Inactive Computer Hanging

darricksux · 2010/09/12

[Inactive] Computer Hanging

My laptop hangs frequently nowadays, i suspect that there are trojans or malware in my laptop. It hangs even when its inactive, like when i went for lunch i left it on, when i'm back its hanged. Pls help thanks

DDS (Ver_10-03-17.01) - NTFSx86
Run by bernice at 21:57:29.90 on Sun 12/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.65.1033.18.3062.1617 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: F-Secure Internet Security 2008 8.00 *enabled* (Outdated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bernice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bernice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bernice\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\users\bernice\desktop\darrick\Stuffs\Anti-virus Software\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyServer = proxy.tp.edu.sg:80
uInternet Settings,ProxyOverride = *.tp.edu.sg;*.local;securlogin.arubanetworks.com;<local>
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: GdfrDUEn Class: {a3cf7606-e683-4375-a372-96b75da0aef7} - c:\program files\get styles\enlbrdr.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\bernice\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0 "
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [UUSeeMediaCenter] "c:\program files\common files\uusee\UUSeeMediaCenter.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Make a Screenshot - c:\progra~1\browse~1\iescre~1\IESCRE~1.DLL/202
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {84A11D82-2732-40ed-BF71-80F1FAF3807F} - {6BFA42E6-23F8-4ca7-A4E2-680EFB1F6DAE} - c:\progra~1\browse~1\iescre~1\IESCRE~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hotmail.com
Trusted Zone: tp.edu.sg\epoly
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-sg.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-sg.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://upexe.pplive.com/config/pplite/pluginsetup.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn.nus.edu.sg/dana-cached/sc/JuniperSetupClient.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll,avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-17 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-3 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-10 09:26:01 0 d-----w- c:\program files\AhnLab
2010-09-10 09:25:45 1240 ----a-w- c:\windows\system32\msexcr.ini
2010-09-10 09:06:18 0 d-sh--w- C:\found.002
2010-09-10 08:42:02 0 d-----w- c:\program files\WIZET
2010-09-09 15:39:20 0 d-sh--w- C:\found.001
2010-08-30 15:50:50 0 d-----w- c:\users\bernice\appdata\roaming\PPlive
2010-08-28 18:18:07 0 d-----w- C:\FavoriteVideo
2010-08-28 18:18:01 0 d-----w- c:\programdata\PPLive
2010-08-28 18:18:01 0 d-----w- c:\program files\PPLive
2010-08-28 18:18:00 0 d-----w- c:\program files\common files\PPLiveNetwork

==================== Find3M ====================

2010-09-12 08:59:43 2484 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 12:12:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-28 12:12:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-28 12:12:06 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 06:53:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 06:53:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 06:52:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:18:15 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43:54 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-01-27 13:18:00 174 --sha-w- c:\program files\desktop.ini
2010-01-26 16:38:31 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:00:53.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/3/2008 1:52:58 PM
System Uptime: 9/12/2010 9:33:28 PM (-2111 hours ago)

Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | U2E1 | 1200/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 42.874 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.408 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\7&22F934D4&0&001E459628A0_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\7&22F934D4&0&001E459628A0_C00000001
Service:

==== System Restore Points ===================

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AhnLab Online Security
AHV content for Acrobat and Flash
AIM 6
AIO_Scan
Ask Toolbar
AVG Free 9.0
BrowserTweaks.com - IE Screenshot toolbar button for IE
BufferChm
Business Contact Manager for Outlook 2007 SP2
Cards_Calendar_OrderGift_DoMorePlugout
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink YouCam
DAEMON Tools Toolbar
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Download Accelerator Plus (DAP)
DVD Suite
ESU for Microsoft Vista
eSupportQFolder
F2100
F2100_doccd
F2100_Help
FIFA 10
Garena
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Get Styles
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 9.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart Essential 2.5
HP Product Assistant
HP Quick Launch Buttons 6.30 E1
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HP User Guides 0090
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Junk Mail filter update
LabelPrint
LG PC Suite III
LG USB Modem Drivers
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
MarketResearch
Marvell Miniport Driver
MediaRing Talk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
ooVoo
PDF Settings
Power2Go
PowerDirector
PPLite 1.0.0.0012
PSSWCORE
QuickPlay SlingPlayer 0.4.4
Recuva
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SFV Checker
Skypeâ„¢ 4.1
SmartFix
SOE Web Installer
SolutionCenter
SPSS Statistics 17.0
Status
SUPERAntiSpyware Free Edition
Toolbox
Touch Pad Driver
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
Warcraft III
Warcraft III: All Products
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WOT for Internet Explorer

==== End Of File ===========================

PeteC · 2010/09/12

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/09/12

You're running two AV programs, AVG and F-Secure.
One of them has to go.
If AVG, make sure to use AVG Remover: http://www.avg.com/us-en/download-tools

When done....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

darricksux · 2010/09/13

I would actually want to keep avg as my f-secure has expired. However, I don't think i can find any trace of f-secure when i type it on the Start Search, so what do i do?

broni · 2010/09/13

Nothing. Probably some leftovers. We'll find them later.
Go ahead with scans...

darricksux · 2010/09/14

I will post the MBAM log first.

darricksux · 2010/09/14

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4614

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

15/9/2010 12:43:26 AM
mbam-log-2010-09-15 (00-43-26).txt

Scan type: Quick scan
Objects scanned: 141607
Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Baidu (Adware.Baidu) -> Quarantined

and deleted successfully.

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-4080182440-

4198534725-1042016490-1003\$RCNPHZJ.exe

(Adware.Funshion) -> Quarantined and deleted

successfully.
C:\Users\bernice\AppData\Roaming\logs.dat

(Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (Adware.Funshion) ->

Quarantined and deleted successfully.

darricksux · 2010/09/14

Just to let u know, the GMER scans cant seems to be completed. I've got 2 blue screens while I was scanning, even when i unchecked the device and running on safe mode. I will try to scan again tmr morning and let u know if it worked..

broni · 2010/09/14

Skip GMER for now.

Make sure, you disable "word wrap" in Notepad, because your logs are hard to read.

darricksux · 2010/09/15

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Phoenix
System Manufacturer: Hewlett-Packard
System Product Name: Presario V3700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 169):
0x82A09000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC2000 \SystemRoot\system32\hal.dll
0x8060E000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80676000 \SystemRoot\system32\PSHED.dll
0x80687000 \SystemRoot\system32\BOOTVID.dll
0x8068F000 \SystemRoot\system32\CLFS.SYS
0x806D0000 \SystemRoot\system32\CI.dll
0x8AA08000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA84000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA91000 \SystemRoot\System32\Drivers\spxf.sys
0x8AB92000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8AB9B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x8ABC1000 \SystemRoot\system32\drivers\msisadrv.sys
0x8ABC9000 \SystemRoot\system32\drivers\pci.sys
0x8ABF0000 \SystemRoot\System32\drivers\partmgr.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807F6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AC03000 \SystemRoot\system32\drivers\volmgr.sys
0x8AC12000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AC5C000 \SystemRoot\system32\drivers\intelide.sys
0x8AC63000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AC71000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AC81000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AD48000 \SystemRoot\system32\drivers\atapi.sys
0x8AD50000 \SystemRoot\system32\drivers\ataport.SYS
0x8AD6E000 \SystemRoot\system32\drivers\msahci.sys
0x8AD77000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ADA9000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE71000 \SystemRoot\system32\drivers\ndis.sys
0x8AF7C000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFA7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B005000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B207000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B316000 \SystemRoot\system32\drivers\volsnap.sys
0x8B34F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B357000 \SystemRoot\System32\Drivers\mup.sys
0x8B366000 \SystemRoot\System32\drivers\ecache.sys
0x8B38D000 \SystemRoot\system32\drivers\disk.sys
0x8B39E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3D5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3E0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B3E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B3F8000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8B1D0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B1E0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F406000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FA3D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FADC000 \SystemRoot\System32\drivers\watchdog.sys
0x8FAE9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FAF4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FB32000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB41000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FB53000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FC0B000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8FE33000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FE43000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FE51000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FE6B000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FE7C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FE90000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FEE2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FEE6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FEF9000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FEFE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FF09000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8FF32000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FF3D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FF55000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x8FF60000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FF8E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FFCF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FFDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FFF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FB99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FBBC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FBCB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FBDF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1E9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FFFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADB9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FBF4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90201000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90235000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90246000 \SystemRoot\system32\drivers\CHDRT32.sys
0x90279000 \SystemRoot\system32\drivers\portcls.sys
0x902A6000 \SystemRoot\system32\drivers\drmk.sys
0x902CB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90600000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90703000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x907B8000 \SystemRoot\system32\drivers\modem.sys
0x907C5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x907DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x907DE000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90309000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90312000 \SystemRoot\System32\Drivers\Null.SYS
0x90319000 \SystemRoot\System32\Drivers\Beep.SYS
0x90320000 \SystemRoot\System32\drivers\vga.sys
0x9032C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9034D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90355000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9035D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90368000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90376000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9037F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90395000 \SystemRoot\System32\Drivers\avgtdix.sys
0x90A0A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90A3C000 \SystemRoot\system32\DRIVERS\smb.sys
0x90A50000 \SystemRoot\system32\drivers\afd.sys
0x90A98000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90AAE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90ABC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90ACF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x90AF4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90AFA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90B36000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B40000 \SystemRoot\System32\Drivers\dfsc.sys
0x90B57000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x90B5D000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90B91000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x90B9D000 \SystemRoot\System32\Drivers\bthport.sys
0x90BD7000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90BE8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x903CF000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90BF2000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9120F000 \SystemRoot\system32\drivers\btwavdt.sys
0x91276000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x91282000 \SystemRoot\system32\drivers\btwaudio.sys
0x91302000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9130D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9131A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9A230000 \SystemRoot\System32\win32k.sys
0x913E1000 \SystemRoot\System32\drivers\Dxapi.sys
0x913EB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A450000 \SystemRoot\System32\TSDDD.dll
0x9A470000 \SystemRoot\System32\cdd.dll
0x9A480000 \SystemRoot\System32\ATMFD.DLL
0x8B109000 \SystemRoot\system32\drivers\luafv.sys
0xADA0C000 \SystemRoot\system32\drivers\spsys.sys
0xADABB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADACB000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADAF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADAFF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADB12000 \SystemRoot\system32\drivers\HTTP.sys
0xADB7F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADB9C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADBB5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADBCA000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B124000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B143000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8B17C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8B194000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAEA01000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEA67000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAEA6B000 \SystemRoot\system32\drivers\peauth.sys
0xAEB49000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAEB53000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAEB5F000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAEB67000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAEB7F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAEB88000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77940000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
556 C:\Windows\System32\smss.exe
628 csrss.exe
672 csrss.exe
680 C:\Windows\System32\wininit.exe
692 C:\Program Files\AVG\AVG9\avgchsvx.exe
720 C:\Program Files\AVG\AVG9\avgrsx.exe
752 C:\Windows\System32\services.exe
796 C:\Windows\System32\lsass.exe
808 C:\Program Files\AVG\AVG9\avgcsrvx.exe
820 C:\Windows\System32\lsm.exe
852 C:\Windows\System32\winlogon.exe
1272 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\audiodg.exe
1624 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\SLsvc.exe
1688 C:\Windows\System32\svchost.exe
1884 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\spoolsv.exe
464 C:\Windows\System32\svchost.exe
1224 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1396 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1512 C:\Program Files\Bonjour\mDNSResponder.exe
1104 C:\Windows\System32\svchost.exe
1908 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
2152 C:\Windows\System32\svchost.exe
2224 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2320 C:\Program Files\Common Files\Motive\McciCMService.exe
2344 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2372 C:\Windows\System32\svchost.exe
2408 C:\Windows\System32\svchost.exe
2420 C:\Windows\System32\svchost.exe
2464 C:\Program Files\AVG\AVG9\avgnsx.exe
2592 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2616 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2688 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2744 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2808 C:\Windows\System32\svchost.exe
2844 C:\Windows\System32\svchost.exe
2916 C:\Windows\System32\SearchIndexer.exe
2964 C:\Windows\System32\drivers\XAudio.exe
3012 C:\Program Files\AVG\AVG9\avgemc.exe
3060 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3192 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3928 C:\Windows\System32\dwm.exe
3976 C:\Windows\System32\taskeng.exe
4020 C:\Windows\System32\taskeng.exe
4048 C:\Windows\explorer.exe
3296 C:\Program Files\Apoint2K\Apoint.exe
3348 C:\Program Files\HP\QuickPlay\QPService.exe
124 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3424 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3652 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3740 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3872 C:\Windows\System32\hkcmd.exe
4056 C:\Program Files\AVG\AVG9\avgtray.exe
2300 C:\Program Files\Windows Sidebar\sidebar.exe
1080 C:\Windows\ehome\ehtray.exe
2656 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1780 C:\Program Files\DAP\DAP.exe
1660 C:\Program Files\Windows Media Player\wmpnscfg.exe
3084 C:\Windows\ehome\ehmsas.exe
2880 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2244 WmiPrvSE.exe
2652 C:\Program Files\Windows Media Player\wmpnetwk.exe
2384 C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
1972 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4592 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4832 C:\Program Files\Apoint2K\ApMsgFwd.exe
5096 C:\Program Files\Apoint2K\ApntEx.exe
5104 C:\Windows\System32\igfxsrvc.exe
4904 C:\Windows\System32\wuauclt.exe
340 C:\Windows\System32\taskeng.exe
4244 C:\Windows\System32\SearchProtocolHost.exe
1684 C:\Windows\System32\SearchFilterHost.exe
3912 dllhost.exe
4752 dllhost.exe
4040 C:\Users\bernice\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`b880a400 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

darricksux · 2010/09/15

Done, do you want me to try the GMER scans again?

broni · 2010/09/15

No.

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

darricksux · 2010/09/17

I'm sorry, I really don't understand on how to set the CD-Rom as first boot device (How do I even get to the BIOS screen?). And you mentioned reboot, does it mean restart computer or like reformat the computer (Do I need to have back-ups for my important files?)

broni · 2010/09/17

How do I even get to the BIOS screen?
Click to expand...

Did you click on a link, I posted?
Also, your boot order may be just fine. Try to boot from the CD and see, if it'll.

reboot = restart

darricksux · 2010/09/18

Yes, it mentioned "check the boot-screen for setup key" which I don't understand. I'm sorry, I really need step by step instruction on this..

broni · 2010/09/18

As I said, you don't have to worry about it now.
Try to boot from created CD and see, if it does boot.
If not, then we'll worry about changing boot order.

darricksux · 2010/09/18

I'm sorry, I relly amateur in this kinda stuff.. What does boot mean? So I just insert the cd and it will run by itself or do I have to press anything?

broni · 2010/09/18

Insert the CD and restart computer.
Re-read my reply #12 starting with this line:

Insert the newly created CD into your infected PC and reboot (restart) your computer.
Click to expand...

darricksux · 2010/09/20

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Phoenix
System Manufacturer: Hewlett-Packard
System Product Name: Presario V3700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 169):
0x82A33000 \SystemRoot\system32\ntkrnlpa.exe
0x82A00000 \SystemRoot\system32\hal.dll
0x80601000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80669000 \SystemRoot\system32\PSHED.dll
0x8067A000 \SystemRoot\system32\BOOTVID.dll
0x80682000 \SystemRoot\system32\CLFS.SYS
0x806C3000 \SystemRoot\system32\CI.dll
0x8AA04000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA8D000 \SystemRoot\System32\Drivers\sphu.sys
0x8AB8E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8AB97000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807A3000 \SystemRoot\system32\drivers\acpi.sys
0x8ABBD000 \SystemRoot\system32\drivers\msisadrv.sys
0x8ABC5000 \SystemRoot\system32\drivers\pci.sys
0x8ABEC000 \SystemRoot\System32\drivers\partmgr.sys
0x8ABFB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807E9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AC04000 \SystemRoot\system32\drivers\volmgr.sys
0x8AC13000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AC5D000 \SystemRoot\system32\drivers\intelide.sys
0x8AC64000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AC72000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AC82000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AD49000 \SystemRoot\system32\drivers\atapi.sys
0x8AD51000 \SystemRoot\system32\drivers\ataport.SYS
0x8AD6F000 \SystemRoot\system32\drivers\msahci.sys
0x8AD78000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ADAA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AE03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE74000 \SystemRoot\system32\drivers\ndis.sys
0x8AF7F000 \SystemRoot\system32\drivers\msrpc.sys
0x8AFAA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B002000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B20F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B31E000 \SystemRoot\system32\drivers\volsnap.sys
0x8B357000 \SystemRoot\System32\Drivers\spldr.sys
0x8B35F000 \SystemRoot\System32\Drivers\mup.sys
0x8B36E000 \SystemRoot\System32\drivers\ecache.sys
0x8B395000 \SystemRoot\system32\drivers\disk.sys
0x8B3A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3C7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3DD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B3E8000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B3F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B200000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8B1CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B202000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B1DD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F605000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FC3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FCDB000 \SystemRoot\System32\drivers\watchdog.sys
0x8FCE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FCF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FD31000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FD40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FD52000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FE01000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90029000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90039000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90047000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90061000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90072000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90086000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x900D8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x900DC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x900EF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x900F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x900FF000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90128000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90133000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9014B000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x90156000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90184000 \SystemRoot\system32\DRIVERS\storport.sys
0x901C5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x901D0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x901E7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FD98000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDBB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FDCA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FDDE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B1E6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x901F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADBA000 \SystemRoot\system32\DRIVERS\ks.sys
0x901F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FDF3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1F6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9060B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9063F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90650000 \SystemRoot\system32\drivers\CHDRT32.sys
0x90683000 \SystemRoot\system32\drivers\portcls.sys
0x906B0000 \SystemRoot\system32\drivers\drmk.sys
0x906D5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90805000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90908000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x909BD000 \SystemRoot\system32\drivers\modem.sys
0x909CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x909D3000 \SystemRoot\System32\Drivers\Null.SYS
0x909DA000 \SystemRoot\System32\Drivers\Beep.SYS
0x909E1000 \SystemRoot\System32\drivers\vga.sys
0x90713000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x909ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x909F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90734000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9073F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9074D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90756000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9076C000 \SystemRoot\System32\Drivers\avgtdix.sys
0x907A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x907D8000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E04000 \SystemRoot\system32\drivers\afd.sys
0x90E4C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90E62000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90E70000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E83000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x90EA8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90EAE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90EEA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90EF4000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F0B000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x90F11000 \SystemRoot\System32\Drivers\avgldx86.sys
0x90F45000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F5C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F5E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90F7F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90F88000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90F90000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x90F9C000 \SystemRoot\System32\Drivers\bthport.sys
0x90FD6000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90FE7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8AFE4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90FF1000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9180A000 \SystemRoot\system32\drivers\btwavdt.sys
0x91871000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x9187D000 \SystemRoot\system32\drivers\btwaudio.sys
0x918FD000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x91900000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9190D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9A450000 \SystemRoot\System32\win32k.sys
0x919D4000 \SystemRoot\System32\drivers\Dxapi.sys
0x919DE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A670000 \SystemRoot\System32\TSDDD.dll
0x9A690000 \SystemRoot\System32\cdd.dll
0x9A6A0000 \SystemRoot\System32\ATMFD.DLL
0x8B106000 \SystemRoot\system32\drivers\luafv.sys
0xADC0D000 \SystemRoot\system32\drivers\spsys.sys
0xADCBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADCCC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADCF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADD00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADD13000 \SystemRoot\system32\drivers\HTTP.sys
0xADD80000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADD9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADDB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADDCB000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B121000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B140000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8B179000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8B191000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE80E000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE874000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE878000 \SystemRoot\system32\drivers\peauth.sys
0xAE956000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE960000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE96C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE974000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x774B0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
624 csrss.exe
668 C:\Windows\System32\wininit.exe
680 csrss.exe
688 C:\Program Files\AVG\AVG9\avgchsvx.exe
716 C:\Windows\System32\winlogon.exe
744 C:\Program Files\AVG\AVG9\avgrsx.exe
800 C:\Program Files\AVG\AVG9\avgcsrvx.exe
828 C:\Windows\System32\services.exe
848 C:\Windows\System32\lsass.exe
856 C:\Windows\System32\lsm.exe
1252 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\audiodg.exe
1608 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\SLsvc.exe
1652 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\svchost.exe
360 C:\Windows\System32\spoolsv.exe
388 C:\Windows\System32\svchost.exe
1496 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1564 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1832 C:\Program Files\Bonjour\mDNSResponder.exe
1920 C:\Windows\System32\svchost.exe
896 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
2172 C:\Windows\System32\svchost.exe
2196 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2332 C:\Program Files\Common Files\Motive\McciCMService.exe
2352 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2376 C:\Windows\System32\svchost.exe
2420 C:\Windows\System32\svchost.exe
2440 C:\Windows\System32\svchost.exe
2468 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2504 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2568 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2592 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2624 C:\Windows\System32\svchost.exe
2684 C:\Windows\System32\svchost.exe
2812 C:\Windows\System32\SearchIndexer.exe
2932 C:\Program Files\AVG\AVG9\avgnsx.exe
3076 C:\Windows\System32\drivers\XAudio.exe
3092 C:\Program Files\AVG\AVG9\avgemc.exe
3208 C:\Windows\System32\taskeng.exe
3224 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3324 C:\Windows\System32\taskeng.exe
3400 C:\Windows\System32\dwm.exe
3484 C:\Windows\explorer.exe
3872 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3960 C:\Program Files\Apoint2K\Apoint.exe
4016 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4056 C:\Program Files\HP\QuickPlay\QPService.exe
4068 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4080 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3016 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3440 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3148 C:\Windows\System32\hkcmd.exe
3804 C:\Program Files\AVG\AVG9\avgtray.exe
3860 C:\Windows\ehome\ehtray.exe
1780 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1760 C:\Windows\ehome\ehmsas.exe
3380 C:\Program Files\DAP\DAP.exe
1828 C:\Program Files\Windows Media Player\wmpnscfg.exe
3720 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3060 WmiPrvSE.exe
4008 C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
3696 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4628 C:\Windows\System32\igfxsrvc.exe
5160 C:\Program Files\Apoint2K\ApMsgFwd.exe
5388 C:\Program Files\Apoint2K\ApntEx.exe
5856 C:\Program Files\Internet Explorer\ielowutil.exe
5944 C:\Windows\System32\wuauclt.exe
2844 dllhost.exe
4196 dllhost.exe
4660 C:\Users\bernice\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`b880a400 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/09/20

Look good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive Computer Hanging

darricksux Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Computer Hanging

darricksux Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

darricksux Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches