MH Lindsey
Posts: 195 +0
Hi, many thanks in advance for you help with this one. This computer was dumped on my mom as a gift because it was so messed up that they couldn't use it. Its an HP Intel T2400, 1.83GH, 987MH, 1.99GB Ram running XP 2002, SP2. My Dad when to town it this with Malwarebytes, downloaded Norton & ran that, then took Norton off, because phone support wanted him to pay more money for more support. He ran MB a few more times and thought it was clean. I've taken it to be sure: Here are the logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by john at 16:30:47 on 2014-07-04
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1570 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\john\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{282AB533-0203-49E5-8CDE-4ACDA940DB75} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-7-4 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-7-4 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-7-4 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-7-4 414392]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-7-4 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-4 50344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-4 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-4 860472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-4 23256]
.
=============== Created Last 30 ================
.
2014-07-04 23:45:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-04 23:45:07 43152 ----a-w- c:\windows\avastSS.scr
2014-07-04 23:34:48 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 23:34:48 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 23:34:48 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-04 23:23:39 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-04 23:23:21 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-04 23:23:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-04 23:23:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-04 23:23:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-07-04 23:12:58 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-04 23:12:29 -------- d-----w- c:\program files\AVAST Software
2014-07-04 23:10:20 -------- d-----w- c:\documents and settings\john\application data\MSNInstaller
2014-07-04 23:10:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-07-04 23:06:30 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2014-07-04 23:03:52 -------- d-----w- c:\documents and settings\john\local settings\application data\Mozilla
2014-07-04 23:02:45 -------- d-----w- c:\windows\jumpshot.com
2014-07-04 23:02:30 -------- d-----w- c:\documents and settings\john\application data\AVAST Software
2014-07-04 23:02:24 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-07-04 23:02:24 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2014-07-04 22:16:36 -------- d-----w- c:\program files\NetWaiting
2014-07-04 22:16:25 110592 ------w- c:\windows\system32\SmartAudio.cpl
2014-06-26 23:53:05 -------- d-----w- c:\program files\iYogi Support Dock
2014-06-26 23:27:49 -------- d-----w- c:\documents and settings\all users\application data\SmartPCScan
2014-06-23 23:02:46 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Harddisk0\DR0[0x89E12AB8]
3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\00000080[0x89DE29E0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Ide\IAAStorageDevice-0[0x89DD1030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 16:31:17.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2014 2:23:49 PM
System Uptime: 7/4/2014 4:01:35 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1316/mhz
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1316/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 71.906 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 0.971 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 424.938 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/7/2014 2:23:55 PM - System Checkpoint
RP2: 5/7/2014 2:23:24 PM - Installed Vongo
RP3: 5/7/2014 2:32:33 PM - Norton Antivirus post configuration restore point
RP4: 6/23/2014 3:42:58 PM - System Checkpoint
RP5: 6/23/2014 3:42:28 PM - System Checkpoint
RP6: 6/23/2014 3:26:06 PM - System Checkpoint
RP7: 6/23/2014 4:02:40 PM - Removed Vongo
RP8: 6/26/2014 4:43:44 PM - System Checkpoint
RP9: 6/26/2014 4:24:42 PM - System Checkpoint
RP10: 6/26/2014 5:07:23 PM - Configured Customer Experience Enhancement
RP11: 6/26/2014 5:07:46 PM - Configured easy Internet sign-up
RP12: 6/26/2014 4:14:01 PM - Removed muvee autoProducer 4.5
RP13: 6/26/2014 4:15:07 PM - Installed NetWaiting
RP14: 6/26/2014 4:15:24 PM - Installed NetWaiting
RP15: 6/26/2014 4:17:05 PM - Removed SmartAudio
RP16: 6/26/2014 4:17:23 PM - Removed Sonic Audio Module
RP17: 6/26/2014 4:17:35 PM - Removed Sonic Copy Module
RP18: 6/26/2014 4:17:47 PM - Removed Sonic Data Module
RP19: 6/26/2014 4:18:02 PM - Removed Sonic Express Labeler
RP20: 6/26/2014 4:18:40 PM - Removed Sonic MyDVD Plus
RP21: 6/26/2014 4:19:03 PM - Removed Sonic Update Manager
RP22: 6/26/2014 4:19:13 PM - Removed SonicAC3Encoder
RP23: 6/26/2014 4:19:22 PM - Removed SonicMPEGEncoder
RP24: 7/4/2014 3:16:22 PM - Installed SmartAudio
RP25: 7/4/2014 3:16:39 PM - Installed NetWaiting
RP26: 7/4/2014 4:12:29 PM - avast! Free Antivirus Setup
RP27: 7/4/2014 4:36:51 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
.
Adobe Reader 6.0.1
avast! Free Antivirus
BufferChm
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
FullDPAppQFolder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP QuickPlay 2.1
HP Rhapsody
HP Software Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.74.1
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
NetWaiting
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Quicken 2006
RandMap
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SkinsHP1
SmartAudio
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
7/4/2014 4:10:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.10 for the Network Card with network address 0013025C053F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/4/2014 4:03:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
7/4/2014 4:02:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde ViaIde
7/4/2014 4:02:08 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/4/2014 4:01:42 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
.
==== End Of File ===========================
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/4/2014
Scan Time: 4:03:55 PM
Logfile: 2014-0704-1mbam-log.txt
Administrator: No
Version: 2.00.2.1012
Malware Database: v2014.07.06.08
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: john
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355033
Time Elapsed: 14 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2333270519-2351239788-1557963414-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[da765f3d770470c6cba9bfd2966e1ae6]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by john at 16:30:47 on 2014-07-04
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1570 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\docume~1\john\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{282AB533-0203-49E5-8CDE-4ACDA940DB75} : DhcpNameServer = 192.168.2.1 192.168.2.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-7-4 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-7-4 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-7-4 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-7-4 414392]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-7-4 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-4 50344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-4 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-4 860472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-7-4 23256]
.
=============== Created Last 30 ================
.
2014-07-04 23:45:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-04 23:45:07 43152 ----a-w- c:\windows\avastSS.scr
2014-07-04 23:34:48 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 23:34:48 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 23:34:48 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-04 23:23:39 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-04 23:23:21 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-04 23:23:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-04 23:23:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-04 23:23:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-07-04 23:12:58 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-07-04 23:12:29 -------- d-----w- c:\program files\AVAST Software
2014-07-04 23:10:20 -------- d-----w- c:\documents and settings\john\application data\MSNInstaller
2014-07-04 23:10:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-07-04 23:06:30 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2014-07-04 23:03:52 -------- d-----w- c:\documents and settings\john\local settings\application data\Mozilla
2014-07-04 23:02:45 -------- d-----w- c:\windows\jumpshot.com
2014-07-04 23:02:30 -------- d-----w- c:\documents and settings\john\application data\AVAST Software
2014-07-04 23:02:24 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-07-04 23:02:24 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2014-07-04 22:16:36 -------- d-----w- c:\program files\NetWaiting
2014-07-04 22:16:25 110592 ------w- c:\windows\system32\SmartAudio.cpl
2014-06-26 23:53:05 -------- d-----w- c:\program files\iYogi Support Dock
2014-06-26 23:27:49 -------- d-----w- c:\documents and settings\all users\application data\SmartPCScan
2014-06-23 23:02:46 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Harddisk0\DR0[0x89E12AB8]
3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\00000080[0x89DE29E0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Ide\IAAStorageDevice-0[0x89DD1030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 16:31:17.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2014 2:23:49 PM
System Uptime: 7/4/2014 4:01:35 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1316/mhz
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1316/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 97 GiB total, 71.906 GiB free.
D: is FIXED (FAT32) - 14 GiB total, 0.971 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 424.938 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 5/7/2014 2:23:55 PM - System Checkpoint
RP2: 5/7/2014 2:23:24 PM - Installed Vongo
RP3: 5/7/2014 2:32:33 PM - Norton Antivirus post configuration restore point
RP4: 6/23/2014 3:42:58 PM - System Checkpoint
RP5: 6/23/2014 3:42:28 PM - System Checkpoint
RP6: 6/23/2014 3:26:06 PM - System Checkpoint
RP7: 6/23/2014 4:02:40 PM - Removed Vongo
RP8: 6/26/2014 4:43:44 PM - System Checkpoint
RP9: 6/26/2014 4:24:42 PM - System Checkpoint
RP10: 6/26/2014 5:07:23 PM - Configured Customer Experience Enhancement
RP11: 6/26/2014 5:07:46 PM - Configured easy Internet sign-up
RP12: 6/26/2014 4:14:01 PM - Removed muvee autoProducer 4.5
RP13: 6/26/2014 4:15:07 PM - Installed NetWaiting
RP14: 6/26/2014 4:15:24 PM - Installed NetWaiting
RP15: 6/26/2014 4:17:05 PM - Removed SmartAudio
RP16: 6/26/2014 4:17:23 PM - Removed Sonic Audio Module
RP17: 6/26/2014 4:17:35 PM - Removed Sonic Copy Module
RP18: 6/26/2014 4:17:47 PM - Removed Sonic Data Module
RP19: 6/26/2014 4:18:02 PM - Removed Sonic Express Labeler
RP20: 6/26/2014 4:18:40 PM - Removed Sonic MyDVD Plus
RP21: 6/26/2014 4:19:03 PM - Removed Sonic Update Manager
RP22: 6/26/2014 4:19:13 PM - Removed SonicAC3Encoder
RP23: 6/26/2014 4:19:22 PM - Removed SonicMPEGEncoder
RP24: 7/4/2014 3:16:22 PM - Installed SmartAudio
RP25: 7/4/2014 3:16:39 PM - Installed NetWaiting
RP26: 7/4/2014 4:12:29 PM - avast! Free Antivirus Setup
RP27: 7/4/2014 4:36:51 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
.
Adobe Reader 6.0.1
avast! Free Antivirus
BufferChm
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
FullDPAppQFolder
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915326)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP QuickPlay 2.1
HP Rhapsody
HP Software Update
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 E1
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.74.1
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
NetWaiting
Office 2003 Trial Assistant
OptionalContentQFolder
PhotoGallery
Quicken 2006
RandMap
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SkinsHP1
SmartAudio
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TourSetup
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Wireless Home Network Setup
.
==== Event Viewer Messages From Past Week ========
.
7/4/2014 4:10:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.10 for the Network Card with network address 0013025C053F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/4/2014 4:03:18 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
7/4/2014 4:02:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde ViaIde
7/4/2014 4:02:08 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/4/2014 4:01:42 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
.
==== End Of File ===========================
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/4/2014
Scan Time: 4:03:55 PM
Logfile: 2014-0704-1mbam-log.txt
Administrator: No
Version: 2.00.2.1012
Malware Database: v2014.07.06.08
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: john
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355033
Time Elapsed: 14 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2333270519-2351239788-1557963414-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[da765f3d770470c6cba9bfd2966e1ae6]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)