04-10-2012 05:45 PM - edited 04-10-2012 05:46 PM
booted computer, logged in got theses errors google installer has stopped working
i ran aswMBR it advised me to download virus definitions but i forgot to unblock network in trend so
first file is without virus def. download.
Second run of aswMBR is after it downloaded virus definitions also while it was updating i had these errors
Malware warned to quarantine "c:\windows\svchost.exe trojan agent Windows media player has stopped working
***note Anti-Malware and Trend were both running during this.***
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 17:09:53 -----------------------------
17:09:53.384 OS Version: Windows x64 6.0.6002 Service Pack 2
17:09:53.385 Number of processors: 2 586 0x1706
17:09:53.385 ComputerName: HOMEULTIMATE-PC UserName:
17:09:53.916 Initialize success
17:10:32.997 AVAST engine download error: 0
17:11:07.544 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
17:11:07.545 Disk 0 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 6
17:11:07.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
17:11:07.548 Disk 1 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 6
17:11:07.549 Device \Driver\nvstor64 -> MajorFunction fffffa80060925c4
17:11:07.551 Disk 0 MBR read successfully
17:11:07.552 Disk 0 MBR scan
17:11:07.554 Disk 0 Windows VISTA default MBR code
17:11:07.564 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 2048
17:11:07.579 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 122882048
17:11:07.599 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 28473 MB offset 430082048
17:11:07.624 Disk 0 scanning C:\Windows\system32\drivers
17:11:16.717 Service scanning
17:11:19.033 Service GMSIPCI I:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:11:26.107 Modules scanning
17:11:26.110 Disk 0 trace - called modules:
17:11:26.114 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80060925c4]<<hal.dll 17:11:26.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6a730]
17:11:26.119 3 CLASSPNP.SYS[fffffa600120fc33] -> nt!IofCallDriver -> [0xfffffa8004896c20]
17:11:26.121 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80048cf9e0] 17:11:26.124 \Driver\nvstor64[0xfffffa8005f89ad0] -> IRP_MJ_CREATE -> 0xfffffa80060925c4
17:11:26.126 Scan finished successfully
17:12:59.487 Disk 0 MBR has been saved successfully to "J:\Computer fix 04-06-2012\aswMBR\MBR.dat" 17:12:59.533 The log file has been saved successfully to "J:\Computer fix 04-06-2012\aswMBR\aswMBR_first run.txt"
---Second run--- aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 17:13:21 -----------------------------
17:13:21.616 OS Version: Windows x64 6.0.6002 Service Pack 2
17:13:21.616 Number of processors: 2 586 0x1706
17:13:21.616 ComputerName: HOMEULTIMATE-PC UserName:
17:13:21.958 Initialize success
17:17:38.265 AVAST engine defs: 12041002
17:19:08.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
17:19:08.786 Disk 0 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 6
17:19:08.791 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000060
17:19:08.793 Disk 1 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 6
17:19:08.795 Device \Driver\nvstor64 -> MajorFunction fffffa80060925c4
17:19:08.797 Disk 0 MBR read successfully
17:19:08.799 Disk 0 MBR scan
17:19:08.802 Disk 0 Windows VISTA default MBR code
17:19:08.863 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 2048
17:19:08.886 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 122882048
17:19:08.957 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 28473 MB offset 430082048
17:19:09.103 Disk 0 scanning C:\Windows\system32\drivers
17:19:44.235 Service scanning
17:19:49.569 Service GMSIPCI I:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:20:04.647 Modules scanning
17:20:04.650 Disk 0 trace - called modules:
17:20:04.654 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80060925c4]<<hal.dll 17:20:04.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6a730]
17:20:04.659 3 CLASSPNP.SYS[fffffa600120fc33] -> nt!IofCallDriver -> [0xfffffa8004896c20]
17:20:04.661 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80048cf9e0] 17:20:04.664 \Driver\nvstor64[0xfffffa8005f89ad0] -> IRP_MJ_CREATE -> 0xfffffa80060925c4
17:20:05.441 AVAST engine scan C:\Windows
17:20:09.406 AVAST engine scan C:\Windows\system32
17:24:36.555 AVAST engine scan C:\Windows\system32\drivers
17:24:47.981 AVAST engine scan C:\Users\Home Ultimate 01
17:25:59.315 AVAST engine scan C:\ProgramData
17:26:50.301 Scan finished successfully
17:27:51.668 Disk 0 MBR has been saved successfully to "J:\Computer fix 04-06-2012\aswMBR\MBR.dat" 17:27:51.712 The log file has been saved successfully to "J:\Computer fix 04-06-2012\aswMBR\aswMBR_second run.txt"
So i still have some questions about Trend and Malware running at the same time is that okay? or should i shut one or the other down? i dont know if they will conflict with each other or not.
okay thank you agian and i wait for the next instructions.
04-10-2012 10:56 PM
I would suggest a rescue disk now as your issues point me thats the way to check for malware.....
STEP 2: Burn the Image to a Disc
In order to create a bootable disk you need to use an application to burn that ISO image file to an optical disk,we prefer using ImgBurn, but there’s plenty of ways to burn an ISO to a disc.
Note: It is strongly recommended to record the disk with minimum available speed. Otherwise, it can cause record errors.
STEP 3: Configure the computer to boot from CD-ROM
Use the Delete or F2 keys, to load the BIOS menu. The keys F1, F10, F11, F12 might be used for some motherboards, as well as the following key combinations:
Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:
Kaspersky USB Rescue Disk is ready for work. You can boot a computer from it and start the system scan.
STEP 4:Boot your computer from Kaspersky Rescue Disk
STEP 5: Scan your system with Kaspersky Rescue Disk
You have now successfully booted your system from Kaspersky Rescue Disk and you will be presented with the Kaspersky Rescue Disk interface.In order to perform a system scan please follow the below steps.
04-16-2012 07:31 PM
Sorry for the delay in getting back to you.
I did as instructed and this is what was found.
I was not given the option to delete.
I was only allowed to quarentine the file.
After which i rebooted and the svc hoost etc failures stopped.
The OP sys booted much faster.
I did not get any redirects so far.
So at this point i am not sure if everything is fine or not but it seems to be.
I would really like to know if its in my best interest to invest into some of the programs you have had me use.
I would really like some opinions of how to better setup my system to best avoid this in the future.
of the programs you had me use can i run :
and trend all at the same time or will there be conflics between them?
Please advise me as to what you think my next move might be and if you think the problem is solved.
Thank you very much for your time and help with this issue, many many thanks
04-17-2012 01:00 AM - edited 04-17-2012 01:01 AM
Hi lets ensure u are clean so far...also lets fix your PC unstablility
Download the latest version of TDSSKiller from here and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Download Windows Repair (all in one) from here:
Install the program then run
Go to step 2 and allow it to run Disc check
Once that is done then go to step 3 and allow it to run SFC
On the start repairs tab select advanced mode and click start
Select all the items given and tick restart system when finished then click Start
04-18-2012 04:09 PM
Here is the file requested.
I was not able to monitor the windows repair utility once it was running, when I got back it had rebooted the computer
so I can only assume it has done its job.
I haven't seen anything abnormal at this time.
Thank you very much for your efforts.
04-18-2012 11:02 PM - edited 04-18-2012 11:03 PM
Re-run TDSSKiller adn when select delete for the following results and attach the fresh log:
\Device\Harddisk0\DR0 ( TDSS File System )
04-19-2012 04:56 PM
I was a bit confused about how much to edit so i am attaching the Unmodified file and the one i edited.
The one i edited there were two lines i removed.
If i did it wrong let me know and i will try agian.
Also the program updated before running to a new version.
Hope this helps.
Thank you very much
04-19-2012 10:37 PM
i meant to re-run TDSSKiller ans select delete for TDSS File system and attach the new log.
04-20-2012 07:50 PM
Okay i updated TDSSKiller to current and re-ran it when it was done i left the top two on skip and choose delete for the TDS file system, the one i believe you wanted me to select delete on.
Here is the log file for you, let me know if its what you wanted.
Thank you agian.
04-20-2012 10:56 PM
How is the computer running??
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button.
•Accept any security warnings from your browser.
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt