Inactive Data Execution Prevention closing IE, AVG, etc.

NYRhock · 2011/04/02

[Inactive] Data Execution Prevention closing IE, AVG, etc.

I just picked up this problem yesterday, and has been becoming extremely troublesome. My Internet Explorer (IE9) will not open up. I keep getting blocked by the data execution prevention. I have researched online and can't correct the issue. I tried disabling the add-ons; resetting IE protocols; adding IE to data execution; disabling data execution (in the command line), and probably other things I can't think now. I have AVG (which will scan, but cannot open the interface), Spybot, and Malwarebytes. AVG and Spybot didn't report anything, but Malwarebytes is indicating a trojan downloader (mscjm.exe) in c:\users\rick\appdata\roaming\msa\mscjm.exe (which was found in the HKEY_CURRENT_USER registry.) I would delete this and then reboot, but the file keeps returning. When I tried going through the Microsoft website, I was able to use IE to get around the web, but if I started it up through scratch, I would still get the error message. I'm currently using Firefox to get on the web, but I'm not a fan of this web browser. Thanks for any help that you can provide.

broni · 2011/04/02

Welcome aboard

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

NYRhock · 2011/04/02

Um....

I don't know what happened, but after running the TFC, I was able to use IE without shutdown. Plus I was able to get into the AVG Interface. Thanks for your help, I guess.

broni · 2011/04/02

If I were you, I'd post all required logs for me to check them out.

NYRhock · 2011/04/09

DEP blocking prgrams

A week ago, I orignally indicated that DEP was blocking IE, AVG and certain programs. After running TFC, I was able to access both IE and AVG. However, over this past week, I have been experiencing more programs that have been blocked due to DEP. I have tried to allow these programs access in the advanced system tab, but both option are greyed out. DEP is active in the BIOS section.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 218):
0x83233000 \SystemRoot\system32\ntkrnlpa.exe
0x83200000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spuf.sys
0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x805BA000 \SystemRoot\system32\drivers\fltmgr.sys
0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
0x8440C000 \SystemRoot\system32\drivers\pci.sys
0x84433000 \SystemRoot\system32\drivers\isapnp.sys
0x84442000 \SystemRoot\system32\drivers\mpio.sys
0x8445E000 \SystemRoot\System32\drivers\partmgr.sys
0x8446D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x84470000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8447A000 \SystemRoot\system32\drivers\volmgr.sys
0x84489000 \SystemRoot\System32\drivers\volmgrx.sys
0x844D3000 \SystemRoot\system32\drivers\intelide.sys
0x844DA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x844E8000 \SystemRoot\system32\drivers\aliide.sys
0x844EF000 \SystemRoot\system32\drivers\amdide.sys
0x844F6000 \SystemRoot\system32\drivers\cmdide.sys
0x844FE000 \SystemRoot\System32\drivers\mountmgr.sys
0x8450E000 \SystemRoot\system32\drivers\msdsm.sys
0x84528000 \SystemRoot\system32\drivers\nvraid.sys
0x84543000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x84564000 \SystemRoot\system32\drivers\pciide.sys
0x8456B000 \SystemRoot\system32\drivers\viaide.sys
0x84600000 \SystemRoot\system32\drivers\iastorv.sys
0x846A1000 \SystemRoot\system32\drivers\atapi.sys
0x846A9000 \SystemRoot\system32\drivers\ataport.SYS
0x846C7000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x846E1000 \SystemRoot\system32\drivers\storport.sys
0x84722000 \SystemRoot\system32\drivers\msahci.sys
0x8472C000 \SystemRoot\system32\drivers\hpcisss.sys
0x84737000 \SystemRoot\system32\drivers\adp94xx.sys
0x847A1000 \SystemRoot\system32\drivers\adpahci.sys
0x84573000 \SystemRoot\system32\drivers\adpu160m.sys
0x8458E000 \SystemRoot\system32\drivers\adpu320.sys
0x845B4000 \SystemRoot\system32\drivers\djsvs.sys
0x845C8000 \SystemRoot\system32\drivers\arc.sys
0x845DE000 \SystemRoot\system32\drivers\arcsas.sys
0x8BC02000 \SystemRoot\system32\drivers\elxstor.sys
0x8BC96000 \SystemRoot\system32\drivers\i2omp.sys
0x8BCA0000 \SystemRoot\system32\drivers\iirsp.sys
0x8BCB0000 \SystemRoot\system32\drivers\iteatapi.sys
0x8BCBC000 \SystemRoot\system32\drivers\iteraid.sys
0x8BCC8000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8BCE2000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8BCFA000 \SystemRoot\system32\drivers\megasas.sys
0x8BD04000 \SystemRoot\system32\drivers\megasr.sys
0x8BDBB000 \SystemRoot\system32\drivers\mraid35x.sys
0x8BDC6000 \SystemRoot\system32\drivers\nfrd960.sys
0x8BDD4000 \SystemRoot\system32\drivers\nvstor.sys
0x8BE03000 \SystemRoot\system32\drivers\ql2300.sys
0x8BF3B000 \SystemRoot\system32\drivers\ql40xx.sys
0x8BF90000 \SystemRoot\system32\drivers\sisraid2.sys
0x8BF9D000 \SystemRoot\system32\drivers\sisraid4.sys
0x8BFB2000 \SystemRoot\system32\drivers\symc8xx.sys
0x8BFBE000 \SystemRoot\system32\drivers\sym_hi.sys
0x8BFC9000 \SystemRoot\system32\drivers\sym_u3.sys
0x8C001000 \SystemRoot\system32\drivers\uliahci.sys
0x8C03D000 \SystemRoot\system32\drivers\ulsata.sys
0x8C05E000 \SystemRoot\system32\drivers\ulsata2.sys
0x8C08A000 \SystemRoot\system32\drivers\vsmraid.sys
0x8C0AB000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C0BB000 \SystemRoot\system32\drivers\PCTCore.sys
0x8C0F4000 \SystemRoot\system32\drivers\TfSysMon.sys
0x8C105000 \SystemRoot\system32\drivers\TfFsMon.sys
0x8C116000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8C120000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C204000 \SystemRoot\system32\drivers\ndis.sys
0x8C30F000 \SystemRoot\system32\drivers\msrpc.sys
0x8C33A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C40E000 \SystemRoot\System32\drivers\tcpip.sys
0x8C4F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C60B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C71B000 \SystemRoot\system32\drivers\wd.sys
0x8C723000 \SystemRoot\system32\drivers\volsnap.sys
0x8C75C000 \SystemRoot\System32\Drivers\spldr.sys
0x8C764000 \SystemRoot\system32\drivers\sbp2port.sys
0x8C779000 \SystemRoot\System32\Drivers\mup.sys
0x8C788000 \SystemRoot\System32\drivers\ecache.sys
0x8C7AF000 \SystemRoot\system32\drivers\disk.sys
0x8C7C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C7C9000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8C7CE000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8C600000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C513000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8C51C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C52B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90000000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9091D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x909BD000 \SystemRoot\System32\drivers\watchdog.sys
0x909C9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C534000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x909D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C572000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C375000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90C0F000 \SystemRoot\system32\DRIVERS\athr.sys
0x90CF3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90D06000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x90D0B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90D16000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90D46000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90D48000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90D53000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90D57000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90D6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90D75000 \SystemRoot\System32\Drivers\a11jo0w7.SYS
0x90DAE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90DDD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90DE8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x90DF0000 \SystemRoot\system32\drivers\modem.sys
0x909E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C397000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C3BA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C3C9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C3DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C7F9000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8C191000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90C0B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C1A1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C3F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C1CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFD4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91001000 \SystemRoot\system32\drivers\CHDRT32.sys
0x9103C000 \SystemRoot\system32\drivers\portcls.sys
0x91069000 \SystemRoot\system32\drivers\drmk.sys
0x9108E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x910CC000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91208000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x912BD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x912E1000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x912ED000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x912F6000 \SystemRoot\System32\Drivers\Null.SYS
0x912FD000 \SystemRoot\System32\Drivers\Beep.SYS
0x9130D000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x91314000 \SystemRoot\System32\drivers\vga.sys
0x91320000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91341000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91349000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91351000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9135C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9136A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91373000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x91384000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x91397000 \SystemRoot\system32\DRIVERS\tdx.sys
0x913AD000 \??\C:\Windows\System32\drivers\pctgntdi.sys
0x911CF000 \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys
0x91602000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x9164A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9167C000 \SystemRoot\system32\DRIVERS\smb.sys
0x91690000 \SystemRoot\system32\drivers\afd.sys
0x916D8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x916E1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x916F7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91705000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91718000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91754000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9175E000 \SystemRoot\System32\Drivers\dfsc.sys
0x91775000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x917B1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x917C8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x917E9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x913E4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x917F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x913F4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x911EC000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99EE0000 \SystemRoot\System32\win32k.sys
0x911F6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C7D7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A100000 \SystemRoot\System32\TSDDD.dll
0x9A120000 \SystemRoot\System32\cdd.dll
0x9A130000 \SystemRoot\System32\ATMFD.DLL
0x8BFE5000 \SystemRoot\system32\drivers\luafv.sys
0xADC09000 \SystemRoot\system32\drivers\spsys.sys
0xADCB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xADCC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xADCF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xADCFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xADD10000 \SystemRoot\system32\drivers\HTTP.sys
0xADD7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xADD9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xADDB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xADDC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8BDE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0602000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB063B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB0653000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB067B000 \SystemRoot\System32\DRIVERS\srv.sys
0xB06E1000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB06EC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB06F0000 \SystemRoot\system32\drivers\peauth.sys
0xB07CE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB07D8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB07E4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB07EC000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB3804000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB382C000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0xB3833000 \??\C:\Windows\System32\drivers\pctplsg.sys
0xB3843000 \SystemRoot\system32\drivers\tdtcp.sys
0xB384E000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xB385A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB388D000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0xB3899000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB38B7000 \??\C:\Users\Rick\AppData\Local\Temp\kwliypoc.sys
0x775A0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 93):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
760 C:\Windows\System32\csrss.exe
820 C:\Windows\System32\wininit.exe
832 C:\Windows\System32\csrss.exe
864 C:\Windows\System32\services.exe
880 C:\Windows\System32\lsass.exe
888 C:\Windows\System32\lsm.exe
940 C:\Windows\System32\winlogon.exe
1096 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\audiodg.exe
1496 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\SLsvc.exe
1556 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
1956 C:\Windows\System32\dwm.exe
1988 C:\Windows\explorer.exe
228 C:\Windows\System32\wlanext.exe
716 C:\Windows\System32\spoolsv.exe
704 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\taskeng.exe
1360 C:\Windows\System32\taskeng.exe
1924 C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
736 C:\Windows\System32\taskeng.exe
2084 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2208 C:\Program Files\AVG\AVG10\avgfws.exe
2228 C:\Program Files\AVG\AVG10\avgwdsvc.exe
2248 C:\Program Files\Bonjour\mDNSResponder.exe
2264 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
2436 C:\Windows\System32\svchost.exe
2472 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2684 C:\Windows\System32\lxducoms.exe
2712 C:\Windows\System32\svchost.exe
2832 C:\Windows\System32\svchost.exe
2844 C:\Windows\System32\svchost.exe
2880 C:\Program Files\SMINST\BLService.exe
2912 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3540 C:\Windows\System32\igfxsrvc.exe
3656 C:\Program Files\Spyware Doctor\pctsAuxs.exe
3688 C:\Program Files\Spyware Doctor\pctsSvc.exe
3740 C:\Windows\System32\svchost.exe
3756 C:\Program Files\Spyware Doctor\pctsTray.exe
3792 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
3836 C:\Windows\System32\svchost.exe
3872 C:\Windows\System32\SearchIndexer.exe
3960 C:\Windows\System32\drivers\XAudio.exe
980 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2772 C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
5828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5872 C:\Program Files\HP\QuickPlay\QPService.exe
3124 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4828 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
4804 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
4696 C:\Program Files\AVG\AVG10\avgtray.exe
4780 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
4788 C:\Program Files\Windows Media Player\wmpnscfg.exe
4520 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4772 C:\Program Files\Windows Media Player\wmpnetwk.exe
4960 C:\Windows\System32\wbem\WmiPrvSE.exe
4456 C:\Windows\System32\hkcmd.exe
4304 C:\Windows\System32\igfxpers.exe
4300 C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
3052 C:\Program Files\iTunes\iTunesHelper.exe
1072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1884 C:\Windows\ehome\ehtray.exe
4608 C:\Windows\ehome\ehmsas.exe
1184 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5156 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4996 C:\Program Files\iPod\bin\iPodService.exe
6036 C:\Windows\System32\svchost.exe
3628 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3520 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3868 C:\Program Files\Spyware Doctor\pctsGui.exe
7532 C:\Program Files\AVG\AVG10\avgcfgex.exe
6560 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
7412 C:\Program Files\AVG\AVG10\avgemcx.exe
6992 C:\Program Files\AVG\AVG10\avgnsx.exe
8140 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
4760 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
636 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5836 C:\Program Files\AVG\AVG10\avgam.exe
2068 C:\Program Files\Internet Explorer\iexplore.exe
7488 C:\Program Files\Internet Explorer\iexplore.exe
3068 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2740 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
6908 <unknown>
6764 <unknown>
6424 C:\Users\Rick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cd200000 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

NYRhock · 2011/04/09

Malwarebytes, DDS Reports

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6247

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/9/2011 6:35:37 AM
mbam-log-2011-04-09 (06-35-37).txt

Scan type: Quick scan
Objects scanned: 167994
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------

DS (Ver_11-03-05.01) - NTFSx86
Run by Rick at 8:15:38.20 on Sat 04/09/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1287 [GMT -7:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rick\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Nightclub City Toolbar Powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [mscjm.exe] c:\users\rick\appdata\roaming\msa\mscjm.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0 "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
mRun: [<NO NAME>]
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe "
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe "
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe "
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxps://www.mnlife.com/LifeSolutionsUpdate/setup.ocx
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/html - {1e763d0c-6910-40ac-b49f-c9827a29ee81} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\FFExternalAlert.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\rick\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\rick\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\rick\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\tpivn49n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\rick\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Castle Age Toolbar: {aac4043a-8832-4abe-9963-35377f30b8e6} - %profile%\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
FF - Ext: Nightclub City Toolbar Powered by Ask.com: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-30 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-30 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-30 59664]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-30 233136]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-9-30 112592]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-30 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-30 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-30 1142224]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-30 63360]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-30 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2010-12-6 94208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2011-04-03 14:18:03 -------- d-----w- c:\program files\Shockwave.com
2011-04-02 23:53:09 -------- d-----w- c:\users\rick\appdata\local\ElevatedDiagnostics
2011-04-02 23:51:01 -------- d-----w- c:\program files\Microsoft ATS
2011-04-02 23:43:32 -------- d-----w- C:\5ff93114ae7cf74bf0a9fb925f8c5153
2011-04-02 23:06:10 -------- d-----w- c:\users\rick\appdata\roaming\QuickScan
2011-04-02 20:49:57 -------- d-----w- c:\program files\DLL Cure
2011-04-02 15:34:23 -------- d-----w- c:\program files\PC HealthPack
2011-03-23 02:42:51 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 02:42:51 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 02:42:51 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 8:21:44.98 ===============

NYRhock · 2011/04/09

Attach report

DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2009 10:42:01 AM
System Uptime: 4/9/2011 6:12:59 AM (2 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 129.019 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
==== System Restore Points ===================
.
RP862: 4/3/2011 8:15:15 PM - Scheduled Checkpoint
RP863: 4/4/2011 9:09:30 AM - Scheduled Checkpoint
RP864: 4/5/2011 10:54:26 AM - Scheduled Checkpoint
RP865: 4/6/2011 12:00:03 AM - Scheduled Checkpoint
RP866: 4/7/2011 7:17:36 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
10 Days Under The Sea
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Acrobat Reader 3.02
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Ask Toolbar
Atheros Driver Installation Program
AVG 2011
AVG PC Tuneup 2011
Big Fish Games: Game Manager
Birth of the Federation
BlackBerry Desktop Software 4.5
Bonjour
Browser Defender 2.0.6.15
BufferChm
Caillou Ready For School
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
D6100_D7100_D7300_Help
D7100
Deep Blue Sea
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diego's Dinosaur Rescue
Digital Photo Navigator 1.5
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Driver Whiz
Escape Whisper Valley
ESU for Microsoft Vista
eSupportQFolder
Freelancer
FrostWire 4.18.6
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe 2.0
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Deskjet & Photosmart Printer Driver Software 8.0.A
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Quick Launch Buttons 6.40 H2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
Lexmark 5600-6600 Series
Lexmark Printable Web
Lexmark Toolbar
Lexmark Tools for Office
LightScribe System Software 1.14.17.1
LucasArts' Star Wars Rebellion
Malwarebytes' Anti-Malware
MarketResearch
Merlin Marketing System 09.3.3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Game Studios Common Redistributables Pack 1
Microsoft IntelliPoint 6.1
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
Midland LifeSolutions
Midnight Mysteries: Salem Witch Trials
Move Media Player
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Mystery Case Files: Madame Fate ®
Mystery Cruise
Mystery Masterpiece: The Moonstone
Mystery P.I. - The Lottery Ticket
Mystery P.I.: The New York Fortune
Mystery P.I.: The Vegas Heist
NetWaiting
NetZero Preloader
Nikon Message Center
Nikon Transfer
Norton Internet Security
OGA Notifier 2.0.0048.0
Power2Go
PowerCinema NE for Everio
PowerDirector
PowerDirector Express
PowerProducer
Pure Vegas Casino
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SF_CDA_ProductContext
SF_CDA_Software
Shockwave
SimCity 4 Deluxe
SolutionCenter
Space Quest Collection(TM)
SplashShopper for BlackBerry
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
Spyware Doctor 7.0
Star Trek Armada II
Star Wars Battlefront II
Star Wars Empire at War
Status
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab for Intel
Tiger Eye - Part I: Curse of the Riddle Box
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Vuze
WebReg
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 6:27:16 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/9/2011 6:17:09 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/9/2011 6:14:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
4/9/2011 6:14:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxduCATSCustConnectService service to connect.
4/9/2011 6:14:48 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/9/2011 6:14:48 AM, Error: Service Control Manager [7000] - The lxduCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/8/2011 9:35:44 PM, Error: EventLog [6008] - The previous system shutdown at 9:33:37 PM on 4/8/2011 was unexpected.
4/8/2011 5:43:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
4/4/2011 8:29:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:26:37 AM on 4/4/2011 was unexpected.
4/3/2011 7:04:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
4/2/2011 7:39:14 PM, Error: EventLog [6008] - The previous system shutdown at 7:37:33 PM on 4/2/2011 was unexpected.
4/2/2011 7:36:57 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: The RPC server is unavailable.
4/2/2011 7:36:54 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/2/2011 7:36:53 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
4/2/2011 7:33:28 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:33:28 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:28:49 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 7:19:31 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
4/2/2011 4:50:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user RICK-LAPTOP\Rick SID (S-1-5-21-614917396-159115435-229139963-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/2/2011 4:36:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
4/2/2011 4:36:13 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/2/2011 4:21:52 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy pctgntdi PSched RasAcd rdbss Smb spldr sptd tdx Wanarpv6 ws2ifsl
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 4:21:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/2/2011 4:20:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/2/2011 4:20:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/2/2011 4:20:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/2/2011 4:20:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/2/2011 4:20:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/2/2011 4:20:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/2/2011 4:19:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/2/2011 4:19:52 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
4/2/2011 4:19:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
4/2/2011 4:19:51 PM, Error: EventLog [6008] - The previous system shutdown at 4:18:20 PM on 4/2/2011 was unexpected.
4/2/2011 4:19:19 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ==========================

NYRhock · 2011/04/09

GMER Report

GMER Report is too large (over 3 million characters), advise how to add to thread.

broni · 2011/04/09

Rather than create new topic, you should have PMed me to reopen your previous topic.
I merged both topics this time.

Upload GMER file here: http://www.filedropper.com/
Post download link (copy URL: link):

NYRhock · 2011/04/09

GMER Report

Good to know for next time

http://www.filedropper.com/gmer

broni · 2011/04/09

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

NYRhock · 2011/04/09

AppRemover..

After running AppRemover, only Malwarebytes and Spybot was located for removel. AVG was not on the list. Advise?

broni · 2011/04/09

Try AVG Remover: http://www.avg.com/us-en/download-tools

NYRhock · 2011/04/09

Combo Fix

It originally got held up on Stage 47, so I had to restart the computer. It was able to finish, but I got a lot of Commandline System Splitter stoppages from DEP.

http://www.filedropper.com/combofix_3

broni · 2011/04/09

That upload was for huge GMER file only.
I need you to paste all logs from now on.

ComboFix 11-04-08.03 - Rick 04/09/2011 14:43:00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1924 [GMT -7:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\IEToolbar
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 21:58 . 2011-04-09 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-03 14:18 . 2011-04-03 14:18 -------- d-----w- c:\program files\Shockwave.com
2011-04-02 23:53 . 2011-04-09 06:12 -------- d-----w- c:\users\Rick\AppData\Local\ElevatedDiagnostics
2011-04-02 23:51 . 2011-04-02 23:51 -------- d-----w- c:\program files\Microsoft ATS
2011-04-02 23:43 . 2011-04-02 23:47 -------- d-----w- C:\5ff93114ae7cf74bf0a9fb925f8c5153
2011-04-02 23:06 . 2011-04-02 23:06 -------- d-----w- c:\users\Rick\AppData\Roaming\QuickScan
2011-04-02 20:49 . 2011-04-03 03:01 -------- d-----w- c:\program files\DLL Cure
2011-04-02 15:34 . 2011-04-03 03:04 -------- d-----w- c:\program files\PC HealthPack
2011-03-23 02:42 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 02:42 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 02:42 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 23:36 . 2011-02-18 23:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2011-02-18 23:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-20 16:37 . 2011-02-09 16:52 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 16:52 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 16:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 16:52 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 16:52 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:52 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:52 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 16:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 16:52 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:52 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 16:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 16:52 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 16:52 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:52 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:52 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:52 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:52 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 16:52 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"EverioService "= "c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-10-17 151552]
"lxdumon.exe "= "c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"lxduamon "= "c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]
"Lexmark 5600-6600 Series Fax Server "= "c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2010-02-04 311976]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
.
[HKLM\~\startupfolder\C:^Users^Rick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-02 04:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 18:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-03 01:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 135664]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2009-10-16 94208]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-10-01 63360]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-01 218592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-04 691696]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 03:46]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 03:46]
.
2011-03-22 c:\windows\Tasks\HPCeeScheduleForRick.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxps://www.mnlife.com/LifeSolutionsUpdate/setup.ocx
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\tpivn49n.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Rick\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Castle Age Toolbar: {aac4043a-8832-4abe-9963-35377f30b8e6} - %profile%\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
FF - Ext: Nightclub City Toolbar Powered by Ask.com: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-mscjm.exe - c:\users\Rick\AppData\Roaming\MSA\mscjm.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 14:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-04-09 15:03:09
ComboFix-quarantined-files.txt 2011-04-09 22:03
.
Pre-Run: 142,059,794,432 bytes free
Post-Run: 141,263,806,464 bytes free
.
- - End Of File - - D743EC1F21B2482D1297DA5DDB832149

broni · 2011/04/09

Uninstall Ask Toolbar, known foistware.

Combofix log looks fine.

You can reinstall AVG now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

NYRhock · 2011/04/09

Sorry. What is my next step?

broni · 2011/04/09

Please read my previous reply.

NYRhock · 2011/04/09

I ran the OTL app (twice), but the program keeps getting hung up when it is searching for a newly created file: C:\Windows\system32\certutil.exe

How do I get past this?

broni · 2011/04/09

Skip my script and simply click on "Quick scan" button.

Log in or Sign up

Inactive Data Execution Prevention closing IE, AVG, etc.

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Data Execution Prevention closing IE, AVG, etc.

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

NYRhock Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches