TechSpot

Can I remove QGuaayvrII.exe

By wenkmt
Feb 8, 2012
  1. Need some assistance to clean my Notebook. It is all dark and only Explorer is available to run and send you this msg.
    - Sony Vaio, Window Vista Home Premium 32bit SP2
    - AV Avira (10.00.13.18) up to date.

    Going to go through the 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and will post as I progress.

    -------------------
    1. Avira Virus scan

    2. downloand and installed Malwarebytes Anti-Malware and got a window "No more threads can be created in the system"

    I am stuck here.... Will keep on searching for solution.

    Thanks for your attention
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Skip MBAM for now.
     
  3. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    IE80.exe is not working and will not reboot

    02/09/2012

    Hello Broni, thanks!

    I restarted the Vaio after the Virus Scan and was able to install the UnHide and bring back some of the icons on the desktop and list of the programs, but noticed that programs directories were empty.

    Download UnHide and MBAM-Setup-1.60.1.1000 yesterday on the same PC when only the IExplores 8.0 was working.

    Installed and run Malawarebytes Anti-Malware. Quick Scan and Full Scan before I left home and let it run. The result is NONE was Found.

    After this scan, the IE8.0 does not work anymore, but I see it is in the process in the Task Manager. Open 3 times and keep show iexplore.exe in the process 3 times, but still no IE80 on the screen.

    I m not going to do anything for now. Sorry I was not able to bring the LOGs to this PC. I am scared that it may infect others PC at work or at home. Oopss, I have the Dropbox still in the infected PC. Do I need to keep it OFFLINE? I just did.

    Now, the system will not reboot or Shutdown. I have to unplug the battery to turn it off completely after it went "BLANK" Screen for more than 1 hr.

    I keep the Task Manager running to keep an eye on the process of CPU to track any unusual activities.

    I guess I am stuck here to go to the step #3.

    Do I use USB drive to transfer the files and continue running?

    THANKS for your time and help!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes, but....
    Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your GOOD computer to protect it from any infected USB device.
    Do NOT exchange any files through DropBox.
     
  5. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    Notebook is ON

    Sorry Broni, I need more time to do this. ntbk have been sitting on all this time while was out of town. I will get back today later when I am able to install the Panda programs here at office's PC. IT here is very picky of what I install in the office PC.

    Should I keep the the Ntbk connected with Internet in the office DMZ area? or turn off the wi-fi and keep it stand alone? while doing the step 3?

    THANK Broni for your patient and help!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It doesn't matter.
     
  7. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    Step#3 GMER

    I am unable to disable the Window Vista Firewall before running the GMER.exe

    When trying to open Window Firewall or Security Center. It give me a another window "Server Busy" This action cannton be completed because the other program is busy. Choose 'switch to' to activate the busy program and correct the program>

    It enter an loop and as I click the "switch" it open the menu and stay there and above window open again.

    I [Ctrl] + [Alt] + [Del] to try to open the Task Manager.

    Black screen and open another window.

    "Logon process has failed to create the security options dialog.
    Failure - System Options.

    Going to click [OK] and

    Back to window with the "Server Busy" window

    Where do I go now and should I restart the system?

    If Yes, should I turn the virus protector ON before I turn off the PC?

    and try the GMER.exe....

    Question: Do I also disable the Malwarebytes Anti-Malware as well?

    Thanks!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Never disable Windows firewall. For any scan.
    No, you don't have to disable MBAM.
     
  9. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    MBAM and GMER Report Logs

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.09.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Wen Yeh :: YAHUI-PC [administrator]

    Protection: Enabled

    2/8/2012 6:33:10 PM
    mbam-log-2012-02-08 (18-42-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203404
    Time elapsed: 8 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Temp\fsfwnnrrv.exe (Trojan.FakeAlert) -> No action taken.
    C:\Windows\Temp\hdgfsh.exe (Trojan.FakeAlert) -> No action taken.
    C:\Users\Wen Yeh\Downloads\vclean.exe (Trojan.FakeAlert) -> No action taken.

    (end)

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.09.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Wen Yeh :: YAHUI-PC [administrator]

    Protection: Enabled

    2/8/2012 7:00:10 PM
    mbam-log-2012-02-08 (19-00-10).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 370376
    Time elapsed: 1 hour(s), 58 minute(s), 48 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-15 10:05:08
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2200BH rev.0000000B
    Running: 9501533i.exe; Driver: C:\Users\WENYEH~1\AppData\Local\Temp\pglorpog.sys

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on.....
     
  11. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DDS Report Log 1

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170
    Run by Wen Yeh at 10:57:14 on 2012-02-15
    Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2038.861 [GMT -8:00]

    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Protector Suite QL\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============
     
  12. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DDS Report Log 2

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    mStart Page = hxxp://search.myheritage.com
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files\scpad\scpsssh2.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\celebrity toolbar\mhxpcomi.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [cdloader] "c:\users\wen yeh\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cm1312 mfp series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater
     
  13. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DDS Report Log 3

    mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wen yeh\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: disableCAD = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{AA505192-3A1D-4EAB-9707-834A161721C3} : DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2} : DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll
    STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\program files\scpad\scpLIB.dll
    LSA: Notification Packages = scecli psqlpwd
    Hosts: 94.63.240.132 www.bing.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\wen yeh\appdata\roaming\mozilla\firefox\profiles\wjvcv4nj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ============= SERVICES / DRIVERS ===============

    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-14 16184]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-30 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-24 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-24 269480]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-30 428200]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-24 66616]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-22 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2007-12-19 125440]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-11-22 292128]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-28 24652]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-12-19 17920]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-10-7 13312]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-11-22 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-11-22 43904]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 818688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1caa758920290;Google Update Service (gupdate1caa758920290);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 133104]
    S2 scpVista;scpVista;c:\program files\scpad\scpVista.exe [2008-6-4 136448]
    S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 133104]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-12-19 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-12-19 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-12-19 1089536]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-11-22 79136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-7-22 16896]

    =============== Created Last 30 ================

    2012-02-09 02:31:15 -------- d-----w- c:\users\wen yeh\appdata\roaming\Malwarebytes
    2012-02-09 02:31:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-09 02:31:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-09 02:31:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-08 18:23:43 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c7ed5cd-8287-4288-b115-e9a8b9f729c6}\offreg.dll
    2012-02-08 17:59:11 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1c7ed5cd-8287-4288-b115-e9a8b9f729c6}\mpengine.dll
    2012-02-02 01:25:20 -------- d-----w- C:\Deckard
    2012-01-30 23:08:01 -------- d-----w- c:\users\wen yeh\appdata\local\Mozilla

    ==================== Find3M ====================

    2012-01-31 00:22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-27 08:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll

    ============= FINISH: 10:58:15.51 ===============

    Thanks Broni for your help!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need Attach.txt part of DDS.

    Then.....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  15. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DSS.txt

    here is the DSS.txt
     

    Attached Files:

    • DDS.txt
      File size:
      16.5 KB
      Views:
      1
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
    Then, I'm asking fro Attach.txt log not DDS.txt log.

    [​IMG]
     
  17. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    Sorry Broni, I did not pay attention to the Attach.txt file. Currently the system is scanning with aswMBR at this moment.

    I'll go back to step #4 and run DDS.exe to obtain the attach.txt and DDS.txt and post both of them w aswMBR log file afterit is done scanning.

    Is this OK?

    Thanks you!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes, re-run DDS.
     
  19. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    Broni, the DDS looked while running under Administrator for the last 2 hrs, nothing happen. Now that I tried to shutdown and restart the notebook. Look like the Window did some updates and wanted me to Install the update and shutdown.

    what should I do?

    1. Install Updates and shutdown and restart
    2. Do NOT install Update and restart

    Thanks again for your time!
    -Wen
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    If updates were done you have no choice but let them finish.

    Then follow other steps from my reply #14.
    Skip DDS.
     
  21. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DDS Report Log - run after aswMBR

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170
    Run by Wen Yeh at 16:13:06 on 2012-02-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.630 [GMT -8:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Protector Suite QL\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\PSIService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\MDM.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\TEMP\hdgfsh.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\config\systemprofile\AppData\Roaming\4C4EB\7D3BE.exe
    C:\Program Files\EB10F\lvvm.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    mStart Page = hxxp://search.myheritage.com
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files\scpad\scpsssh2.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\celebrity toolbar\mhxpcomi.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [cdloader] "c:\users\wen yeh\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cm1312 mfp series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml -o remindLater
    mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n /tmcp:eek:n
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    mRun: [A80.exe] c:\program files\lp\be54\A80.exe
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wen yeh\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\users\wenyeh~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: disableCAD = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.10.8 66.146.0.1
    TCP: Interfaces\{A1216DDD-B0DE-4F5B-8006-C174B487A6C9} : DhcpNameServer = 192.168.10.8 66.146.0.1
    TCP: Interfaces\{AA505192-3A1D-4EAB-9707-834A161721C3} : DhcpNameServer = 8.8.8.8
    TCP: Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2} : DhcpNameServer = 192.168.1.1
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\celebrity toolbar\mhxpcomi.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll
    STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\program files\scpad\scpLIB.dll
    LSA: Notification Packages = scecli psqlpwd
    Hosts: 94.63.147.16 www.google.com
    Hosts: 94.63.147.17 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\wen yeh\appdata\roaming\mozilla\firefox\profiles\wjvcv4nj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-14 16184]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-30 353168]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-24 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-24 269480]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-6-30 428200]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-24 66616]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-22 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2007-12-19 125440]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-11-22 292128]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-28 24652]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-12-19 17920]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-8 20464]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-10-7 13312]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-11-22 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-11-22 43904]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-22 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-22 818688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1caa758920290;Google Update Service (gupdate1caa758920290);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 133104]
    S2 scpVista;scpVista;c:\program files\scpad\scpVista.exe [2008-6-4 136448]
    S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 133104]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-12-19 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-12-19 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-12-19 1089536]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-11-22 79136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-7-22 16896]
    .
    =============== Created Last 30 ================
    .
    2012-02-17 00:03:28 -------- d-----w- c:\program files\EB10F
    2012-02-17 00:02:52 -------- d-----w- c:\program files\LP
    2012-02-16 19:49:13 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60de07bd-48be-47e7-95bb-5700294902fa}\mpengine.dll
    2012-02-09 02:31:15 -------- d-----w- c:\users\wen yeh\appdata\roaming\Malwarebytes
    2012-02-09 02:31:09 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-09 02:31:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-09 02:31:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-02 01:25:20 -------- d-----w- C:\Deckard
    2012-01-30 23:08:01 -------- d-----w- c:\users\wen yeh\appdata\local\Mozilla
    .
    ==================== Find3M ====================
    .
    2012-01-31 00:22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-27 08:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 16:15:12.45 ===============
     
  22. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    DDS Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/23/2008 9:07:41 AM
    System Uptime: 2/16/2012 3:57:24 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | N/A | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 178 GiB total, 99.889 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Reader 9.4.5
    Advanced SystemCare 4
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects
    Ask Toolbar
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    BufferChm
    CCleaner
    Click to Disc
    Click to Disc Editor
    Crackle Screen Saver 1.0
    CustomerResearchQFolder
    CutePDF Writer 2.8
    D3DX10
    Defraggler
    DeviceManagementQFolder
    DivX Setup
    DocMgr
    DocProc
    Dropbox
    eSupportQFolder
    FastStone Image Viewer 3.9
    FastStone Photo Resizer 2.8
    FileHippo.com Update Checker
    GearDrvs
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Color LaserJet CM1312 MFP Series 5.0
    HP Customer Participation Program 10.0
    HP Document Manager 1.0
    HP Solution Center 10.0
    HP Update
    hppCLJCM1312
    hppFaxDrvCM1312
    hppFaxUtilityCM1312
    hppFonts
    hppManualsCM1312
    hppPQVideoCM1312
    hppQFolderCM1312
    HPProductAssistant
    hppscanCM1312
    hppScanToCM1312
    hppSendFaxCM1312
    hppTLBXFXCM1312
    hppusgCM1312
    HPSSupply
    hpzTLBXFX
    Instant Mode
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    LG Android Driver
    LocationFree Player
    magicJack
    Malwarebytes Anti-Malware version 1.60.1.1000
    Map Button (Windows Live Toolbar)
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Norton 360
    OGA Notifier 2.0.0048.0
    OpenMG Limited Patch 4.7-07-15-19-01
    OpenMG Secure Module 4.7.00
    OpenOffice.org 3.3
    OpenVPN 2.2.1
    PC Connectivity Solution
    PdaNet for Android 3.02
    Protector Suite QL 5.6
    QuickBooks Simple Start 2008
    QuickTime
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.80
    Roxio Activation Module
    Roxio Easy Media Creator Home
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Setting Utility Series
    Shop for HP Supplies
    Skype™ 4.2
    Smart Defrag 2
    Smart Menus (Windows Live Toolbar)
    SolutionCenter
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 8
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Camera Capture Utility
    VAIO Center Access Bar
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO DVD Menu Data Basic
    VAIO Entertainment Center
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.2
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO OOBE and Welcome Center
    VAIO Original Function Setting
    VAIO PC Wireless LAN Wizard
    VAIO Power Management
    VAIO Productivity Center
    VAIO Security Center
    VAIO Service Utility
    VAIO Startup Assistant
    VAIO Survey
    VAIO Update 3
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    WebReg
    WIDCOMM Bluetooth Software 6.1.0.2200
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinDVD for VAIO
    WinRAR 4.01 (32-bit)
    Wireless Switch Setting Utility
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 11:34:07 AM, Error: EventLog [6008] - The previous system shutdown at 11:31:53 AM on 2/9/2012 was unexpected.
    2/9/2012 11:06:09 AM, Error: EventLog [6008] - The previous system shutdown at 11:03:42 AM on 2/9/2012 was unexpected.
    2/16/2012 4:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    2/16/2012 4:00:14 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/16/2012 3:58:24 PM, Error: EventLog [6008] - The previous system shutdown at 3:56:35 PM on 2/16/2012 was unexpected.
    2/15/2012 9:51:46 AM, Error: EventLog [6008] - The previous system shutdown at 9:49:06 AM on 2/15/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  23. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    aswMBR log

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-16 11:59:44
    -----------------------------
    11:59:44.342 OS Version: Windows 6.0.6002 Service Pack 2
    11:59:44.342 Number of processors: 2 586 0x1706
    11:59:44.344 ComputerName: YAHUI-PC UserName: Wen Yeh
    11:59:47.920 Initialize success
    12:04:01.115 AVAST engine defs: 12021600
    12:05:59.516 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:05:59.518 Disk 0 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 3
    12:05:59.520 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
    12:05:59.523 Disk 1 Vendor: ( Size: 190782MB BusType: 0
    12:05:59.526 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
    12:05:59.529 Disk 2 Vendor: ( Size: 190782MB BusType: 0
    12:05:59.532 Disk 0 MBR read error 0
    12:05:59.535 Disk 0 MBR scan
    12:05:59.582 Disk 0 unknown MBR code
    12:05:59.585 MBR BIOS signature not found 0
    12:05:59.589 Disk 0 scanning sectors +390719920
    12:05:59.688 Disk 0 scanning C:\Windows\system32\drivers
    12:06:24.144 Service scanning
    12:06:27.226 Modules scanning
    12:06:35.302 Disk 0 trace - called modules:
    12:06:35.310 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8668349f]<<
    12:06:35.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d2f918]
    12:06:35.321 3 CLASSPNP.SYS[887af8b3] -> nt!IofCallDriver -> [0x84c69918]
    12:06:35.326 5 acpi.sys[82c916bc] -> nt!IofCallDriver -> [0x84c67030]
    12:06:35.332 \Driver\atapi[0x86574198] -> IRP_MJ_CREATE -> 0x8668349f
    12:06:37.280 AVAST engine scan C:\Windows
    12:06:41.149 AVAST engine scan C:\Windows\system32
    12:12:10.190 AVAST engine scan C:\Windows\system32\drivers
    12:12:28.601 AVAST engine scan C:\Users\Wen Yeh
    12:24:58.387 AVAST engine scan C:\ProgramData
    12:30:21.893 Scan finished successfully
    12:33:35.087 Disk 0 MBR has been saved successfully to "C:\Users\Wen Yeh\Desktop\MBR.dat"
    12:33:35.092 The log file has been saved successfully to "C:\Users\Wen Yeh\Desktop\aswMBR.txt"
     
  24. wenkmt

    wenkmt TS Rookie Topic Starter Posts: 34

    Bootkit Remover scan log

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`06a00000

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;

    Press any key to quit...

    There is another log created by Bootkit Remover: bootkit_remover_debug_log

    Thanks Broni for your help!
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...