Hi all,
I'm not sure if I have something nasty on my daughters laptop but it had become unworkable for her. I unistalled all the programs I knew she didn't need, followed by - Disk Clean up / ccleaner / msconfig to remove some start-up programs (All microsoft services are enabled) / Defrag'd and finally ran Malwarebytes.
My problem is when trying to run 'Windows Update', it takes a very long time to launch. When I click on updates it tells me it cannot due to 'service is not running. You may need to restart your computer'. Which of course I have done without any further success. Interestingly on the same page it says 'Find out more about free software from (null). Click here for details. I'm sure 'null' should say 'Microsoft'.
Also on startup Windows can't find - 2 files 'Mags license web.oj913' & 'mapi less less.ghrjxid'. I can't find any reference to them on the web.
Finally, I followed your '5 steps' and on running the final DDS it did not initailly complete and I got the blue screen of death followed by a restart. I ran it again and it worked the 2nd time. I would kindly ask if someone can help me with this challenge or is this terminal and require a reinstall. My daughter can not find any of her original installation disks.
PSB for all logs. I thank you in advance for any help.
dalewoody
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.20.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19154
Megan :: MEGAN-PC [administrator]
20/05/2012 13:03:10
mbam-log-2012-05-20 (13-03-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196744
Time elapsed: 6 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-20 18:45:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK2555GSX rev.FG002C
Running: rg1gny2z.exe; Driver: C:\Users\Megan\AppData\Local\Temp\agloypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8DFC4086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8DFC4BE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8DFC4DDC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8DFC85B2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8DFC85E4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8DFC8746]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9F3E6004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9F3E60D4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8DFC4CFC]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9F3E5D76]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8DFC43F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8DFC4522]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8DFC86BC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8DFC8626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8DFC8658]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8DFC868A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8DFC402C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8DFC4E82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8DFC854A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8DFC3FC6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9F3E5E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9F3E5EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9F3E5F56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8D7C6640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 191 82AF6914 4 Bytes [86, 40, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AF695C 4 Bytes [E4, 4B, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82AF6A54 8 Bytes [DC, 4D, FC, 8D, B2, 85, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 82AF6A64 4 Bytes [E4, 85, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 381 82AF6B04 4 Bytes [46, 87, FC, 8D]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00444990 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] USER32.dll!InSendMessageEx + 3B1 76DAE6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71A60022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AA000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71AD0022
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----
Library C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (*** hidden *** ) @ C:\Program Files\AVG Secure Search\vprot.exe [1544] 0x6F130000
---- Files - GMER 1.0.15 ----
File C:\Users\Megan\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Megan at 19:41:43 on 2012-05-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1790.1081 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sound Clips for Messenger\SoundClips.exe
C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\twain_32\Dell\DELL1133\Scan2Pc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [way math bike enc] "c:\programdata\Mags license web.oj9l3"
uRun: [SpamKind] "c:\programdata\mapi less less.ghrjxid"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundClips] c:\program files\sound clips for messenger\SoundClips.exe
mRun: [KMCONFIG] c:\program files\silvercrest nm1005 driver\StartAutorun.exe KMConfig.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [1133 Scan2PC] "c:\windows\twain_32\dell\dell1133\Scan2Pc.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{99EFDAB9-8E39-429E-9FC4-86AD3CC0F8F7} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-5-19 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\silvercrest nm1005 driver\KMWDSrv.exe [2008-5-30 208896]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-10-28 5120]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-20 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 257696]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-20 16:22:08 -------- d-----w- c:\users\megan\appdata\roaming\OpenOffice.org
2012-05-20 11:57:57 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-20 08:56:13 -------- d-----w- c:\users\megan\appdata\local\AVG Secure Search
2012-05-20 08:55:47 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-20 08:55:39 -------- d-----w- c:\program files\AVG Secure Search
2012-05-20 01:02:39 -------- d-----w- c:\users\megan\appdata\roaming\OpenCandy
2012-05-19 20:00:38 -------- d-----w- c:\users\megan\appdata\roaming\Malwarebytes
2012-05-19 20:00:15 -------- d-----w- c:\programdata\Malwarebytes
2012-05-19 20:00:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-19 20:00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-19 19:47:00 -------- d-----w- c:\windows\pss
2012-05-19 19:29:47 -------- d-----w- c:\users\megan\appdata\local\ElevatedDiagnostics
2012-05-19 19:19:13 -------- d-----w- c:\program files\CCleaner
2012-05-19 18:44:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-19 17:36:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 17:36:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-05-19 18:44:16 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 19:43:06.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 19/03/2009 17:23:08
System Uptime: 20/05/2012 19:35:13 (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Sempron(tm) SI-42 | Socket A | 1050/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 156.718 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.751 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9
Adobe Shockwave Player
Atheros Driver Installation Program
AVG 2012
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Dell 1133 Laser MFP
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Doc Viewer
HP User Guides 0118
HPAsset component for HP Active Support Library
HPNetworkAssistant
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 6 Update 7
LabelPrint
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
PVSonyDll
Rapport
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Silvercrest NM1005 driver
SmarThru 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
20/05/2012 19:37:26, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/05/2012 19:37:26, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
20/05/2012 19:36:11, Error: EventLog [6008] - The previous system shutdown at 19:32:13 on 20/05/2012 was unexpected.
20/05/2012 12:24:07, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2012 12:24:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
20/05/2012 11:19:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Recovery Service for Windows service to connect.
20/05/2012 11:19:39, Error: Service Control Manager [7000] - The Recovery Service for Windows service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2012 10:29:45, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1OnlyUpdate (Update) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaPlusUpdate (Update) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-Package-Package-en-us-MiniLP (Feature Pack) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982861 (Update) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Internet Explorer_en-US (Language Pack) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package 982861 (Update) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaSP1OnlyUpdate(Update) into Resolving(Resolving) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaPlusUpdate(Update) into Resolving(Resolving) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package Internet Explorer_en-US(Language Pack) into Resolving(Resolving) state
19/05/2012 19:19:01, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
19/05/2012 16:19:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/05/2012 16:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/05/2012 16:19:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/05/2012 16:19:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/05/2012 16:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
19/05/2012 16:16:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 16:15:32, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
19/05/2012 16:15:08, Error: EventLog [6008] - The previous system shutdown at 16:05:19 on 19/05/2012 was unexpected.
19/05/2012 15:54:19, Error: EventLog [6008] - The previous system shutdown at 15:55:21 on 28/12/2011 was unexpected.
.
==== End Of File ===========================
I'm not sure if I have something nasty on my daughters laptop but it had become unworkable for her. I unistalled all the programs I knew she didn't need, followed by - Disk Clean up / ccleaner / msconfig to remove some start-up programs (All microsoft services are enabled) / Defrag'd and finally ran Malwarebytes.
My problem is when trying to run 'Windows Update', it takes a very long time to launch. When I click on updates it tells me it cannot due to 'service is not running. You may need to restart your computer'. Which of course I have done without any further success. Interestingly on the same page it says 'Find out more about free software from (null). Click here for details. I'm sure 'null' should say 'Microsoft'.
Also on startup Windows can't find - 2 files 'Mags license web.oj913' & 'mapi less less.ghrjxid'. I can't find any reference to them on the web.
Finally, I followed your '5 steps' and on running the final DDS it did not initailly complete and I got the blue screen of death followed by a restart. I ran it again and it worked the 2nd time. I would kindly ask if someone can help me with this challenge or is this terminal and require a reinstall. My daughter can not find any of her original installation disks.
PSB for all logs. I thank you in advance for any help.
dalewoody
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.20.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19154
Megan :: MEGAN-PC [administrator]
20/05/2012 13:03:10
mbam-log-2012-05-20 (13-03-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196744
Time elapsed: 6 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-20 18:45:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK2555GSX rev.FG002C
Running: rg1gny2z.exe; Driver: C:\Users\Megan\AppData\Local\Temp\agloypow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8DFC4086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8DFC4BE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8DFC4DDC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8DFC85B2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8DFC85E4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8DFC8746]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9F3E6004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9F3E60D4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8DFC4CFC]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9F3E5D76]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8DFC43F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8DFC4522]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8DFC86BC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8DFC8626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8DFC8658]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8DFC868A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8DFC402C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8DFC4E82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8DFC854A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8DFC3FC6]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9F3E5E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9F3E5EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9F3E5F56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8D7C6640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 191 82AF6914 4 Bytes [86, 40, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AF695C 4 Bytes [E4, 4B, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 2D1 82AF6A54 8 Bytes [DC, 4D, FC, 8D, B2, 85, FC, ...]
.text ntkrnlpa.exe!KeSetEvent + 2E1 82AF6A64 4 Bytes [E4, 85, FC, 8D]
.text ntkrnlpa.exe!KeSetEvent + 381 82AF6B04 4 Bytes [46, 87, FC, 8D]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00444990 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] USER32.dll!InSendMessageEx + 3B1 76DAE6B0 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71A60022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AA000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71AD0022
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----
Library C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (*** hidden *** ) @ C:\Program Files\AVG Secure Search\vprot.exe [1544] 0x6F130000
---- Files - GMER 1.0.15 ----
File C:\Users\Megan\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Megan at 19:41:43 on 2012-05-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1790.1081 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sound Clips for Messenger\SoundClips.exe
C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\twain_32\Dell\DELL1133\Scan2Pc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [way math bike enc] "c:\programdata\Mags license web.oj9l3"
uRun: [SpamKind] "c:\programdata\mapi less less.ghrjxid"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundClips] c:\program files\sound clips for messenger\SoundClips.exe
mRun: [KMCONFIG] c:\program files\silvercrest nm1005 driver\StartAutorun.exe KMConfig.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [1133 Scan2PC] "c:\windows\twain_32\dell\dell1133\Scan2Pc.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{99EFDAB9-8E39-429E-9FC4-86AD3CC0F8F7} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-5-19 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\silvercrest nm1005 driver\KMWDSrv.exe [2008-5-30 208896]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-10-28 5120]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-20 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 257696]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-20 16:22:08 -------- d-----w- c:\users\megan\appdata\roaming\OpenOffice.org
2012-05-20 11:57:57 -------- d-----w- c:\program files\OpenOffice.org 3
2012-05-20 08:56:13 -------- d-----w- c:\users\megan\appdata\local\AVG Secure Search
2012-05-20 08:55:47 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-20 08:55:39 -------- d-----w- c:\program files\AVG Secure Search
2012-05-20 01:02:39 -------- d-----w- c:\users\megan\appdata\roaming\OpenCandy
2012-05-19 20:00:38 -------- d-----w- c:\users\megan\appdata\roaming\Malwarebytes
2012-05-19 20:00:15 -------- d-----w- c:\programdata\Malwarebytes
2012-05-19 20:00:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-19 20:00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-19 19:47:00 -------- d-----w- c:\windows\pss
2012-05-19 19:29:47 -------- d-----w- c:\users\megan\appdata\local\ElevatedDiagnostics
2012-05-19 19:19:13 -------- d-----w- c:\program files\CCleaner
2012-05-19 18:44:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-19 17:36:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 17:36:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-05-19 18:44:16 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 19:43:06.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 19/03/2009 17:23:08
System Uptime: 20/05/2012 19:35:13 (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Sempron(tm) SI-42 | Socket A | 1050/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 156.718 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.751 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9
Adobe Shockwave Player
Atheros Driver Installation Program
AVG 2012
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Dell 1133 Laser MFP
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Doc Viewer
HP User Guides 0118
HPAsset component for HP Active Support Library
HPNetworkAssistant
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 6 Update 7
LabelPrint
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4
PVSonyDll
Rapport
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Silvercrest NM1005 driver
SmarThru 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
20/05/2012 19:37:26, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/05/2012 19:37:26, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
20/05/2012 19:36:11, Error: EventLog [6008] - The previous system shutdown at 19:32:13 on 20/05/2012 was unexpected.
20/05/2012 12:24:07, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2012 12:24:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
20/05/2012 11:19:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Recovery Service for Windows service to connect.
20/05/2012 11:19:39, Error: Service Control Manager [7000] - The Recovery Service for Windows service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/05/2012 10:29:45, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1OnlyUpdate (Update) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaPlusUpdate (Update) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-Package-Package-en-us-MiniLP (Feature Pack) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982861 (Update) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Internet Explorer_en-US (Language Pack) into Resolving(Resolving) state
20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package 982861 (Update) into Resolved Invalid(Resolved Invalid) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaSP1OnlyUpdate(Update) into Resolving(Resolving) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaPlusUpdate(Update) into Resolving(Resolving) state
20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package Internet Explorer_en-US(Language Pack) into Resolving(Resolving) state
19/05/2012 19:19:01, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
19/05/2012 16:19:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/05/2012 16:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/05/2012 16:19:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/05/2012 16:19:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/05/2012 16:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
19/05/2012 16:16:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
19/05/2012 16:15:32, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
19/05/2012 16:15:08, Error: EventLog [6008] - The previous system shutdown at 16:05:19 on 19/05/2012 was unexpected.
19/05/2012 15:54:19, Error: EventLog [6008] - The previous system shutdown at 15:55:21 on 28/12/2011 was unexpected.
.
==== End Of File ===========================