View Full Version : Possible Malware attack
redwingsfan81
2011-12-13, 19:24
I have AVG installed, but as of this morning it does not allow me to access the interface. I have tried to uninstall it via control panel and that has not worked either. When I went to google to try and get to the AVG website this message occurred "C:\Progam Files\AVG\AVG2012\avgcfgx.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for support"
I thank you in advance for your kind help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Brian at 13:16:52 on 2011-12-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1708 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{79365D4C-DA64-427C-8B4F-06C08E0E2CDA} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-16 366152]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-8 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-16 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-13 17:58:46 -------- d-----w- c:\program files\iPod
2011-12-13 17:58:43 -------- d-----w- c:\program files\iTunes
2011-12-13 17:45:13 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-03 21:45:04 -------- d-----w- c:\users\brian\appdata\local\{E432D8C2-10E4-486D-8F7F-1C4CDB64A02F}
2011-12-03 21:44:53 -------- d-----w- c:\users\brian\appdata\local\{268D0B4E-E013-4E1C-BDE0-328892BA93A2}
2011-12-03 19:25:45 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-12-03 19:25:45 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-03 19:25:45 153088 ----a-w- c:\windows\system32\xvid.ax
.
==================== Find3M ====================
.
2011-12-13 17:45:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 01:24:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 13:17:45.13 ===============
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.
Right click and Run as Administrator the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
----------
In your next reply please post the logs created by GMER and aswMBR. :)
redwingsfan81
2011-12-14, 02:43
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 20:22:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 Hitachi_HTS545025B9A300 rev.PB2OCA0G
Running: gmer.exe; Driver: C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9F8E6F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9F8E6FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9F8E7080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9F8E711C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EE6B74 4 Bytes [3C, 6F, 8E, 9F]
.text ntkrnlpa.exe!KeSetEvent + 621 81EE6DA4 8 Bytes [E4, 6F, 8E, 9F, 80, 70, 8E, ...] {IN AL, 0x6f; MOV DS, [EDI-0x60718f80]}
.text ntkrnlpa.exe!KeSetEvent + 681 81EE6E04 4 Bytes [1C, 71, 8E, 9F]
? C:\Users\Brian\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1168] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + 6 7744422A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtCreateFile + B 7744422F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 7744497A 1 Byte [28]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + 6 7744497A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtMapViewOfSection + B 7744497F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + 6 77444A0A 4 Bytes [68, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenFile + B 77444A0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + 6 77444A8A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcess + B 77444A8F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessToken + B 77444A9F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + 6 77444AAA 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenProcessTokenEx + B 77444AAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + 6 77444AFA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThread + B 77444AFF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + 6 77444B0A 4 Bytes [68, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadToken + B 77444B0F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtOpenThreadTokenEx + B 77444B1F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + 6 77444BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryAttributesFile + B 77444BAF 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtQueryFullAttributesFile + B 77444C5F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + 6 7744513A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationFile + B 7744513F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + 6 7744518A 4 Bytes [28, 02, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtSetInformationThread + B 7744518F 1 Byte [E2]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 1 Byte [68]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + 6 7744542A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe[1216] ntdll.dll!NtUnmapViewOfSection + B 7744542F 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
redwingsfan81
2011-12-14, 02:44
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-13 20:23:32
-----------------------------
20:23:32.310 OS Version: Windows 6.0.6002 Service Pack 2
20:23:32.310 Number of processors: 2 586 0x301
20:23:32.312 ComputerName: BRIAN-PC UserName: Brian
20:23:34.372 Initialize success
20:29:36.338 AVAST engine defs: 11121302
20:34:46.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
20:34:46.209 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OCA0G Size: 238475MB BusType: 3
20:34:48.268 Disk 0 MBR read successfully
20:34:48.284 Disk 0 MBR scan
20:34:48.284 Disk 0 unknown MBR code
20:34:48.690 Disk 0 scanning sectors +488390656
20:34:49.017 Disk 0 scanning C:\Windows\system32\drivers
20:35:20.327 Service scanning
20:35:21.638 Modules scanning
20:35:37.878 Disk 0 trace - called modules:
20:35:37.909 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:35:37.909 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d1a0e8]
20:35:37.925 3 CLASSPNP.SYS[8079d8b3] -> nt!IofCallDriver -> [0x8556a700]
20:35:38.441 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85560390]
20:35:39.503 AVAST engine scan C:\Windows
20:35:44.232 AVAST engine scan C:\Windows\system32
20:39:26.018 AVAST engine scan C:\Windows\system32\drivers
20:39:38.345 AVAST engine scan C:\Users\Brian
20:43:20.214 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
20:43:20.229 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"
Hi redwingsfan81,
Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
redwingsfan81
2011-12-14, 03:24
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 201):
0x81E3A000 \SystemRoot\system32\ntkrnlpa.exe
0x81E07000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\system32\drivers\isapnp.sys
0x80690000 \SystemRoot\system32\drivers\mpio.sys
0x806AC000 \SystemRoot\System32\drivers\partmgr.sys
0x806BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C8000 \SystemRoot\system32\drivers\volmgr.sys
0x806D7000 \SystemRoot\System32\drivers\volmgrx.sys
0x80721000 \SystemRoot\system32\drivers\intelide.sys
0x80728000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80736000 \SystemRoot\system32\drivers\pciide.sys
0x8073D000 \SystemRoot\system32\drivers\aliide.sys
0x80744000 \SystemRoot\system32\drivers\amdide.sys
0x8074B000 \SystemRoot\system32\drivers\cmdide.sys
0x80753000 \SystemRoot\System32\drivers\mountmgr.sys
0x80763000 \SystemRoot\system32\drivers\msdsm.sys
0x8077D000 \SystemRoot\system32\drivers\nvraid.sys
0x80798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B9000 \SystemRoot\system32\drivers\viaide.sys
0x89C02000 \SystemRoot\system32\drivers\iastorv.sys
0x89CA3000 \SystemRoot\system32\drivers\atapi.sys
0x89CAB000 \SystemRoot\system32\drivers\ataport.SYS
0x89CC9000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x89CE3000 \SystemRoot\system32\drivers\storport.sys
0x89D24000 \SystemRoot\system32\drivers\msahci.sys
0x89D2E000 \SystemRoot\system32\drivers\hpcisss.sys
0x89D39000 \SystemRoot\system32\drivers\adp94xx.sys
0x89DA3000 \SystemRoot\system32\drivers\adpahci.sys
0x807C1000 \SystemRoot\system32\drivers\adpu160m.sys
0x805D6000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x89E0C000 \SystemRoot\system32\drivers\adpu320.sys
0x89E32000 \SystemRoot\system32\drivers\djsvs.sys
0x89E46000 \SystemRoot\system32\drivers\arc.sys
0x89E5C000 \SystemRoot\system32\drivers\arcsas.sys
0x89E72000 \SystemRoot\system32\drivers\elxstor.sys
0x89F06000 \SystemRoot\system32\drivers\i2omp.sys
0x89F10000 \SystemRoot\system32\drivers\iirsp.sys
0x89F20000 \SystemRoot\system32\drivers\iteatapi.sys
0x89F2C000 \SystemRoot\system32\drivers\iteraid.sys
0x89F38000 \SystemRoot\system32\drivers\lsi_fc.sys
0x89F52000 \SystemRoot\system32\drivers\lsi_sas.sys
0x89F6A000 \SystemRoot\system32\drivers\megasas.sys
0x8A004000 \SystemRoot\system32\drivers\megasr.sys
0x8A0BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8A0C6000 \SystemRoot\system32\drivers\nfrd960.sys
0x8A0D4000 \SystemRoot\system32\drivers\nvstor.sys
0x8A20E000 \SystemRoot\system32\drivers\ql2300.sys
0x8A346000 \SystemRoot\system32\drivers\ql40xx.sys
0x8A39B000 \SystemRoot\system32\drivers\sisraid2.sys
0x8A3A8000 \SystemRoot\system32\drivers\sisraid4.sys
0x8A3BD000 \SystemRoot\system32\drivers\symc8xx.sys
0x8A3C9000 \SystemRoot\system32\drivers\sym_hi.sys
0x8A3D4000 \SystemRoot\system32\drivers\sym_u3.sys
0x8A0E1000 \SystemRoot\system32\drivers\uliahci.sys
0x8A3DF000 \SystemRoot\system32\drivers\ulsata.sys
0x8A11D000 \SystemRoot\system32\drivers\ulsata2.sys
0x8A149000 \SystemRoot\system32\drivers\vsmraid.sys
0x8A16A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A19C000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F74000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A40C000 \SystemRoot\system32\drivers\ndis.sys
0x8A517000 \SystemRoot\system32\drivers\msrpc.sys
0x8A542000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60D000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A808000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A918000 \SystemRoot\system32\drivers\wd.sys
0x8A920000 \SystemRoot\system32\drivers\volsnap.sys
0x8A959000 \SystemRoot\System32\Drivers\spldr.sys
0x8A961000 \SystemRoot\system32\drivers\sbp2port.sys
0x8A976000 \SystemRoot\System32\Drivers\mup.sys
0x8A985000 \SystemRoot\System32\drivers\ecache.sys
0x8A9AC000 \SystemRoot\system32\drivers\disk.sys
0x8A9BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A9C6000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A9CD000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8A9F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A712000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A71B000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A72A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A733000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A800000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8A746000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A751000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A805000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A781000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A9FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A78C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A794000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A79E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E28D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E2A5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E2AB000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8ED58000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8ED5A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E2F1000 \SystemRoot\System32\drivers\watchdog.sys
0x8F007000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F115000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F144000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F14F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F166000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F171000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F194000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F1A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F1B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F1CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E2FD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F1DE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F1E8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E327000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E35C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E36D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8E3A8000 \SystemRoot\system32\drivers\portcls.sys
0x8E3D5000 \SystemRoot\system32\drivers\drmk.sys
0x8A57D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5B8000 \SystemRoot\system32\drivers\modem.sys
0x8F5C5000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8F5D3000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F5E6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8A5BB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8A7EB000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F1F5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F000000 \SystemRoot\System32\Drivers\Null.SYS
0x8A7F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A5DC000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8A600000 \SystemRoot\System32\drivers\vga.sys
0x8A1AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A5E3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A5EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A5F3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A400000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A1CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A1E3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F608000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F64F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F681000 \SystemRoot\system32\drivers\afd.sys
0x8F6C9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F6DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F6ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F700000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F73C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F746000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F75D000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F794000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F7A1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F7AC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x996C0000 \SystemRoot\System32\win32k.sys
0x8F7B4000 \SystemRoot\System32\drivers\Dxapi.sys
0x998E0000 \SystemRoot\System32\TSDDD.dll
0x99900000 \SystemRoot\System32\ATMFD.DLL
0x99950000 \SystemRoot\System32\cdd.dll
0x8F7CD000 \SystemRoot\system32\drivers\luafv.sys
0x9EE04000 \SystemRoot\system32\drivers\spsys.sys
0x9EEB4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9EEC4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9EEEE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EEF8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EF0B000 \SystemRoot\system32\drivers\HTTP.sys
0x9EF78000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EF95000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EFAE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EFC3000 \SystemRoot\system32\drivers\mrxdav.sys
0x8A9D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F806000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F83F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F857000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F87F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F8E6000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9F8E9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F8ED000 \SystemRoot\system32\drivers\peauth.sys
0x9F9CB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F9D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F9E1000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F9E9000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x807DC000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9F9EE000 \??\C:\Windows\system32\drivers\mbam.sys
0x9F8CE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F9F2000 \??\C:\Users\Brian\AppData\Local\Temp\mbr.sys
0x9EFE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x89FE5000 \??\C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
0x9EFF3000 \??\C:\Users\Brian\AppData\Local\Temp\aswMBR.sys
0x773E0000 \Windows\System32\ntdll.dll
Processes (total 81):
0 System Idle Process
4 System
5928 C:\Windows\System32\smss.exe
6104 csrss.exe
988 csrss.exe
1020 C:\Windows\System32\wininit.exe
1164 C:\Windows\System32\services.exe
1212 C:\Windows\System32\lsass.exe
1244 C:\Windows\System32\lsm.exe
312 C:\Windows\System32\winlogon.exe
360 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\nvvsvc.exe
248 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\audiodg.exe
1480 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\SLsvc.exe
1736 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\nvvsvc.exe
860 C:\Windows\System32\svchost.exe
2528 C:\Windows\System32\spoolsv.exe
2576 C:\Windows\System32\svchost.exe
2936 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3024 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3080 C:\Program Files\Bonjour\mDNSResponder.exe
3144 C:\Windows\System32\svchost.exe
3216 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3432 C:\Windows\System32\svchost.exe
3664 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
3832 C:\Program Files\SMINST\BLService.exe
3864 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2244 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\svchost.exe
2428 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2492 C:\Windows\System32\SearchIndexer.exe
2532 C:\Windows\System32\drivers\XAudio.exe
4268 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4188 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
4636 C:\Windows\System32\dwm.exe
4660 C:\Windows\System32\taskeng.exe
2628 C:\Windows\explorer.exe
2788 C:\Windows\System32\taskeng.exe
3780 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1508 C:\Program Files\Windows Media Player\wmpnscfg.exe
1836 C:\Program Files\Windows Media Player\wmpnetwk.exe
5140 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
372 C:\Program Files\HP\QuickPlay\QPService.exe
5220 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
5276 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
468 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
5316 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
5396 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
5444 WmiPrvSE.exe
5580 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5612 C:\Program Files\iTunes\iTunesHelper.exe
692 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
708 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
5644 C:\Windows\ehome\ehtray.exe
648 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
5716 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
5524 C:\Windows\ehome\ehmsas.exe
1840 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4728 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5424 C:\Program Files\iPod\bin\iPodService.exe
1704 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5016 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3196 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4524 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2052 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5144 C:\Windows\System32\svchost.exe
2404 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4140 C:\Windows\System32\conime.exe
3676 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
1216 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
5568 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
4120 C:\Windows\System32\rundll32.exe
3508 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
1888 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
4992 C:\Users\Brian\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`b0d00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`8ab00000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA0G
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Hi redwingsfan81,
Re-run MBRCheck again.
When prompted, enter Y
Then enter 1 to dump the MBR to physical disk
Name the dumped file as Dump.dat
Enter -1 to exit
A log file named "dump.dat" will be located in the same folder as MBRCheck was saved, please zip it up and attach in your next reply.
redwingsfan81
2011-12-14, 16:00
Ok,
I ran MBRcheck
Entered Y
Then entered 1.
Then it asks for a number between 0-99, or -1 to exit.
What do I do?
I apologize....I left that out. When it asks you that, type 0
redwingsfan81
2011-12-14, 16:42
No worries Jeff.
Also to note, my hotmail account has been blocked do to sending out junk messages.
Hi redwingsfan,
Also to note, my hotmail account has been blocked do to sending out junk messagesOk thanks for letting me know. :bigthumb:
------------
Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
redwingsfan81
2011-12-14, 18:01
ComboFix 11-12-13.03 - Brian 14/12/2011 11:08:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1366 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 16:20 . 2011-12-14 16:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-14 16:20 . 2011-12-14 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 17:58 . 2011-12-13 17:58 -------- d-----w- c:\program files\iPod
2011-12-13 17:58 . 2011-12-13 17:59 -------- d-----w- c:\program files\iTunes
2011-12-13 17:45 . 2011-12-13 17:45 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-03 19:25 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-03 19:25 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2011-12-03 19:25 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 17:45 . 2010-12-29 18:15 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 01:24 . 2011-06-11 05:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:23 . 2011-10-07 10:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2011-10-04 10:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-20 21:02 . 2011-11-09 14:49 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-1-25 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AGLOQPOW
*NewlyCreated* - MBAMPROTECTOR
*Deregistered* - agloqpow
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137346884-2441235573-1657677640-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 16:17]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137346884-2441235573-1657677640-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 16:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 11:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Brian\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-14 11:32:44
ComboFix-quarantined-files.txt 2011-12-14 16:32
ComboFix2.txt 2011-05-17 01:19
ComboFix3.txt 2011-05-13 19:22
.
Pre-Run: 80,089,022,464 bytes free
Post-Run: 80,558,469,120 bytes free
.
- - End Of File - - C63E5901E5E7BFC46D3344BEE59DDDE1
Hi redwingsfan,
Disable Spybot S-D Tea Timer
TeaTimer needs to be disabled so that its protection does not interfere with fixes.
TeaTimer can be re-enabled once the computer is clean. :)
1. Open Spybot-S&D in Advanced Mode.
2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
3. On the left hand side, click on "Tools".
4. Then click on the Resident Icon in the List.
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
---------
Since you were trying to uninstall AVG let's go ahead and remove the remaining leftover files. Please download and run the AVG removal tool from here (http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe). We will install a new antivirus soon. :)
---------
I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click VirusTotal (www.virustotal.com)
copy and paste the following into the upload a file box (one at a time if more than one file is listed)
c:\windows\system32\xvid.ax
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
DDS::
uStart Page = hxxp://www.ask.com/?o=14196&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Presario&pf=cnnb
mRun: [hpqSRMon]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
redwingsfan81
2011-12-14, 19:20
Ok,
1. Teatimer has been disabled.
2. When I ran the tool, after the restart it left me with some icons and two text documents. Wasen't sure if that is normal or not.
3. That file came back clean. 0/43 found anything malicious
And here is the log.
ComboFix 11-12-13.03 - Brian 14/12/2011 13:04:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1851 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 18:12 . 2011-12-14 18:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-14 18:12 . 2011-12-14 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 17:58 . 2011-12-13 17:58 -------- d-----w- c:\program files\iPod
2011-12-13 17:58 . 2011-12-13 17:59 -------- d-----w- c:\program files\iTunes
2011-12-13 17:45 . 2011-12-13 17:45 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-03 19:25 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-03 19:25 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2011-12-03 19:25 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-13 17:45 . 2010-12-29 18:15 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 01:24 . 2011-06-11 05:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-20 21:02 . 2011-11-09 14:49 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-1-25 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137346884-2441235573-1657677640-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 16:17]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137346884-2441235573-1657677640-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 16:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 13:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-14 13:15:40
ComboFix-quarantined-files.txt 2011-12-14 18:15
ComboFix2.txt 2011-12-14 16:32
ComboFix3.txt 2011-05-17 01:19
ComboFix4.txt 2011-05-13 19:22
.
Pre-Run: 80,660,004,864 bytes free
Post-Run: 80,479,068,160 bytes free
.
- - End Of File - - 4F1F3D40A3DF6A9B2AA45D1A23CBDD20
Hi there redwingsfan,
I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.
Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish
http://www.eset.com/onlinescan/
----------
In your next reply please post the logs created by Malwarebytes and ESET online scanner. :)
redwingsfan81
2011-12-15, 20:34
The ESET scan turned up nothing.
Here is the Malwarebytes log.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8365
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
15/12/2011 10:23:25 AM
mbam-log-2011-12-15 (10-23-25).txt
Scan type: Quick scan
Objects scanned: 180274
Time elapsed: 7 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
How is your system running now? :)
redwingsfan81
2011-12-15, 21:13
The system seems to be running fine!
Please do the following:
Hold down the Windows key and press R to open a run box
type the following text into the run box
appwiz.cpl
This will open your Programs And Features. A list of installed programs will populate
Remove the following programs:
Java(TM) 6 Update 26
Java(TM) 6 Update 7
----------
Run a new scan with DDS and post both of the logs into your next reply so I can get one last look. :bigthumb:
redwingsfan81
2011-12-15, 21:33
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Brian at 15:29:54 on 2011-12-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2814.1369 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{79365D4C-DA64-427C-8B4F-06C08E0E2CDA} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-16 366152]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-8 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-16 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-15 16:09:33 -------- d-----w- c:\program files\ESET
2011-12-14 18:14:12 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-14 18:01:58 -------- d-----w- C:\ComboFix
2011-12-14 15:06:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 15:06:57 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 15:06:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:06:55 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 15:06:54 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-14 15:06:07 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 15:05:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 17:58:46 -------- d-----w- c:\program files\iPod
2011-12-13 17:58:43 -------- d-----w- c:\program files\iTunes
2011-12-13 17:45:13 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-03 21:45:04 -------- d-----w- c:\users\brian\appdata\local\{E432D8C2-10E4-486D-8F7F-1C4CDB64A02F}
2011-12-03 21:44:53 -------- d-----w- c:\users\brian\appdata\local\{268D0B4E-E013-4E1C-BDE0-328892BA93A2}
2011-12-03 19:25:45 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-12-03 19:25:45 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-12-03 19:25:45 153088 ----a-w- c:\windows\system32\xvid.ax
.
==================== Find3M ====================
.
2011-12-13 17:45:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 01:24:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 15:30:49.81 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/12/2010 2:09:21 PM
System Uptime: 15/12/2011 10:46:54 AM (5 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-64 | Socket A | 2100/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 131 GiB total, 72.545 GiB free.
D: is FIXED (NTFS) - 91 GiB total, 88.956 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1.727 GiB free.
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP340: 08/11/2011 1:00:48 PM - Language Pack Removal
RP341: 10/11/2011 1:40:23 AM - Windows Update
RP342: 12/11/2011 3:00:25 AM - Windows Update
RP343: 01/12/2011 7:08:33 PM - Scheduled Checkpoint
RP344: 13/12/2011 12:42:50 PM - Language Pack Removal
RP345: 13/12/2011 12:44:03 PM - Installed Java(TM) 7 Update 2
RP346: 13/12/2011 1:18:54 PM - Language Pack Removal
RP347: 14/12/2011 1:09:34 PM - Language Pack Removal
RP348: 15/12/2011 3:00:47 AM - Windows Update
RP349: 15/12/2011 10:26:56 AM - Language Pack Removal
RP350: 15/12/2011 3:26:55 PM - Removed Java(TM) 6 Update 26
RP351: 15/12/2011 3:28:27 PM - Removed Java(TM) 6 Update 7
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
BufferChm
Conexant HD Audio
Copy
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_05_F4400_Software_Min
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
ESET Online Scanner v3
ESU for Microsoft Vista
F4400
FileHippo.com Update Checker
Google Chrome
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 12.0
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 13.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPPhotoGadget
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 7 Update 2
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
NVIDIA Drivers
Power2Go
PowerDirector
PSSWCORE
PVSonyDll
QuickBooks
QuickBooks Premier Edition 2010
QuickTime
Realtek USB 2.0 Card Reader
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SupportSoft Assisted Service
swMSM
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VideoToolkit01
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
15/12/2011 3:09:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
15/12/2011 3:09:02 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/12/2011 3:02:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/12/2011 10:27:42 AM, Error: Microsoft-Windows-LanguagePackSetup [1003] - CBS error 0x800f0825 reported while operating on UI Language Pack for fr-FR
15/12/2011 10:12:04 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/12/2011 10:11:11 AM, Error: EventLog [6008] - The previous system shutdown at 3:09:43 AM on 15/12/2011 was unexpected.
14/12/2011 12:42:07 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
14/12/2011 1:12:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
14/12/2011 1:01:56 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
13/12/2011 12:27:12 PM, Error: EventLog [6008] - The previous system shutdown at 11:53:11 AM on 13/12/2011 was unexpected.
13/12/2011 11:50:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
13/12/2011 11:50:53 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/12/2011 11:48:34 AM, Error: EventLog [6008] - The previous system shutdown at 11:44:25 AM on 13/12/2011 was unexpected.
11/12/2011 12:01:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
10/12/2011 11:59:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
08/12/2011 6:13:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
.
==== End Of File ===========================
Hi redwingsfan,
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)
Avast (http://www.avast.com/en-au/free-antivirus-download)
----------
Be sure to enable Spybot TeaTimer. :)
----------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)
http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.