TechSpot

8 Step Logs

By Sheena314
Oct 12, 2010
  1. I have been having some issues with my computer so I did the scans and have posted the logs

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4210

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    10/11/2010 6:42:21 PM
    mbam-log-2010-10-11 (18-42-21).txt

    Scan type: Quick scan
    Objects scanned: 138534
    Time elapsed: 15 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-11 23:56:45
    Windows 6.0.6002 Service Pack 2
    Running: pi8iml7k.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\kxroqaod.sys


    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74557817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74588395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7454FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7454FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7457C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74546853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7454687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
     
  3. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Gordon at 0:05:14.93 on Tue 10/12/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1002 [GMT -7:00]

    AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Norton Security Suite *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Gordon\Downloads\dds.scr
    C:\Program Files\Mozilla Firefox\firefox.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.comcast.net?cid=060410
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
    BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
    TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\gordon\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\
    FF - prefs.js: browser.search.selectedEngine - Comcast Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency.dll
    FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.5.dll
    FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.6.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\gordon\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101011.001\IDSvix86.sys [2010-9-15 353840]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-6-1 339504]
    R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-11 102448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
    S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-11 07:19:43 -------- d-----w- c:\program files\Synaptics
    2010-10-11 07:14:32 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-10-11 07:14:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-10-10 22:29:56 -------- d-----w- c:\program files\Speccy
    2010-10-10 22:29:51 -------- d-----w- c:\program files\Defraggler
    2010-10-09 21:08:39 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dd54f636-0337-4cf9-a8cf-6da2b689292d}\mpengine.dll
    2010-10-02 04:58:34 -------- d-----w- c:\program files\Feedback Tool
    2010-09-28 17:54:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 17:54:16 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-26 18:21:35 -------- d-----w- c:\program files\DivX
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-15 23:21:53 -------- d-----w- c:\users\gordon\appdata\roaming\Coby Media Manager
    2010-09-15 07:09:51 -------- d-----w- c:\users\gordon\appdata\roaming\Coby
    2010-09-15 00:10:41 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-09-15 00:10:33 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-15 00:10:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-15 00:10:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-09-15 00:10:12 739328 ----a-w- c:\windows\system32\inetcomm.dll

    ==================== Find3M ====================

    2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ============= FINISH: 0:07:31.68 ===============
     
  4. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/7/2007 11:13:43 PM
    System Uptime: 10/12/2010 12:01:10 AM (0 hours ago)

    Motherboard: Quanta | | 30CF
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1800/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 141 GiB total, 107.55 GiB free.
    D: is FIXED (NTFS) - 7 GiB total, 0.737 GiB free.
    E: is CDROM ()
    H: is FIXED (NTFS) - 1 GiB total, 1.034 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    AIO_Scan
    Apple Software Update
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    Bonjour
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    CA Pest Patrol Realtime Protection
    CameraDrivers
    CameraUserGuides
    CCleaner
    Coby Media Manager
    Comcast High-Speed Internet Install Wizard
    Comcast Toolbar 3.5
    Conexant HD Audio
    Copy
    CustomerResearchQFolder
    Defraggler
    Desktop Doctor
    Destination Component
    DeviceDiscovery
    DivX Setup
    DocProc
    DocProcQFolder
    ESU for Microsoft Vista
    eSupportQFolder
    Feedback Tool
    Gcabby2
    Google Chrome
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    HiJackThis
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Participation Program 9.0
    HP Doc Viewer
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Cameras 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Product Detection
    HP Quick Launch Buttons 6.20 B1
    HP QuickPlay 3.2
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0057
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    hpicamDrvQFolder
    HPNetworkAssistant
    HPProductAssistant
    HPSSupply
    InstantShareDevicesMFC
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    LightScribe 1.6.43.1
    LimeWire 5.5.16
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox (3.6.10)
    MSCU for Microsoft Vista
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    Norton Security Suite
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    PSSWCORE
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    SmartAudio
    SolutionCenter
    Speccy
    SpeedFan (remove only)
    SpywareBlaster 4.3
    Status
    SUPERAntiSpyware Free Edition
    Synaptics Pointing Device Driver
    System Requirements Lab
    Toolbox
    TrayApp
    TSP_CODEC
    Universal Viewer
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC Sync (CE) Y!Epic Community Ed. v2.0.0.4
    VC80CRTRedist - 8.0.50727.4053
    VideoToolkit01
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    Yahoo! Messenger
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    10/9/2010 7:33:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:00:23 AM on 10/9/2010 was unexpected.
    10/7/2010 7:24:43 PM, Error: EventLog [6008] - The previous system shutdown at 7:15:45 PM on 10/7/2010 was unexpected.
    10/7/2010 2:50:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
    10/7/2010 2:02:39 PM, Error: EventLog [6008] - The previous system shutdown at 1:52:19 PM on 10/7/2010 was unexpected.
    10/7/2010 10:55:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    10/6/2010 6:36:18 AM, Error: EventLog [6008] - The previous system shutdown at 6:26:18 AM on 10/6/2010 was unexpected.
    10/5/2010 9:54:31 AM, Error: EventLog [6008] - The previous system shutdown at 9:52:53 AM on 10/5/2010 was unexpected.
    10/5/2010 7:46:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    10/12/2010 12:03:14 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    10/12/2010 12:01:49 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/11/2010 7:57:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    10/11/2010 7:56:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    10/11/2010 7:35:55 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
    10/11/2010 7:35:55 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    10/11/2010 7:34:07 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:08 PM on 10/11/2010 was unexpected.
    10/11/2010 5:02:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    10/11/2010 12:58:20 AM, Error: EventLog [6008] - The previous system shutdown at 12:55:59 AM on 10/11/2010 was unexpected.
    10/11/2010 12:57:27 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    10/11/2010 10:28:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/11/2010 10:27:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
    10/11/2010 10:27:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2010 10:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/11/2010 10:26:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/11/2010 10:26:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/11/2010 10:26:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/11/2010 10:26:08 PM, Error: EventLog [6008] - The previous system shutdown at 10:23:57 PM on 10/11/2010 was unexpected.
    10/11/2010 10:10:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    10/10/2010 8:59:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
    10/10/2010 8:01:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
    10/10/2010 3:34:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    10/10/2010 3:34:01 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/10/2010 3:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/10/2010 3:11:39 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/10/2010 2:28:59 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/10/2010 2:26:18 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    10/10/2010 2:19:49 PM, Error: EventLog [6008] - The previous system shutdown at 2:17:17 PM on 10/10/2010 was unexpected.
    10/10/2010 12:07:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:21 PM on 10/10/2010 was unexpected.
    10/10/2010 10:09:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
    10/10/2010 1:33:40 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:01 PM on 10/10/2010 was unexpected.

    ==== End Of File ===========================
     
  5. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    Here is my computer information:
    Processor type: AMD Athlon (tm) 64 X2 Dual-core processor tk-55 1.80 GHz

    RAM: 2GB

    Hard Drive size/free space:
    Local Disk (c)- 83.1GB free/140GB
    HP recovery- 1.80GB free/ 8.42GB
    32-bit operating system


    I am wondering if a virus issue is connected with my touchpad acting strangely, which I addressed in another thread.
    (http://www.techspot.com/vb/topic147363.html)

    Also, the GMER scan was having some problems, so it may not have found everything.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    You're not saying what your computer issues are.

    GMER log is incomplete.
    Please, rerun it.
     
  7. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    Sorry, my computer issues are that it stalls. My scanner keeps saying there is a suspcious cloud virus.
    I will post the GMER log once it finishes. It takes a long long time.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    OK :).................
     
  9. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    One quick question.
    I know it was said and the original 8 Step thread that if GMER has problems I can start it in safe mode. Will doing this cause the scanner to miss any files, since not all programs are available for use during safe mode?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    No............
     
  11. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    Oh okay, just making sure, since it seemed like not as many files showed up in the scan, when I attempted in to regular mode. :)
    Here is the log:




    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-15 22:28:33
    Windows 6.0.6002 Service Pack 2
    Running: pi8iml7k.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\kxroqaod.sys


    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74057817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [740AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7405BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7404F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [740575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7404E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74088395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7405DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7404FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7404FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [740471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [740DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7407C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7404D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74046853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7404687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74052AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  12. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    Here are the requested logs:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6500 Notebook PC
    Logical Drives Mask: 0x0000009c

    Kernel Drivers (total 167):
    0x82619000 \SystemRoot\system32\ntkrnlpa.exe
    0x829D2000 \SystemRoot\system32\hal.dll
    0x80603000 \SystemRoot\system32\kdcom.dll
    0x8060A000 \SystemRoot\system32\PSHED.dll
    0x8061B000 \SystemRoot\system32\BOOTVID.dll
    0x80623000 \SystemRoot\system32\CLFS.SYS
    0x80664000 \SystemRoot\system32\CI.dll
    0x80744000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x807B5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87C01000 \SystemRoot\system32\drivers\acpi.sys
    0x87C47000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x87C50000 \SystemRoot\system32\drivers\msisadrv.sys
    0x87C58000 \SystemRoot\system32\drivers\pci.sys
    0x87C7F000 \SystemRoot\System32\drivers\partmgr.sys
    0x87C8E000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x87C91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x87C9B000 \SystemRoot\system32\drivers\volmgr.sys
    0x87CAA000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87CF4000 \SystemRoot\system32\drivers\pciide.sys
    0x87CFB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x87D09000 \SystemRoot\System32\drivers\mountmgr.sys
    0x87D19000 \SystemRoot\system32\drivers\atapi.sys
    0x87D21000 \SystemRoot\system32\drivers\ataport.SYS
    0x87D3F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87D71000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
    0x87DC7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x807C3000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
    0x87DD7000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x87E04000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x87E75000 \SystemRoot\system32\drivers\ndis.sys
    0x87F80000 \SystemRoot\system32\drivers\msrpc.sys
    0x87FAB000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88003000 \SystemRoot\System32\drivers\tcpip.sys
    0x880ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88202000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88312000 \SystemRoot\system32\drivers\volsnap.sys
    0x8834B000 \SystemRoot\System32\Drivers\spldr.sys
    0x88353000 \SystemRoot\system32\speedfan.sys
    0x88355000 \SystemRoot\System32\Drivers\mup.sys
    0x88364000 \SystemRoot\system32\giveio.sys
    0x88365000 \SystemRoot\System32\drivers\ecache.sys
    0x8838C000 \SystemRoot\system32\drivers\disk.sys
    0x8839D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x883BE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x883E7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x883F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88108000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x883FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x88118000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x8811B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8812B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x88132000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8813B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8813E000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x88148000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x88186000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x88195000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x881AD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8C007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8C094000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8C0A4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8C0B2000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8C0CC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8C0DB000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8C209000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8C309000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8C40A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8CB3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8CBDD000 \SystemRoot\System32\drivers\watchdog.sys
    0x8CBE9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C38F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C39A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8CBFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C3D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8C140000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8C16F000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C1B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8C3EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8C1C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8C1EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x881B3000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x881C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x881DC000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8CBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8CE09000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CE33000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8CE3D000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8CE4A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8CE53000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8CE88000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8CE99000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x8CECC000 \SystemRoot\system32\drivers\portcls.sys
    0x8CEF9000 \SystemRoot\system32\drivers\drmk.sys
    0x8CF1E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8D205000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8D308000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8D3BD000 \SystemRoot\system32\drivers\modem.sys
    0x8D3CA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D3D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8CF5C000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
    0x8D3DB000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
    0x8CFB3000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
    0x8E60D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVEX15.SYS
    0x8E75B000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8E780000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVENG.SYS
    0x8E794000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8E79D000 \SystemRoot\System32\Drivers\Null.SYS
    0x8E7A4000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8E7AB000 \SystemRoot\System32\drivers\vga.sys
    0x8E7B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8E7D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8E7E0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8E7E8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CFBD000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8E7F3000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CFCB000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90203000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
    0x9025C000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90270000 \SystemRoot\system32\drivers\afd.sys
    0x902B8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x902EA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x90300000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9030E000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x90310000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90323000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x90344000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x9034A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90386000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90390000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSvix86.sys
    0x97201000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x9725F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9727C000 \SystemRoot\System32\Drivers\dfsc.sys
    0x97293000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
    0x97312000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    0x973BE000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x973D4000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x973E1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x973EC000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x9FA60000 \SystemRoot\System32\win32k.sys
    0x973F4000 \SystemRoot\System32\drivers\Dxapi.sys
    0x903EB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9FC80000 \SystemRoot\System32\TSDDD.dll
    0x9FCA0000 \SystemRoot\System32\cdd.dll
    0x8CFE1000 \SystemRoot\system32\drivers\luafv.sys
    0xA760A000 \SystemRoot\system32\drivers\spsys.sys
    0xA76BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA76CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA76F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA76FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA7711000 \SystemRoot\system32\drivers\HTTP.sys
    0xA777E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA779B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA77B4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA77C9000 \SystemRoot\system32\drivers\mrxdav.sys
    0x883C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA8201000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA823A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA8252000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA827A000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA82E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA82E4000 \SystemRoot\system32\drivers\peauth.sys
    0xA83C2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA83CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA83D8000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x77B00000 \Windows\System32\ntdll.dll

    Processes (total 96):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    524 csrss.exe
    576 C:\Windows\System32\wininit.exe
    584 csrss.exe
    624 C:\Windows\System32\winlogon.exe
    660 C:\Windows\System32\services.exe
    700 C:\Windows\System32\lsass.exe
    708 C:\Windows\System32\lsm.exe
    832 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\nvvsvc.exe
    904 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\audiodg.exe
    1216 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\SLsvc.exe
    1264 C:\Windows\System32\svchost.exe
    1380 C:\Windows\System32\rundll32.exe
    1472 C:\Windows\System32\svchost.exe
    1688 C:\Windows\System32\spoolsv.exe
    1724 C:\Windows\System32\svchost.exe
    1936 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    1972 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    2004 C:\Program Files\Bonjour\mDNSResponder.exe
    2024 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    12 C:\Windows\System32\svchost.exe
    568 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    1452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1784 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1916 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
    1644 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    2056 C:\Windows\System32\svchost.exe
    2108 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    2160 C:\Windows\System32\svchost.exe
    2256 C:\Windows\System32\svchost.exe
    2280 C:\Windows\System32\SearchIndexer.exe
    2396 C:\Windows\System32\drivers\XAudio.exe
    2592 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2700 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    2752 C:\Windows\System32\dwm.exe
    2784 C:\Windows\System32\taskeng.exe
    2856 C:\Windows\explorer.exe
    2972 C:\Windows\System32\taskeng.exe
    3396 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
    3220 dllhost.exe
    1768 C:\Program Files\Windows Defender\MSASCui.exe
    2956 C:\Program Files\HP\QuickPlay\QPService.exe
    1176 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    980 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3188 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    2580 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    2628 C:\Windows\PixArt\Pac207\Monitor.exe
    1840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2736 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    320 C:\Windows\System32\rundll32.exe
    2212 C:\Program Files\Winamp\winampa.exe
    2744 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3780 WmiPrvSE.exe
    2616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3260 C:\Windows\ehome\ehtray.exe
    3936 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    156 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
    4032 C:\Windows\ehome\ehmsas.exe
    3828 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    4072 C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    2552 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4328 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4384 C:\Program Files\Mozilla Firefox\firefox.exe
    4420 C:\Windows\System32\SearchProtocolHost.exe
    4712 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    6120 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
    5928 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4448 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5652 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5984 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5016 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5964 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5988 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    2484 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    2544 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    2504 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    2492 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    2088 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    3788 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4100 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4168 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4832 C:\Windows\System32\SndVol.exe
    5644 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1444 taskeng.exe
    5400 C:\Windows\System32\SearchFilterHost.exe
    3840 C:\Users\Gordon\Downloads\MBRCheck (1).exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`27caea00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000024`fed00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC7BP

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  14. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    ComboFix 10-10-20.01 - Gordon 10/20/2010 21:47:42.7.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.449 [GMT -7:00]
    Running from: c:\users\Gordon\Desktop\ComboFix.exe
    AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Security Suite *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-20 16:00 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CC01920-FBD3-4C86-838F-6167BFE016E8}\mpengine.dll
    2010-10-14 05:28 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-14 05:28 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 05:27 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 05:27 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 05:27 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 05:27 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 05:27 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 05:26 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 05:24 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-10-14 05:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-14 05:24 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-14 05:05 . 2010-10-14 05:05 -------- d-----w- c:\programdata\WindowsSearch
    2010-10-14 05:00 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-11 07:19 . 2010-10-11 07:19 -------- d-----w- c:\program files\Synaptics
    2010-10-11 07:14 . 2009-08-07 16:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-10-11 07:14 . 2010-05-28 05:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-10-10 22:29 . 2010-10-10 22:30 -------- d-----w- c:\program files\Speccy
    2010-10-10 22:29 . 2010-10-10 22:30 -------- d-----w- c:\program files\Defraggler
    2010-10-02 04:58 . 2010-10-02 04:58 -------- d-----w- c:\program files\Feedback Tool
    2010-09-28 17:54 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 17:54 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-26 18:21 . 2010-09-26 18:22 -------- d-----w- c:\program files\DivX
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{164d3751-cac6-4a6d-becd-ea67df61d232}]
    2010-07-29 13:10 259584 ----a-w- c:\program files\comcasttb\auxi\comcastAu.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Google Update"="c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-25 133104]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2010-03-20 00:27 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101020.001\IDSvix86.sys [2010-10-19 353840]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
    S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
    S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:03]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:03]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044339872-1800818904-3149626244-1003Core.job
    - c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 03:16]

    2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044339872-1800818904-3149626244-1003UA.job
    - c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 03:16]

    2010-10-21 c:\windows\Tasks\User_Feed_Synchronization-{468A7041-2846-4BA6-9013-506450816A76}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net?cid=060410
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\
    FF - prefs.js: browser.search.selectedEngine - Comcast Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency.dll
    FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency3.5.dll
    FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency3.6.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Gordon\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(620)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll

    - - - - - - - > 'Explorer.exe'(156)
    c:\program files\CA\PPRT\bin\CACheck.dll
    c:\program files\CA\PPRT\bin\CAHook.dll
    c:\program files\CA\PPRT\bin\CAServer.dll
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-10-20 22:03:36
    ComboFix-quarantined-files.txt 2010-10-21 05:03
    ComboFix2.txt 2010-10-12 18:57
    ComboFix3.txt 2010-06-14 04:00

    Pre-Run: 104,408,281,088 bytes free
    Post-Run: 104,349,159,424 bytes free

    - - End Of File - - F6B35D77C7F084EC11A08BDD722CCCBD
     
  15. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  16. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    When I click on the burnitcd.cmd file, it says that windows can not find it, making the program unable to run. How should I go about fixing this issue?

    Edit: I am opening it using the winrar program, since it would not open on it's own.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Can't find what?
    Please, post exact error message.
     
  18. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    The exact message is: "Windows can not find burnCDCC.exe. Make sure you typed the name correctly, and then try again."
    This occurs when I click the file requested.
    Should this program be placed in a specific folder, like system 32 or something like that?
     
  19. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    No, no.
    It may be bad download.
    Try to download fresh file.
    Make sure:
     
  20. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    I tried again and had the same issue. Is there another source I could use?
    Edit: Before the message comes up and the command window closes, the following message appears in the command prompt window: c:Users\Gordon\Desktop>Start "" BurnCDCC.exe /f /v /s=4 /i=NTBR_CD.iso

    I am not sure what I am doing wrong, and why WinRAR isn't reading the program.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Let's try different way....

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  22. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    Here is the MBR log:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6500 Notebook PC
    Logical Drives Mask: 0x0000009c

    Kernel Drivers (total 166):
    0x82647000 \SystemRoot\system32\ntkrnlpa.exe
    0x82614000 \SystemRoot\system32\hal.dll
    0x80608000 \SystemRoot\system32\kdcom.dll
    0x8060F000 \SystemRoot\system32\PSHED.dll
    0x80620000 \SystemRoot\system32\BOOTVID.dll
    0x80628000 \SystemRoot\system32\CLFS.SYS
    0x80669000 \SystemRoot\system32\CI.dll
    0x80749000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x807BA000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87C09000 \SystemRoot\system32\drivers\acpi.sys
    0x87C4F000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x87C58000 \SystemRoot\system32\drivers\msisadrv.sys
    0x87C60000 \SystemRoot\system32\drivers\pci.sys
    0x87C87000 \SystemRoot\System32\drivers\partmgr.sys
    0x87C96000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x87C99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x87CA3000 \SystemRoot\system32\drivers\volmgr.sys
    0x87CB2000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87CFC000 \SystemRoot\system32\drivers\pciide.sys
    0x87D03000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x87D11000 \SystemRoot\System32\drivers\mountmgr.sys
    0x87D21000 \SystemRoot\system32\drivers\atapi.sys
    0x87D29000 \SystemRoot\system32\drivers\ataport.SYS
    0x87D47000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87D79000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
    0x87DCF000 \SystemRoot\system32\drivers\fileinfo.sys
    0x807C8000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
    0x87DDF000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x87E03000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x87E74000 \SystemRoot\system32\drivers\ndis.sys
    0x87F7F000 \SystemRoot\system32\drivers\msrpc.sys
    0x87FAA000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88002000 \SystemRoot\System32\drivers\tcpip.sys
    0x880EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88203000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88313000 \SystemRoot\system32\drivers\volsnap.sys
    0x8834C000 \SystemRoot\System32\Drivers\spldr.sys
    0x88354000 \SystemRoot\system32\speedfan.sys
    0x88356000 \SystemRoot\System32\Drivers\mup.sys
    0x88365000 \SystemRoot\system32\giveio.sys
    0x88366000 \SystemRoot\System32\drivers\ecache.sys
    0x8838D000 \SystemRoot\system32\drivers\disk.sys
    0x8839E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x883BF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x883E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x883F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88107000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x883FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x88200000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0x88117000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x88127000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8812E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x88137000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8813A000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x88144000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x88182000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x88191000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x881A9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8BE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8BE99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8BEA9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8BEB7000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x8BED1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x8BEE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0x8BEF4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0x8C00D000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8C10D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8C205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8C937000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8C9D8000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C9E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8C193000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C19E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8C9F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C1D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8BF45000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8BF74000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C1E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8BFB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8C1EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8BFCC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8BFEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x881AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x881C3000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x881D8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C9F9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8CA01000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CA2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8CA35000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8CA42000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8CA4B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8CA80000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8CA91000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x8CAC4000 \SystemRoot\system32\drivers\portcls.sys
    0x8CAF1000 \SystemRoot\system32\drivers\drmk.sys
    0x8CB16000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8D20F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8D312000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8D3C7000 \SystemRoot\system32\drivers\modem.sys
    0x8D3D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D3DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8CB54000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
    0x8CBAB000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
    0x8D3E5000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
    0x8E40E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVEX15.SYS
    0x8E55C000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x8E581000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVENG.SYS
    0x8E595000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8E59E000 \SystemRoot\System32\Drivers\Null.SYS
    0x8E5A5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8E5AC000 \SystemRoot\System32\drivers\vga.sys
    0x8E5B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8E5D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8E5E1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8E5E9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8E400000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8E5F4000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8CBCA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x91A04000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
    0x91A5D000 \SystemRoot\system32\DRIVERS\smb.sys
    0x91A71000 \SystemRoot\system32\drivers\afd.sys
    0x91AB9000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x91AEB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91B01000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x91B0F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0x91B11000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x91B24000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x91B45000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x91B4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x91B87000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91B91000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSvix86.sys
    0x97604000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x97662000 \SystemRoot\System32\Drivers\dfsc.sys
    0x97679000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
    0x976F8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
    0x977A4000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x977BA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x977C7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x977D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x81C50000 \SystemRoot\System32\win32k.sys
    0x977DA000 \SystemRoot\System32\drivers\Dxapi.sys
    0x977E4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x81E70000 \SystemRoot\System32\TSDDD.dll
    0x81E90000 \SystemRoot\System32\cdd.dll
    0x8CBE0000 \SystemRoot\system32\drivers\luafv.sys
    0x91BEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA7601000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA762B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA7635000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA7648000 \SystemRoot\system32\drivers\HTTP.sys
    0xA76B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA76D2000 \SystemRoot\system32\drivers\spsys.sys
    0xA7782000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA779B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA77B0000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA77D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA8800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA8839000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA8851000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA8879000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA88DF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA88E3000 \SystemRoot\system32\drivers\peauth.sys
    0xA89C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA89CB000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA89D7000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x77860000 \Windows\System32\ntdll.dll

    Processes (total 97):
    0 System Idle Process
    4 System
    444 C:\Windows\System32\smss.exe
    584 csrss.exe
    636 C:\Windows\System32\wininit.exe
    644 csrss.exe
    684 C:\Windows\System32\winlogon.exe
    720 C:\Windows\System32\services.exe
    756 C:\Windows\System32\lsass.exe
    764 C:\Windows\System32\lsm.exe
    888 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\nvvsvc.exe
    964 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\svchost.exe
    1244 C:\Windows\System32\audiodg.exe
    1268 C:\Windows\System32\svchost.exe
    1288 C:\Windows\System32\SLsvc.exe
    1312 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\rundll32.exe
    1540 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\spoolsv.exe
    1784 C:\Windows\System32\svchost.exe
    2028 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    184 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    284 C:\Program Files\Bonjour\mDNSResponder.exe
    340 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    876 C:\Windows\System32\svchost.exe
    896 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    1608 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2000 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    1652 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
    2052 C:\Windows\System32\svchost.exe
    2092 C:\Windows\System32\svchost.exe
    2104 C:\Windows\System32\svchost.exe
    2132 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    2164 C:\Windows\System32\svchost.exe
    2252 C:\Windows\System32\svchost.exe
    2288 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2328 C:\Windows\System32\SearchIndexer.exe
    2568 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2740 C:\Windows\System32\drivers\XAudio.exe
    2800 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2820 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3192 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
    3236 C:\Windows\System32\dwm.exe
    3248 C:\Windows\System32\taskeng.exe
    3276 C:\Windows\explorer.exe
    3364 C:\Windows\System32\taskeng.exe
    3768 C:\Windows\System32\taskeng.exe
    1364 WmiPrvSE.exe
    2768 dllhost.exe
    3384 C:\Program Files\Windows Defender\MSASCui.exe
    3284 C:\Program Files\HP\QuickPlay\QPService.exe
    3216 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3884 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3912 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    3924 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    3936 C:\Windows\PixArt\Pac207\Monitor.exe
    1996 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2072 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    3960 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    3500 C:\Windows\System32\rundll32.exe
    2240 C:\Program Files\Winamp\winampa.exe
    4000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3472 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3592 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3388 C:\Windows\ehome\ehtray.exe
    2412 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    1808 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
    3628 WmiPrvSE.exe
    124 C:\Windows\ehome\ehmsas.exe
    4212 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4252 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    4452 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4488 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4500 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    4692 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4796 C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    5216 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5224 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5248 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    5260 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5268 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5276 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5284 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5292 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5328 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5468 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
    5492 <unknown>
    5508 <unknown>
    5596 C:\Program Files\Internet Explorer\ielowutil.exe
    5860 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4024 C:\Users\Gordon\Downloads\MBRCheck.exe
    4560 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`27caea00 (NTFS)
    \\.\H: --> \\.\PhysicalDrive0 at offset 0x00000024`fed00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC7BP

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  23. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. Sheena314

    Sheena314 TS Rookie Topic Starter Posts: 48

    My computer is doing well, thanks to you. I will do the scan and post the log as soon as possible.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,910   +344

    Good :).......
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...