre-Run: 91,931,639,808 bytes free
Post-Run: 91,912,474,624 bytes free
.
- - End Of File - - 4CCE6CE96C34A7B5D628819BA13F30E8
  • 0

#25
Jasmyne
Posted 01 December 2012 - 01:03 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Bigbug12,

There are reasons why we choose to use certain tools and a process of elimination we use. The RKill and ComboFix logs just posted were not the logs that were asked for. However, evaluation of the log you did post (which was also asked for in Post #3 and #9) shows what the problem is and could have prevented you the first format you performed would the log have been posted previously.

The good news is ALL the scans that have been run show that your system is malware free, the not so great news is that it appears that your BIOS needs to be updated.

We can see this error in the "System Events" area of the Extras log:

Error - 11/30/2012 5:23:04 PM | Computer Name = Walt-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


This error is occurring frequently enough (2-3 time a minute) that it is most likely the cause of the issues you are having which would also explain why after a complete reformat you are still having issues. This error indicates that Windows is having trouble communicating with your hardware.

Unlike regular Windows updates that you can simply run from Windows, BIOS updates must be done from outside of Windows and are very specific for your computer. BIOS updates are based on the specific line and model of your PC. Many times there can be different update for the same models of PC based on differences of the CPU, graphics card and operating systems. Also with some graphics cards you must update different drivers so that your graphics card will function after your BIOS is updated.

There are a lot of variables that play into getting the right update with the right patches to make sure your system will boot after the update. If any variable is incorrect your computer will NOT boot.

Any instructions we would give you would have to be followed exactly, and we have no crystal ball in which to be able to predict unexpected things that could happen in such a difficult update, which is why we would advise you to take your take your computer to a local repair shop to have this done where someone could do this for you. Also, they would be liable for making sure your computer was running properly in the end.

Any instruction we would give you would be like all other instructions and be entirely at your own risk. Please let us know how you'd like to proceed.
  • 0

Advertisements

#26
Bigbug12
Posted 01 December 2012 - 04:11 PM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Jasmyne
Here is where I'm at wit the Studio Vista I went in and did a fresh install and I closed all the other partitions and formatted the one that was left I also went in set up and in Advanced I disabled QuickBoot. When I started the computer it said no operating software so I restarted the computer with the Windows Disk and it started from the CD this time but when I tried to do fresh install it tells me that the BOOTMGR is missing. Also in where it asks where you want to install Windows " the partitions " Disk 0 Partition 2 112.6 Free is 112.5 ?? the difference also next partition Disk 0 Partition 3 184.4 Free space 184.3 ?? free space is less ?? also should it not say Partition 1 and 2 instead of 2 and 3 what heppend to partition 1??
Now I'm getting a message Windows is unable to find a system volume that meets its criteria for installation.
Trying to do a Fresh install see what happens!!
Also!!
""" In set up + HDD still has the + there so I don't think that I KILLED the Beast!! Am I right that it should not have a + before the HDD!! In set up CDDVD is in top possition with the second position being the +HDD so if I'm right I still have a MONSTER on my Computer. Also as I said it made a change in setup that's where in BIOS or DOS??? This should give you something to thing about!! How do I change it?? Thanks Walt
  • 0

#27
Jasmyne
Posted 02 December 2012 - 08:42 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
As I told you previously, BIOS on one of my home computers has the + in front of the Hard Drive (See post #13). This is normal with some systems.

The BOOTMGR error you are getting attempting to reinstall can mean many things but the most common are:
  • corrupt and misconfigured files
  • hard drive and operating system upgrade issues
  • corrupt hard drive sectors
  • an outdated BIOS
  • damaged or loose IDE cables

As stated in my last post, your scans are clean and there are NO SIGNS OF MALWARE on your computer. The error your are getting with the BOOTMGR yet again points to the need to update your BIOS.

Seeing as you never posted the requested screenshots of your partitions, it's difficult for us to determine what might have happened with them, but if you've deleted and formatted all partitions you shouldn't be getting multiple partition listings to choose for the re-install.

Also, now since you have the machine formatted and no longer booting we will be unable to direct you to get the specifications to even begin to attempt a BIOS update. This is one of the reasons why I stated previously that we have a reason why we do things the way we do them and that all instructions needed to be followed.
  • 0

#28
Bigbug12
Posted 02 December 2012 - 09:23 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi Jasmyne
I let sit and then it let me do a fresh install? I think!!
As far as the + HDD it should not boot with the CDDVD being primary Boot order!!! Am I right?? Yet it Boots!!

298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
I ran MBR and at the end it says to press enter to end IT"S frozen also ran Combofix will send report!! I'm on my Dell Inspiron. Thak you Walt
  • 0

#29
Bigbug12
Posted 02 December 2012 - 09:40 AM

Bigbug12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here is the information on MBR and Combofix. MBR I had to do a attechment it would not let copy!! Let me know what else you want me to do!! I will run EST when I find the link, but for now , I don't want to loose what I have here. Thanks Walt



ComboFix 12-12-01.02 - Walt 12/02/2012 7:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3036.1473 [GMT -8:00]
Running from: c:\users\Walt\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 15:11 . 2012-12-02 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 02:15 . 2012-12-02 02:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-02 02:15 . 2012-12-02 02:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-02 02:14 . 2012-12-02 02:14 -------- d-----w- c:\windows\system32\Macromed
2012-12-02 02:11 . 2012-12-02 02:11 -------- d-----w- c:\windows\system32\SPReview
2012-12-02 01:56 . 2012-12-02 01:56 -------- d-----w- c:\windows\system32\EventProviders
2012-12-02 01:43 . 2012-12-02 01:43 -------- d-----w- c:\program files\Common Files\Skype
2012-12-02 01:43 . 2012-12-02 01:43 -------- d-----r- c:\program files\Skype
2012-12-02 01:43 . 2012-12-02 01:43 -------- d-----w- c:\programdata\Skype
2012-12-02 01:41 . 2012-12-02 01:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-12-02 01:40 . 2012-12-02 01:40 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 01:40 . 2012-12-02 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-02 01:40 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 01:36 . 2012-12-02 01:36 -------- d-----w- c:\programdata\AVG2013
2012-12-02 01:36 . 2012-12-02 01:36 -------- d-----w- C:\$AVG
2012-12-02 01:35 . 2012-12-02 01:35 -------- d-----w- c:\program files\AVG
2012-12-02 01:33 . 2012-12-02 01:38 -------- d-----w- c:\programdata\MFAData
2012-12-02 01:33 . 2012-12-02 01:33 -------- d--h--w- c:\programdata\Common Files
2012-12-02 01:28 . 2012-12-02 01:28 -------- d-----w- c:\programdata\Dell
2012-12-02 01:28 . 2012-12-02 01:28 -------- d-----w- c:\programdata\CyberLink
2012-12-02 01:27 . 2012-12-02 01:27 -------- d-----w- c:\program files\CyberLink
2012-12-02 01:27 . 2008-07-04 21:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-02 01:27 . 2008-07-04 21:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-02 01:27 . 2008-07-04 21:23 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2012-12-02 01:27 . 2008-07-04 21:23 89088 ----a-w- c:\windows\system32\atl71.dll
2012-12-02 01:27 . 2008-07-04 21:23 1060864 ----a-w- c:\windows\system32\MFC71.dll
2012-12-02 01:14 . 2012-12-02 01:14 -------- d-----w- c:\windows\CtDrvInstall
2012-12-02 01:14 . 2012-12-02 01:14 76 --sh--r- c:\windows\CT4CET.bin
2012-12-02 01:14 . 2012-12-02 01:14 -------- d-----w- c:\program files\Creative
2012-12-02 01:14 . 2012-12-02 01:14 -------- d-----w- c:\program files\Common Files\Reallusion
2012-12-02 01:13 . 2012-12-02 01:13 -------- d-----w- c:\program files\Dell Webcam
2012-12-02 01:13 . 2012-12-02 01:13 -------- d-----w- c:\program files\Creative Live! Cam
2012-12-02 01:10 . 2012-12-02 01:10 -------- d-----w- c:\programdata\ATI
2012-12-02 01:09 . 2012-12-02 01:09 0 ----a-w- c:\windows\ativpsrm.bin
2012-12-02 01:04 . 2012-12-02 01:06 -------- d-----w- c:\program files\ATI Technologies
2012-12-02 01:04 . 2012-12-02 01:04 -------- d-----w- c:\program files\ATI
2012-12-02 00:57 . 2012-12-02 00:57 -------- d-----w- c:\program files\Intel
2012-12-02 00:11 . 2012-12-02 00:11 -------- d-----w- c:\program files\Common Files\InstallShield
2012-12-02 00:11 . 2008-09-19 09:03 277440 ----a-w- c:\windows\system32\drivers\OA001Vid.sys
2012-12-02 00:11 . 2008-08-21 09:01 24576 ----a-w- c:\windows\system32\OA001Srv.exe
2012-12-02 00:11 . 2008-08-02 01:18 94208 ----a-w- c:\windows\CtDrvIns.exe
2012-12-02 00:11 . 2008-06-04 01:30 144672 ----a-w- c:\windows\system32\drivers\OA001Ufd.sys
2012-12-02 00:11 . 2008-04-15 09:01 53248 ----a-w- c:\windows\system32\OA001Pin.dll
2012-12-02 00:11 . 2008-04-15 09:01 32768 ----a-w- c:\windows\OA001Cfg.exe
2012-12-02 00:11 . 2007-12-21 09:00 31256 ----a-w- c:\windows\system32\OA001Pin.crl
2012-12-02 00:11 . 2007-06-08 09:00 148056 ----a-w- c:\windows\system32\drivers\OA001Afx.sys
2012-12-02 00:07 . 2008-02-16 02:01 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-12-02 00:07 . 2007-07-30 19:54 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-12-02 00:07 . 2007-07-30 18:42 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-12-02 00:07 . 2007-07-25 20:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-12-02 00:07 . 2004-09-04 11:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-12-02 00:07 . 2012-12-02 01:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-12-02 00:07 . 2012-12-02 00:07 -------- d-----w- C:\dell
2012-12-02 00:05 . 2012-12-02 01:27 -------- d-----w- c:\program files\Dell
2012-12-02 00:05 . 2012-12-02 00:05 -------- d-----w- c:\windows\system32\vmm32
2012-12-01 23:50 . 2012-12-01 23:50 -------- d-----w- c:\program files\Microsoft FrontPage
2012-12-01 23:46 . 2012-12-02 01:44 -------- d-sh--w- c:\windows\Installer
2012-12-01 22:43 . 2012-12-02 01:15 -------- d-----w- c:\users\Walt
2012-12-01 22:41 . 2012-12-02 01:10 -------- d-----w- c:\windows\Debug
2012-12-01 22:20 . 2012-12-01 22:29 -------- d-----w- c:\windows\Panther
2012-12-01 22:20 . 2012-12-01 22:20 -------- d-----w- C:\Boot
2012-12-01 22:19 . 2012-12-01 22:19 -------- d-----w- c:\windows\system32\OEM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 21:02 . 2012-10-22 21:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 11:48 . 2012-10-15 11:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 11:32 . 2012-10-05 11:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 11:30 . 2012-10-02 11:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 11:46 . 2012-09-21 11:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 11:46 . 2012-09-21 11:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 11:45 . 2012-09-21 11:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 11:05 . 2012-09-14 11:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-10-24 17:50 . 2012-12-02 01:41 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSDRIVER
*NewlyCreated* - AVGIDSSHIM
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGRKX86
*NewlyCreated* - AVGTDIX
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
FF - ProfilePath - c:\users\Walt\AppData\Roaming\Mozilla\Firefox\Profiles\evp6swhe.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 07:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\Dell\MediaDirect\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4932)
c:\windows\system32\ieframe.dll
.
Completion time: 2012-12-02 07:12:55
ComboFix-quarantined-files.txt 2012-12-02 15:12
.
Pre-Run: 96,677,154,816 bytes free
Post-Run: 96,637,833,216 bytes free
.
- - End Of File - - C3FF5F5B97BCDBCA32A6A010C5FA5FF5
  • 0

#30
Jasmyne
Posted 02 December 2012 - 10:15 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
If the boot order is

CDDVD
+ Hard Drive

It will check for boot information from the CD first, then move on to the Hard Drive if no boot information is found on the CD.

As I stated in Post #25 and again in Post #27 the issue with your system is an outdated BIOS. There are not any scans you can run that will fix this problem. You can reformat the computer multiple times and it will not help! Our recommendation is that you take the computer to a local repair shop.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP