TechSpot

Windows Vista Recovery Virus Logs Included Please Help

By gell10
May 26, 2011
  1. Hi,

    First thank you for your help. I am currently trying to remove the Windows Vista Recovery Virus/Malware. I have followed the steps 7 step viruses/spyware/malware preliminary removal instructions. I have ran Malwarebytes and have removed 6 corrupted files. I ran GMER and DDS. I still cannot view any icons in my start menu but the windows vista recovery window and the constant hard drive fail errors no longer appear. Please let me know what I can do to get rid of this monster. Thank you for your help!

    Malwarebytes anti malware log:
    ------------------------------------------------

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6686

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19048

    5/26/2011 11:05:17 AM
    mbam-log-2011-05-26 (11-05-17).txt

    Scan type: Quick scan
    Objects scanned: 194562
    Time elapsed: 17 minute(s), 42 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> 3520 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiMjvSkpKyOa (Trojan.FakeAlert) -> Value: yiMjvSkpKyOa -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\programdata\34070264.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    c:\Users\Loretta\AppData\Local\Temp\Low\tmp4003.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.






    ******************************************
    GMER Log
    ******************************************

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-26 12:07:39
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000004f ST336032 rev.3.CH
    Running: w6z0ke6c.exe; Driver: C:\Users\Loretta\AppData\Local\Temp\fwliafow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\drivers\kqjux.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D209340, 0x3500C7, 0xE8000020]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----



    *******************************
    DDS.txt
    *******************************


    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048
    Run by Loretta at 12:08:55 on 2011-05-26
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.665 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Loretta\Desktop\dds.scr
    C:\Windows\system32\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://my.yahoo.com/
    mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\users\loretta\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: c:\windows\system32\wpclsp.dll
    Trusted Zone: turbotax.com
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab
    DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://69.109.88.238:85/bl_camera.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://expresspay.webex.com/client/T26L/training/ieatgpc1.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-4-12 77004]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-19 29584]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-19 243152]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c99b7427268e28;Google Update Service (gupdate1c99b7427268e28);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-05-26 16:53:54 -------- d--h--w- c:\users\loretta\appdata\roaming\Malwarebytes
    2011-05-26 16:53:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-26 16:53:32 -------- d--h--w- c:\programdata\Malwarebytes
    2011-05-26 16:53:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-26 16:53:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-25 00:50:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ad9ce0-cad5-4509-abe2-5eb494bbafc7}\mpengine.dll
    2011-05-24 22:17:29 738182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-05-20 17:03:56 -------- d--h--w- c:\windows\system32\Logs
    2011-05-12 10:01:26 -------- d--h--w- C:\38ac5c000b2bf71db2
    2011-05-11 19:08:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-04-27 00:47:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-27 00:47:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    .
    ==================== Find3M ====================
    .
    2011-05-05 16:12:41 243152 ---ha-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    .
    ============= FINISH: 12:09:34.51 ===============


    **********************************
    Attach.txt from DDS
    **********************************

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/12/2008 10:18:42 AM
    System Uptime: 5/26/2011 11:06:35 AM (1 hours ago)
    .
    Motherboard: ECS | | Nettle2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2400/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 326 GiB total, 268.457 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.196 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Connect Add-in
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Reader 9.4.4
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Audible Download Manager
    Avery Wizard 3.1
    AVG Free 9.0
    Bing Bar
    Bing Rewards Client Installer
    BnPrintManagerSetup
    Bonjour
    Britannia Version 5
    Brother Extensions for Paperport
    Definition update for Microsoft Office 2010 (KB982726)
    deskPDF 2.5 Standard Edition
    Docudesk GPL Ghostscript 8.15
    DYMO Label Software
    DYMO LabelWriter Drivers
    DYMO Stamps
    Enhanced Multimedia Keyboard Solution
    Evolution Remote
    Evolution Remote Help
    Glary Utilities 2.30.0.1066
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Customer Experience Enhancements
    HP Customer Feedback
    hp deskjet 3600
    HP Easy Setup - Frontend
    HP Memories Disc
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photo and Imaging 2.0 - Deskjet Series
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Picasso Media Center Add-In
    hp print screen utility
    HP Total Care Advisor
    HP Update
    HPAsset component for HP Active Support Library
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) SE Runtime Environment 6 Update 1
    LightScribe 1.8.15.1
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2010
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft UI Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Works
    MobileMe Control Panel
    Money Coach
    Move Networks Media Player for Internet Explorer
    MozyHome
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.0
    My HP Games
    Netflix Movie Viewer
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    PaperPort 8.0 SE
    ParetoLogic Privacy Controls
    PSSWCORE
    Python 2.5
    Quicken 2006
    Quicken Legal Business Pro 2009
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody
    Rhapsody Player Engine
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Excel 2010 (KB2466146)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Shipping Assistant 3.6
    Snapfish Picture Mover
    Soft Data Fax Modem with SmartCP
    Spelling Dictionaries Support For Adobe Reader 9
    TurboTax 2008 wcasbpm
    TurboTax 2008 WinBizFedFormset
    TurboTax 2008 WinBizProgramHelp
    TurboTax 2008 WinBizReleaseEngine
    TurboTax 2008 WinBizTaxSupport
    TurboTax 2008 WinBizUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009 wcasbpm
    TurboTax 2009 WinBizFedFormset
    TurboTax 2009 WinBizReleaseEngine
    TurboTax 2009 WinBizTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2010 wcasbpm
    TurboTax 2010 WinBizFedFormset
    TurboTax 2010 WinBizReleaseEngine
    TurboTax 2010 WinBizTaxSupport
    TurboTax 2010 wrapper
    TurboTax Business 2007
    TurboTax Business 2008
    TurboTax Business 2009
    TurboTax Business 2010
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    VideoToolkit01
    WeatherBug Gadget
    WebEx
    Windows Live ID Sign-in Assistant
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Mail Advisor
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    ZTERM 2000
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/26/2011 10:20:37 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
    5/25/2011 5:16:06 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 3600 series (LIDIL) with shared resource name hp deskjet 3600 series (LIDIL). Error 2114. The printer cannot be used by others on the network.
    5/25/2011 4:28:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
    5/24/2011 4:37:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    5/24/2011 3:12:10 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
    5/20/2011 10:03:36 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document ARNet Document, owned by Loretta, failed to print on printer FaxPrinter. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 92324. Total number of pages in the document: 1. Number of pages printed: 2. Client computer: \\LORETTA-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
    5/20/2011 10:02:15 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/19/2011 12:03:10 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    5/19/2011 12:03:10 AM, Error: Ntfs [137] - The default transaction resource manager on volume HP encountered a non-retryable error and could not start. The data contains the error code.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Download and run UnHide
    Let me know, if it worked.

    When done...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. gell10

    gell10 TS Rookie Topic Starter

    Hey Broni! Thank you for helping me out :)

    I ran unhide.exe before I received your message. It is a computer I only have access to during the day. However, before that but after I posted the logs I noticed that my current virus protection AVN wasn't working properly. I uninstalled it and installed Antivir with computer restarts inbetween. I ran the virus scan over the system, and it detected 5 files but quarantined 2. I can post the logs tomorrow. After that I ran unhide.exe once with antivir on and once with it disabled and it did make the files visible on my desktop and in explorer. Everything is visible except for the start menu's left panel when it is clicked it is completely white but the program folders are visible. However switching to the classic taskbar menu shows the menu in it's entirety.

    I will try the steps you mentioned tomorrow but if you get this before then could you tell me if I should run unhide.exe again before I try the other program? Thanks again.
     
  4. gell10

    gell10 TS Rookie Topic Starter

    Hi I ran the program that you told me to and the interface was very different. I ran scan and it said SYSCALL state - ok at the bottom but I was unable to to save the log. File -> Save Report is disabled and so was Action -> Copy File disabled. What should I do? Thanks.


    -Greg
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go ahead with RKUnhooker.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...