Ok, so I have been having this problem for a few days now. When I turn my computer on, once it gets to the desktop, it pops up that it wants to open svchost.exe but it has an unsigned driver or a unauthorized signature. Can't rightly remember which. I will post back with the exact error. Whether I hit ok or cancel , it will pop up two more times. If I keep hitting OK it will go on after that, if I hit cancel windows pops up saying "Svchost.exe has stopped working" and tries to find a solution, which it never does. I am running McAfee Total Protection and everything is up to date, as a matter of fact it just updated again when I started typing this. Here is a HiJackThis log, if it helps any... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:08:46 PM, on 6/12/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe c:\PROGRA~2\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\DNA\btdna.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\distnoted.exe c:\PROGRA~2\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> 'Full Speed' Enabled <<< R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files (x86)\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [cdloader] "C:\Users\Cody\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe" O4 - HKCU\..\Run: [WinUpdate] C:\Users\Cody\AppData\Local\Windows Update\scvhost.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EHYU206O\ROTATE~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\V6T1B93W\SI5AC2~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EHYU206O\TCODEB~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R2BGHADS\AIMRAD~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\THW2I4BE\TCODEW~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\THW2I4BE\SIEC90~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\V6T1B93W\AIM_UA~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R2BGHADS\INDIA_~1.SH! c:\users\cody\appdata\local\temp\HSPERF~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZTVHFCIA\IMSETT~2.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\PXVOCBKX\TCODEB~1.SH! C:\Users\Cody\App O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EHYU206O\ROTATE~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\V6T1B93W\SI5AC2~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\EHYU206O\TCODEB~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R2BGHADS\AIMRAD~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\THW2I4BE\TCODEW~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\THW2I4BE\SIEC90~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\V6T1B93W\AIM_UA~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R2BGHADS\INDIA_~1.SH! c:\users\cody\appdata\local\temp\HSPERF~1.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZTVHFCIA\IMSETT~2.SH! C:\Users\Cody\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\PXVOCBKX\TCODEB~1.SH! C:\Users\Cody\App O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: McAfee Application Installer Cleanup (0181131239911356) (0181131239911356mcinstcleanup) - Unknown owner - C:\Windows\TEMP\018113~1.EXE (file missing) O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files (x86)\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe (file missing) O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15047 bytes And I would have just used the log analyzer but computers miss things and tell you that good things are bad so I like human eyes to tell me something too....that and it wouldn't let me analyze my log, something about html tags in the log. Many thanks in advance for any help received.
Fix entries using HiJackThis Launch HiJackThis Click the Do a system scan only button Put a check next to the entries listed below (if they still remain) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKCU\..\Run: [WinUpdate] C:\Users\Cody\AppData\Local\Windows Update\scvhost.exe O23 - Service: McAfee Application Installer Cleanup (0181131239911356) (0181131239911356mcinstcleanup) - Unknown owner - C:\Windows\TEMP\018113~1.EXE (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now Click the Fix checked button and close HiJackThis Using Windows Explorer, navigate to and delete the following Folder: C:\Users\Cody\AppData\Local\Windows Update Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Post the MBAM Log and a fresh HJT Log in your reply.. 2oG
I did what you said, now my computer will not boot up into Vista. I had to boot into windows 7. The first time I tried to boot into windows it froze up, the second time it flashed the BSOD before shutting down. Flashed really quick so I couldn't get any errors off of it. Third time it froze again. It had found three errors. Malwarebytes' Anti-Malware 1.37 Database version: 2270 Windows 6.0.6001 Service Pack 1 6/12/2009 11:55:04 PM mbam-log-2009-06-12 (23-54-55).txt Scan type: Full Scan (C:\|D:\|F:\|) Objects scanned: 370644 Time elapsed: 1 hour(s), 48 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\kr_done1 (Malware.Trace) -> No action taken. I notice it says no action taken although I told it to repair/delete infected.
Are you running a dual boot with Win7?? This HJT line shows that you had a Backdoor Trojan that has apparently done a lot of damage: O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=21210 Note that the file is missing but, the service is still on your machine… I was hoping that MBAM would find it and take care of the service but all it found were some Traces.. This copy of scvhost.exe was apparently corrupt…. That’s why we removed it. O4 - HKCU\..\Run: [WinUpdate] C:\Users\Cody\AppData\Local\Windows Update\scvhost.exe Sometimes Torrent files have a lot of malware, I see you use BitTorrent. P2P can be like playing Russian roulette with 5 bullets in your gun. lol Do you have a recovery partition for your Vista? Why don’t you just do a full install of Win7? I have it on my main machine and on my wife’s laptop and we network through a wireless router… Love it! It’s good until mar 2010 and by then I’ll make the decision to maybe buy it.. I also have XP, Ubuntu and Vista image files that I go back and forth with. My motto is backup, backup, backup…. 2oG
I believe in backing up as well. I DID have everything backed up...but then my 2 year old knocked over my external HDD when it was writing and corrupted it. I've tried every program I can get my hands on and nothing can recover it. I'm waiting until I can get another one. Yes I have dual boot with Windows 7 that is running the McAfee Total Protection Beta. I got it to boot back into Vista. I ran a full system test and start-up test and everything came back good then it booted up fine. And I have BitTorrent, although I use it very rarely. I use newsgroups more than anything. Are they just as unsafe? So is there anything else I can try to get rid of the trojan? Or maybe McAfee already got rid of it and thats why MBAM only found traces?
You might try CHKDSK to repair the bad sectors on the drive with your Vista.. http://maximumpcguides.com/windows-vista/how-to-use-check-disk-in-windows-vista/ No guarantees.. Any P2P is dangerous.. I don’t like McAfee – use Avira Antivir. You didn’t say, do you have a recovery for your Vista? I would probably try Chkdsk and then install Win7. I have fallen in love with win7 even though I occasionally switch back to XP or Linux… My wife can get along with Vista but, I can’t… hate it! p phfft… 2oG
Yes, I do have a recovery partition for Vista. I also have a recovery disc. But no backup of all of my stuff. Is it safe to use two AV programs? I know its not to use two firewalls but don't know about the AV's. ChkDsk didn't do anything. I've ran it a few times. I think when he knocked over the HDD it scratched it or something because it doesn't even report having as much space as it should. Every recovery program I've used just says read error.
Never have 2 AV’s running at the same time. They butt heads. You can have more than one AV and use them for on-demand scans but not real-time scanning.. To salvage your data from the drive, before reformatting/reinstalling, check this out: http://www.shockfamily.net/cedric/knoppix/ 2oG
Here is another good Linux disk and Guide for recovery: Download a Linux Live Disk.iso it’s 695MB and will take a little time to download…. HERE! Download Imgburn to burn your .iso file to a CD-R… http://www.softpedia.com/get/CD-DVD-Tools/Data-CD-DVD-Burning/ImgBurn.shtml Use this guide to burn it.. http://forum.imgburn.com/index.php?showtopic=61 Use this guide to recover files from your downed HDD using the Linux Live disk.. http://lifehacker.com/software/disk-recovery/geek-to-live--rescue-files-with-a-boot-cd-192982.php 2oG
Thanks a lot, I'll give it a try probably Tuesday or Wed. as I work 12 hour night shifts so don't get a lot done from Saturday-Monday. I'll post back when I get a chance.
