Possible virus?

By Zachareye · 48 replies
Sep 12, 2010
  1. Symptoms:
    1) Firefox and Google Crome are not loading paiges that the once had (e.g. veetle.com) despite trying to update the website plugin and even java plugin.
    2) Google Crome will open random tabs when trying to open a link (not related to anything), sometimes will redirect me from sites like pandora saying the site can be a virus and harmful (when not even at the computer)
    3) Malwarebytes Anti-Malware and SuperAntispyware will not update adjusting firewall settings to allow access and even disabling Norton.
    4) Media Center for the internet tv will give me to box to check to agree, then I click the install button and nothing happens

    What I have tried:
    1) Scan with Norton 2010
    2) Scan with Avast Free
    3) Scan with Malwarebytes Anti-Malware (not up-to date)
    4) Scan with SuperAntiSpyware (not up-to date)
    All of which have not fixed the problems described.

    I have attached HJT Log

    I am running Windows 7 Home Premium 64bit OS

    Please let me know you suggestions?

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 54,258   +383

  3. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    Wow, guess it's been a while since I have had any problem, will do.

    Thank you
  4. Broni

    Broni Malware Annihilator Posts: 54,258   +383

  5. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    Okay, so step 1 done. step 2 done. step 3 would not update (even with firewall disabled) and when i ran the scan anyway it ended up crashing my system and reboot. step 4 skiped because i have windows 7 64 bit. step 5 is attached.

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:

    %systemroot%\*. /mp /s
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %PROGRAMFILES%\Common Files\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %USERPROFILE%\Favorites\*.url /x
    %ALLUSERSPROFILE%\*.dat /x
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %systemroot%\pchealth\helpctr\System\*.exe /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    Part 1 the MBRCheck:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: AY747AA-ABA p6310y
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 223):
    0x0305E000 \SystemRoot\system32\ntoskrnl.exe
    0x03015000 \SystemRoot\system32\hal.dll
    0x00BB1000 \SystemRoot\system32\kdcom.dll
    0x00CBF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CCC000 \SystemRoot\system32\PSHED.dll
    0x00CE0000 \SystemRoot\system32\CLFS.SYS
    0x00D3E000 \SystemRoot\system32\CI.dll
    0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E83000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00EDA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00EE3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00EED000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F20000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F2D000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x0107E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x010E0000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010EB000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01137000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0114B000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS
    0x011B9000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS
    0x01227000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013CA000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01447000 \SystemRoot\System32\Drivers\cng.sys
    0x014BA000 \SystemRoot\System32\drivers\pcw.sys
    0x014CB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014D5000 \SystemRoot\system32\drivers\ndis.sys
    0x016A6000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01706000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x01731000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01AAB000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x01B5B000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01BA7000 \SystemRoot\System32\Drivers\Tpkd.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\tdrpman.sys
    0x01A94000 \SystemRoot\System32\Drivers\spldr.sys
    0x0177B000 \SystemRoot\system32\DRIVERS\snapman.sys
    0x017B6000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01BCA000 \SystemRoot\System32\Drivers\mup.sys
    0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BE5000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0163A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x015C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02EA5000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS
    0x02F2B000 \SystemRoot\system32\drivers\NISx64\1107000.00C\Ironx64.SYS
    0x02F52000 \SystemRoot\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS
    0x04008000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100912.005\EX64.SYS
    0x041C2000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x02F66000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100912.005\ENG64.SYS
    0x02F86000 \SystemRoot\system32\DRIVERS\CLBStor.sys
    0x02F90000 \SystemRoot\System32\Drivers\Null.SYS
    0x041F8000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02F99000 \SystemRoot\System32\drivers\vga.sys
    0x02FA7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02FCC000 \SystemRoot\System32\drivers\watchdog.sys
    0x02FDC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02FE5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02FEE000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02E00000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02E0B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02E1C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02E3A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02E47000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x04284000 \SystemRoot\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS
    0x042FA000 \SystemRoot\system32\drivers\afd.sys
    0x04384000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x0438E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x043D3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04200000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04226000 \SystemRoot\system32\DRIVERS\jswpslwfx.sys
    0x04233000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x04249000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04258000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x043DC000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x043F0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x04273000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x0442D000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0447E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0448A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x04495000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100909.001\IDSvia64.sys
    0x0450B000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x04516000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x0458C000 \SystemRoot\System32\drivers\discache.sys
    0x0459B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04620000 \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys
    0x046BC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x046CD000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
    0x047B8000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x045B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x047DB000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x047F0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x04600000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04CA1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04CF7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04D08000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x05083000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x05155000 \SystemRoot\system32\drivers\portcls.sys
    0x05192000 \SystemRoot\system32\drivers\drmk.sys
    0x051B4000 \SystemRoot\system32\drivers\ks.sys
    0x05000000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x0503B000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x05043000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05049000 \SystemRoot\System32\Drivers\AnyDVD.sys
    0x0506B000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
    0x04D46000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04D53000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x04DA5000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x058EF000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x0545C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05550000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05596000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x055BA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x055C3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x055D3000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
    0x055DF000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x055E7000 \SystemRoot\system32\drivers\modem.sys
    0x05400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05416000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0543A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05F32000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x05F61000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x05F7C000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x05F9D000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05446000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x055F6000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x05FB7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05FC6000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05FD5000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x05800000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x055FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0582F000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x05841000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05853000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x058AD000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x058C2000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x04C00000 \SystemRoot\system32\drivers\hap16v2k.sys
    0x06A2A000 \SystemRoot\system32\drivers\ha10kx2k.sys
    0x04C42000 \SystemRoot\system32\drivers\emupia2k.sys
    0x02E57000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x06CC5000 \SystemRoot\system32\drivers\ctac32k.sys
    0x06D73000 \SystemRoot\System32\drivers\COMMONFX.SYS
    0x06C00000 \SystemRoot\System32\drivers\CTSBLFX.SYS
    0x06E52000 \SystemRoot\System32\drivers\CTAUDFX.SYS
    0x06F02000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x06F10000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x06F1A000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x06F59000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x06F6C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06F89000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x06F8B000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x06F9C000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x06FA8000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x06FB8000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x06FE0000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x06E1B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x06E36000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x06CAB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x06E44000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x06FEA000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06FF6000 \SystemRoot\SYSTEM32\DRIVERS\MBX2DFU.sys
    0x02018000 \SystemRoot\system32\drivers\dalwdm.sys
    0x0219B000 \SystemRoot\system32\drivers\mbx2midk.sys
    0x021A2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x021B0000 \SystemRoot\system32\drivers\usbaudio.sys
    0x021CB000 \SystemRoot\system32\DRIVERS\usbcir.sys
    0x02A86000 \SystemRoot\system32\DRIVERS\WN111v2w7x.sys
    0x02B90000 \SystemRoot\System32\drivers\vwifibus.sys
    0x02B9D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x02BAB000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02BB8000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x00820000 \SystemRoot\System32\ATMFD.DLL
    0x02BC9000 \SystemRoot\system32\drivers\luafv.sys
    0x02A00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x02A3A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x02A43000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0x02A5A000 \SystemRoot\system32\drivers\WudfPf.sys
    0x03C9C000 \SystemRoot\System32\Drivers\CLBUDF.SYS
    0x03D06000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x03D23000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x03D77000 \SystemRoot\system32\DRIVERS\diginet.sys
    0x03D7F000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03D94000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x03DE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03C18000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x0747B000 \SystemRoot\system32\drivers\HTTP.sys
    0x07543000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07561000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07579000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x075A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07AA9000 \SystemRoot\system32\drivers\peauth.sys
    0x07B4F000 \SystemRoot\system32\drivers\regi.sys
    0x07B57000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07B62000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07B8F000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07BA1000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
    0x07BCC000 \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    0x07A00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08647000 \SystemRoot\System32\DRIVERS\srv.sys
    0x086DD000 \SystemRoot\System32\drivers\ipnat.sys
    0x0870C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x087AE000 \SystemRoot\System32\Drivers\PCASp50a64.sys
    0x77890000 \Windows\System32\ntdll.dll
    0x48240000 \Windows\System32\smss.exe
    0xFFBB0000 \Windows\System32\apisetschema.dll
    0xFF610000 \Windows\System32\autochk.exe
    0xFFAC0000 \Windows\System32\oleaut32.dll
    0xFFA70000 \Windows\System32\Wldap32.dll
    0xFECE0000 \Windows\System32\shell32.dll
    0xFEB00000 \Windows\System32\setupapi.dll
    0xFE9F0000 \Windows\System32\msctf.dll
    0x77770000 \Windows\System32\kernel32.dll
    0x77A60000 \Windows\System32\psapi.dll

    Processes (total 107):
    0 System Idle Process
    4 System
    480 C:\Windows\System32\smss.exe
    632 csrss.exe
    852 C:\Windows\System32\wininit.exe
    888 csrss.exe
    920 C:\Windows\System32\services.exe
    948 C:\Windows\System32\lsass.exe
    956 C:\Windows\System32\lsm.exe
    592 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\nvvsvc.exe
    1076 C:\Windows\System32\winlogon.exe
    1124 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\atiesrxx.exe
    1292 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\svchost.exe
    1452 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1488 C:\Windows\System32\svchost.exe
    1664 C:\Windows\System32\atieclxx.exe
    1704 C:\Windows\System32\svchost.exe
    1872 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1912 C:\Windows\System32\spoolsv.exe
    1628 C:\Windows\System32\svchost.exe
    2064 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2088 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2108 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    2136 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2160 C:\Windows\SysWOW64\CTSVCCDA.EXE
    2216 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    2256 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    2300 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2336 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    2364 C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    2396 C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe
    2496 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    2536 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2752 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    2780 C:\Windows\System32\svchost.exe
    2864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3012 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    1852 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3132 C:\Program Files (x86)\Ziggy TV Toolbar\ZiggyTVSvc.exe
    3164 C:\ProgramData\ZwankySearch\zwankysearch149.exe
    3628 C:\Windows\System32\taskhost.exe
    3644 C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe
    3724 C:\Windows\System32\dwm.exe
    3808 C:\Windows\explorer.exe
    4016 C:\Windows\System32\SearchIndexer.exe
    4040 C:\Windows\System32\alg.exe
    3592 WUDFHost.exe
    4160 C:\Windows\System32\svchost.exe
    4320 C:\Windows\System32\svchost.exe
    4424 C:\Program Files (x86)\ZwankySearch\zwankysearch.exe
    4912 C:\Windows\System32\taskeng.exe
    4956 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    5960 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    5988 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    5996 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    6028 C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
    6100 C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    1048 C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
    5136 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    5248 C:\Windows\System32\svchost.exe
    5276 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    5460 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5592 C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    5604 C:\Windows\System32\conhost.exe
    2976 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    184 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    4952 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    876 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    4056 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    6052 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    5980 C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
    4876 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
    2392 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    4452 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3816 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    1132 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    3364 dllhost.exe
    5368 C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    2660 C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    3452 C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    5736 C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    5672 C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    1896 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3256 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2148 C:\Program Files (x86)\Dealio Toolbar\SearchSettings.exe
    5320 C:\Windows\SysWOW64\CtHelper.exe
    6224 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    6360 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    6412 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    6420 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    6556 C:\Program Files\iPod\bin\iPodService.exe
    7128 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3532 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
    3708 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
    4868 C:\Windows\System32\svchost.exe
    3076 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    6952 C:\Users\Zachareye\AppData\Local\Google\Chrome\Application\chrome.exe
    4388 C:\Windows\System32\SearchProtocolHost.exe
    6216 C:\Windows\System32\SearchFilterHost.exe
    4800 C:\Users\Zachareye\Desktop\MBRCheck.exe
    4316 C:\Windows\System32\conhost.exe
    5952 C:\Windows\System32\dllhost.exe
    5432 C:\Windows\System32\notepad.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`2f900000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)

    PhysicalDrive0 Model Number: WDC WD10EADS-65M2BX, Rev: 01.0
    PhysicalDrive1 Model Number: ST31000528AS, Rev: CC38

    Size Device Name MBR Status
    931 GB \\.\PhysicalDrive0 RE: Unknown MBR code
    SHA1: 27DD67BECBE46EB36CE4A3845152BD78B42F7052
    931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  8. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    And the second step crashed and rebooted my system twice
  9. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Not the best choice, but try to run OTL from Safe Mode.
  10. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    OTL results in Safemode w/out customer scan, because I couldn't get online to copy and past, but i will boot again in safemode and save the customer scan on my notepad so I can run again too: Text was too long so i have attached it

    Attached Files:

    • OTL.Txt
      File size:
      151.2 KB
  11. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    So for some reason I have been unable to f8 into safemode but I am given the option after the system crashes, so I ran the OTL scan again with the custom information included with the intention of crashing my system, this time I decided to disable my virus/firewall protection and it ran without crashing (might be useful for other having similar problems).

    Attached Files:

  12. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    I can see two AV programs running, Avast and Norton.
    One of them has to go.
    If Norton, make sure to use Norton Removal Tool: http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
    If Norton goes, make sure to turn Windows firewall ON.


    Uninstall Ask.com, known adware.


    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      PRC - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () -- C:\ProgramData\ZwankySearch\zwankysearch149.exe
      PRC - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () -- C:\Program Files (x86)\ZwankySearch\zwankysearch.exe
      MOD - [2010/09/08 19:41:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\ZwankySearch\zwankysearch.dll
      SRV - [2010/09/08 19:40:30 | 000,057,616 | ---- | M] () [Auto | Running] -- C:\ProgramData\ZwankySearch\zwankysearch149.exe -- (ZwankySearch Service)
      [2010/09/08 21:49:06 | 000,000,000 | ---D | M] (ZwankySearch) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{5F321A53-3F65-45F2-9903-587E3CA15404}
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKCU..\Run: [RemoteControl] File not found
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =,
      O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
      [2 C:\Users\Zachareye\*.tmp files -> C:\Users\Zachareye\*.tmp -> ]
      [2010/03/13 13:30:28 | 000,000,088 | RHS- | C] () -- C:\ProgramData\464B05520D.sys
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\hells choirs the song movie_0001.wmv:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\billing_315664045_4b63051fe9445.txt:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\015.JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\007 (2).JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\006 (2).JPG:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Users\Zachareye\Documents\004.JPG:Roxio EMC Stream
      @Alternate Data Stream - 1161 bytes -> C:\Users\Zachareye\AppData\Local\Temp:XO3mxP5FCFJ7Hb7Gti27k
      @Alternate Data Stream - 1146 bytes -> C:\ProgramData\Microsoft:gpGsYheuPiHZzNpBhxrFcB
      @Alternate Data Stream - 1111 bytes -> C:\Users\Zachareye\AppData\Local\Temp:uJ3rYPnJDKxkets5e6tPD1iRPU
      @Alternate Data Stream - 1110 bytes -> C:\Users\Zachareye\AppData\Local\Temp:71bKPnAsXDylFi1I2iW0x6k9
      @Alternate Data Stream - 1079 bytes -> C:\ProgramData\Microsoft:uGPTw8s383GO1QncBySMV6UuyReE2
      @Alternate Data Stream - 1014 bytes -> C:\Users\Zachareye\AppData\Local\BmMRwwWJgvC:oz0qeERBVTxx15Uurziwc
      C:\Program Files (x86)\ZwankySearch
      ipconfig /flushdns /c
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  13. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    All done and both logs are attached

    Attached Files:

  14. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:
      [2010/09/12 10:15:15 | 000,002,555 | ---- | M] () -- C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\searchplugins\askcom.xml
      O2 - BHO: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  15. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    Here are two of the three attachments, with the Kaspersky online scanner I ran into problems with all three browsers, crome tells me I don't meet the requirements, IE and Firefox tell me the following:

    Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

    Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Connection to updates source cannot be established]

    I have disable Norton and tried several attempts with no other windows open at all, so I am not sure what to do from here.

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Instead of Kaspersky...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:


    make sure, you have both boxes UN-checked AND (important!) click on Decline button
  17. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    I can't get to the ESET page, I even tried google'ing it and still nothing, i can get to the ESET.eu page, and other countries too but not the .com page.
  18. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
  19. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    QuickScan Beta 32-bit v0.9.9.38
    Scan date: Wed Sep 15 00:07:28 2010
    Machine ID: 3475EF13

    No infection found.

    hpwuSchd Application 4572 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    Acronis True Image 4784 C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    Adobe Reader and Acrobat Manager 5200 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    AnyDVD 4352 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    Apple Mobile Device Service 2012 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    Bonjour 2032 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    CloneCD 4636 C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
    Creative Audio Service 1408 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    Creative MediaSource 2 Remote Control S 4268 C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
    Creative MediaSource Detector 4320 C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    Creative Service for CDROM Access 1300 C:\Windows\SysWOW64\CTSVCCDA.EXE
    CtHelper Application 5440 C:\Windows\SysWOW64\CtHelper.exe
    cyberlink brs 4896 C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    CyberLink MediaLibray Service 4992 C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    CyberLink MediaLibray Service 5688 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    Digidesign MME Binder 1520 C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    DivX Update 5588 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    Firefox 5184 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    HP Advisor 3832 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    HP Remote Solution 4556 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    hpsysdrv Application 4448 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    iTunes 5580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    Java(TM) Platform SE Auto Updater 2 0 5364 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    LG Firmware Autoupdate 4668 C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    LightScribe 4360 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    LightScribe 2136 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    Metadata monitor 4340 C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
    Microsoft Search Enhancement Pack 2368 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    Microsoft SQL Server 2196 C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    Microsoft® Visual Studio .NET 2160 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    Network Connect 1648 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    PictureMover Application 4548 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PowerDVD RC Service 4880 C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    PowerDVD RC Service 5052 C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    RichVideo Module 2300 C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    Seagate DiscWizard 4756 C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    Seagate Scheduler Helper 3780 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    Symantec Security Technologies 2220 C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe
    Symantec Security Technologies 3268 C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe
    Virtual CloneDrive 4628 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    WN111V2 4488 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
    Yahoo! AutoUpdater 2696 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    Network activity
    Process firefox.exe (5184) connected on port 80 (HTTP) -->
    Process firefox.exe (5184) connected on port 443 (HTTP over SSL) -->

    Autoruns and critical files
    hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    Acronis True Image C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
    Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    AnyDVD C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    ATI Customer Care C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
    Carbonite Setup Lite C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
    Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    CloneCD C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
    Creative MediaSource 2 Remote Control S C:\Program Files (x86)\Creative\MediaSource\RemoteControl\RcMan.exe
    Creative MediaSource Detector C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
    Creative Product Registration C:\Windows\CTRegRun.EXE
    CtHelper Application C:\Windows\system32\CTHELPER.EXE
    cyberlink brs C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    CyberLink MediaLibray Service C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    Digidesign MME Binder C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    Google Update C:\Users\Zachareye\AppData\Local\Google\Update\GoogleUpdate.exe
    Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
    HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    HP Digital Imaging C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    HP Remote Solution C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    InstantBurn C:\Program Files (x86)\Cyberlink\InstantBurn\Win2K\IBurn.exe
    iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    LG Firmware Autoupdate C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    LightScribe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    Metadata monitor C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
    Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE
    Microsoft® Windows® Operating System C:\Windows\system32\REGSVR32.EXE
    Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    MUI StartMenu Application C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
    MUI StartMenu Application C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    MUI StartMenu Application C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    Norton Online Backup C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    PictureMover Application C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PowerDVD Language Application C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe
    PowerDVD Language Application C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
    PowerDVD RC Service C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    PowerDVD RC Service C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
    Seagate DiscWizard C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    Standalone Scanner Components C:\Program Files (x86)\Norton Security Scan\Engine\\Nss.exe
    Virtual CloneDrive C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    WN111V2 C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe

    Browser plugins
    npMailUtil Dynamic Link Library C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
    AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
    Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
    Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    AOL Media Playback Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
    BitDefender QuickScan C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    BitDefender QuickScan C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    Conduit Toolbar c:\program files (x86)\vuze_remote\tbvuz1.dll
    Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    downloadUpdater C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    downloadUpdater2 C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    Engine.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll
    HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
    HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    Java Deployment Toolkit C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    Java(TM) Platform SE 6 U21 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    Java(TM) Platform SE 6 U21 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    JuniperExt.exe C:\Windows\Downloaded Program Files\JuniperExt.exe
    JuniperSetupClientATL ActiveX Control M C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx
    libcurl.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
    libexpatw.dll C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
    Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
    Microsoft® Visual Studio .NET C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
    Microsoft® Visual Studio .NET C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
    Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
    Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
    Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
    Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
    Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
    Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    MSN® Toolbar c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll
    Norton Confidential c:\program files (x86)\norton internet security\engine\\coieplg.dll
    npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    NPWebSLLauncher.dll C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    QuickTime Plug-in 7.6.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    RealPlayer Version Plugin C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
    RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
    Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
    Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\\ipsbho.dll
    The OpenSSL Toolkit C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
    The OpenSSL Toolkit C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
    TVU Web Player for FireFox C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    TVU Web Player for FireFox C:\Windows\system32\TVUAx\npTVUAx.dll
    Veetle Broadcaster Plugin C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    Veetle TV Core C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    Veetle TV Player C:\Program Files (x86)\Veetle\Player\npvlc.dll
    VLC Multimedia Plug-in C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    Windows Live Toolbar c:\program files (x86)\windows live\toolbar\wltcore.dll
    Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
    Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
    Yahoo! Single Instance for Mail c:\program files (x86)\yahoo!\companion\installs\cpn1\ytsingleinstance.dll
    Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
    zlib C:\Users\Zachareye\AppData\Roaming\Mozilla\Firefox\Profiles\z474j2fa.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll

    Missing files
    File not found: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"ISUSPM"

    File not found: C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe
    --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"UpdatePSTShortCut"
    --> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"UpdatePSTShortCut"

    File not found: C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe
    --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"jswtrayutil"
    --> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"jswtrayutil"

    File not found: C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
    --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"DW6"

    File not found: disabled
    --> HLKM\Software\MozillaPlugins\@microsoft.com/GENUINE\"Path"


    No file uploaded.

    Scan finished - communication took 2 sec
    Total traffic - 0.07 MB sent, 1.40 KB recvd
    Scanned 1028 files and modules - 51 seconds

  20. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  21. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    Still having problems:
    Windows Update will not run and hasn't since 8/19 (error: Code 80072EE2) witch says the server may be busy but I have made several attempts over the past few days at different times of day and end up with the same result.

    Malwarebyte still will not update neither will Superantispyware

    Crome still opens tabs when clicking links, switched to Firefox and it will open a new window when clicking on links and the tab/window doesn't always pop up but it is never related to anything I am doing. To give you an example on Techspot I click on My Posts, the page directs me to my posts but a new tab/window opens up most recent looking for the following address (http://dc1e.3vg58t1.com/ct?version=...ile injury attorney,backfill_conducive/l=COND) then give an "Oops could not find". I tried to get another example but it is not 100% of the time that it does this so that's the only one so far.
  22. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    I just re-read the topic and I can see I missed the fact that your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  23. Zachareye

    Zachareye TS Rookie Topic Starter Posts: 47

    It tells me there is a problem loading the page when i click on the link, i have tried just going to noahdfear.net and same thing, even tried googling it with the same thing, so i am led to believe that there truly is a problem loading that site, i will try again tomorrow.
  24. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    The site seems to be down.
    Hold on for a moment, I'll provide my own copy.
  25. Broni

    Broni Malware Annihilator Posts: 54,258   +383

    Get it from HERE
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...