Hello Forum,
I have something wrong with this computor. I was told it had Vundo on it along with some PUP. My son tried to clean it up using CCleaner, Malwarebyte, and something called Hitman and allowed these programs to fix it. The system became unstable so he did a restore.
Here is the DDS along with aswMDR
DS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by EMachUser at 15:31:23 on 2013-11-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.94 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\EMachUser\AppData\Local\NexGenMediaPlayer\NexGenMediaPlayerApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T5062
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Swift Browse: {808dc83c-d35b-4fba-a5b5-9a52103204df} - c:\program files\swift browse\SwiftBrowsebho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
StartupFolder: c:\users\emachu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexgen~1.lnk - c:\users\emachuser\appdata\local\nexgenmediaplayer\NexGenMediaPlayerApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{D122C78F-1EB5-4E6F-B163-D2F3CBC3B553} : DHCPNameServer = 68.94.156.1 68.94.157.1
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 txtidwow;txtidwow;c:\windows\system32\drivers\txtidwow.sys [2011-7-13 43520]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-25 202296]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-29 29744]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2013-11-01 20:09:26 388096 ----a-r- c:\users\emachuser\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-11-01 20:09:17 -------- d-----w- c:\program files\Trend Micro
2013-11-01 15:50:17 7796464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fcb1166-dd61-4201-b42c-a66ff18f6395}\mpengine.dll
2013-10-31 15:34:34 -------- d-----w- C:\564c0b1906d847d402cfc34485e17a
2013-10-31 15:27:38 -------- d-----w- C:\72018930be9e0dffa9df21
2013-10-31 04:11:26 -------- d-----w- c:\programdata\HitmanPro
2013-10-30 14:02:07 -------- d-----w- c:\users\emachuser\appdata\roaming\Malwarebytes
2013-10-30 14:01:10 -------- d-----w- c:\programdata\Malwarebytes
2013-10-30 14:00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-10 20:45:17 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-10 20:44:58 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-10-10 20:44:28 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-10 20:44:28 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 20:44:28 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-10 20:44:28 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-10 20:44:27 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-10 20:44:27 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-10 20:44:25 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-10 20:44:23 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 20:42:39 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-10 20:42:35 532480 ----a-w- c:\windows\system32\comctl32.dll
.
==================== Find3M ====================
.
2013-10-10 18:49:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 18:49:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 19:35:12 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-27 02:47:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-08-27 01:52:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-08-27 01:28:35 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 15:34:19.01 ===============
version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 15:49:14
-----------------------------
15:49:14.626 OS Version: Windows 6.0.6002 Service Pack 2
15:49:14.626 Number of processors: 1 586 0x5F02
15:49:14.626 ComputerName: FRONTDESK UserName: EMachUser
15:49:32.110 Initialze error C000010E - driver not loaded
15:49:32.303 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
16:01:39.432 AVAST engine defs: 13110201
16:03:05.773 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-01 16:06:39
-----------------------------
16:06:39.213 OS Version: Windows 6.0.6002 Service Pack 2
16:06:39.213 Number of processors: 1 586 0x5F02
16:06:39.213 ComputerName: FRONTDESK UserName: EMachUser
16:06:43.003 Initialize success
16:18:56.145 AVAST engine defs: 13110201
16:34:45.656 The log file has been saved successfully to "C:\Users\EMachUser\Desktop\aswMBR.txt"