Solved Computer Acting Strange - WIFI/Sound not working

wealthymike · 2010/10/12

[Resolved] Computer Acting Strange - WIFI/Sound not working

DDS (Ver_10-10-10.03) - NTFSx86
Run by Constance at 0:53:28.31 on Wed 10/13/2010
Internet Explorer: 7.0.6000.17037
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-10-09 00:13:48 6084944 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{19e998cc-1ca6-4cd5-9aa5-10bf93bb82b9}\mpengine.dll

==================== Find3M ====================

============= FINISH: 0:55:46.00 ===============

wealthymike · 2010/10/12

12:58 AM 10/13/2010
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Ask Toolbar
AuthenTec Fingerprint Sensor Minimum Install
AV
BitTorrent 6.0
Bonjour
ccCommon
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
ESU for Microsoft Vista
Free YouTube to iPod Converter version 2.9
Free YouTube to Mp3 Converter version 2.5
FrostWire 4.20.7
GoGear VIBE Device Manager
Google Earth
Google Talk Plugin
Google Updater
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0034
HP Wireless Assistant
HPNetworkAssistant
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Media Converter for Philips
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Motorola SM56 Data Fax Modem
MSCU for Microsoft Vista
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Protected Music Converter 1.0.0.11
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SureThing CD Labeler Deluxe 4
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Uninstall 1.0.0.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
VC80CRTRedist - 8.0.50727.4053
VeriSoft Access Manager
Viewpoint Media Player
VirtualLab Client 5.6.0
Vongo
WinRAR archiver
WinZip 12.0

==== End Of File ===========================

Admin. · 2010/10/13

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/10/13

Before I start help you out, you need to explain why you left these threads in the middle of cleaning process:
http://www.windowsbbs.com/malware-v...io-internet-connection-randomly-stopping.html
http://www.windowsbbs.com/malware-v...-music-pop-ups-i-e-even-when-not-running.html
http://www.windowsbbs.com/malware-virus-removal/93607-inactive-strange-malware.html

Unless you'll find really good explanation, I'm not willing to help you out, because I don't want to waste my time again.

wealthymike · 2010/10/13

Hello Broni,

I honestly thought that all of the cleaning processes were complete. You and crunchie helped me out big time with my laptop twice and my desktop once. I am trying to fix my girlfriend's computer now. Now that I look back I see that I should have ended the threads better. I'm sorry for that and would love if you could help me with this. I promise I will complete the thread this time. Thank you!

broni · 2010/10/13

You're selling me a very hard buy, so let's say this is your chance to redeem yourself.
Consider yourself being warned.

====================================================================

I can see two AV programs, Norton and MSE.
One of them has to go.
If Norton, use Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done....

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wealthymike · 2010/10/13

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4817

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10/13/2010 11:37:24 PM
mbam-log-2010-10-13 (23-37-24).txt

Scan type: Quick scan
Objects scanned: 157467
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/10/14

Go on....

wealthymike · 2010/10/14

I have tried the GMER 3 times... 1st time failed then i unchecked drivers. 2nd time made it through the whole scan then the computer froze completely when I pressed save so I tried it once more and the computer froze midway through the scan (while I was asleep). Now I am trying it in safe mode.

wealthymike · 2010/10/14

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-14 07:37:18
Windows 6.0.6000
Running: y8wzh23v.exe; Driver: C:\Users\CONSTA~1\AppData\Local\Temp\fwtoyuow.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7422FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741FB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741EA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741ECBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741E8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741FCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741E7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741E7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741E6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7427C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74207F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741E90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741F2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741F21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741F7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741F7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742283D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3703b8d7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3703b8d7@001cef67ea9d 0xDB 0x94 0x36 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3703b8d7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3703b8d7@001cef67ea9d 0xDB 0x94 0x36 0xC3 ...

---- EOF - GMER 1.0.15 ----

wealthymike · 2010/10/14

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion tx1000 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 154):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8022A000 \SystemRoot\system32\drivers\acpi.sys
0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80219000 \SystemRoot\system32\drivers\msisadrv.sys
0x8047F000 \SystemRoot\system32\drivers\pci.sys
0x8020A000 \SystemRoot\system32\drivers\volmgr.sys
0x80207000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80475000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80465000 \SystemRoot\System32\drivers\mountmgr.sys
0x80200000 \SystemRoot\system32\drivers\pciide.sys
0x80457000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8040D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80405000 \SystemRoot\system32\drivers\atapi.sys
0x807E2000 \SystemRoot\system32\drivers\ataport.SYS
0x807C8000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80788000 \SystemRoot\system32\DRIVERS\storport.sys
0x80757000 \SystemRoot\system32\drivers\fltmgr.sys
0x80747000 \SystemRoot\system32\drivers\fileinfo.sys
0x8073E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8063A000 \SystemRoot\system32\drivers\ndis.sys
0x8060F000 \SystemRoot\system32\drivers\msrpc.sys
0x87DC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x87CBF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87C55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80607000 \SystemRoot\System32\Drivers\spldr.sys
0x87C10000 \SystemRoot\System32\drivers\partmgr.sys
0x87C01000 \SystemRoot\System32\Drivers\mup.sys
0x87FDB000 \SystemRoot\System32\drivers\ecache.sys
0x87FCA000 \SystemRoot\system32\drivers\disk.sys
0x87FA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FA0000 \SystemRoot\system32\drivers\crcdisk.sys
0x88C07000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B170000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x889F1000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88C64000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B0DC000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88D50000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B100000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B179000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B9C1000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B033000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x88C93000 \SystemRoot\System32\drivers\watchdog.sys
0x8B0FA000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B029000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B984000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B01B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B003000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88DB8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B922000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B860000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8B84D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B842000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B817000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8884F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B80C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B7E1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B7D6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B194000 \SystemRoot\system32\drivers\lmvac.sys
0x8B7A9000 \SystemRoot\system32\drivers\portcls.sys
0x8B784000 \SystemRoot\system32\drivers\drmk.sys
0x8B75A000 \SystemRoot\system32\drivers\ks.sys
0x8B745000 \SystemRoot\system32\drivers\tbhsd.sys
0x8B72E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B74F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B70B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B6FC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B6E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88DD0000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8B6CD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88847000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B6C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B6DC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1A6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B64F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88D80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C457000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C040000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C130000 \SystemRoot\system32\drivers\modem.sys
0x8B61C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B1AF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B138000 \SystemRoot\System32\Drivers\Null.SYS
0x8B13F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B610000 \SystemRoot\System32\drivers\vga.sys
0x8C1DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88949000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88931000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B605000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C1B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B1B8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C72B000 \SystemRoot\System32\drivers\tcpip.sys
0x8C198000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C442000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C42E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C6E4000 \SystemRoot\system32\drivers\afd.sys
0x8C6B2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C418000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C40A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8885F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8C69F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C664000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C18E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C64D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C13D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88C2C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x88C12000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8CCBB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCA9000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x8CC88000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C602000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8CC67000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8CC5B000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8CC21000 \SystemRoot\System32\Drivers\bthport.sys
0x8CC10000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8CD50000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x957E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9577F000 \SystemRoot\system32\drivers\btwavdt.sys
0x95704000 \SystemRoot\system32\drivers\btwaudio.sys
0x8B0EB000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x91E00000 \SystemRoot\System32\win32k.sys
0x8CD5A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B18B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88929000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CCD2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98200000 \SystemRoot\System32\TSDDD.dll
0x98210000 \SystemRoot\System32\cdd.dll
0x98903000 \SystemRoot\system32\drivers\luafv.sys
0x9DAE8000 \SystemRoot\system32\drivers\spsys.sys
0x88CB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9DA1B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CD6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EF4D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F0A7000 \SystemRoot\system32\drivers\HTTP.sys
0x9F02D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EFD4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EFC0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F00D000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F049000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F4A7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F495000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F471000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F420000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2822000 \SystemRoot\system32\drivers\peauth.sys
0x8CD96000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F187000 \SystemRoot\System32\drivers\tcpipreg.sys
0x771D0000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
556 csrss.exe
604 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
680 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
980 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1128 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\audiodg.exe
1412 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\SLsvc.exe
1468 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\wisptis.exe
1640 C:\Windows\System32\svchost.exe
1676 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1972 C:\Windows\System32\spoolsv.exe
2004 C:\Windows\System32\svchost.exe
1032 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
748 C:\Windows\System32\dwm.exe
1684 C:\Windows\System32\taskeng.exe
316 C:\Windows\System32\wisptis.exe
1324 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2096 C:\Windows\explorer.exe
2548 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2572 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
2600 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2620 C:\Program Files\Bonjour\mDNSResponder.exe
2640 C:\Windows\System32\svchost.exe
2660 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
2760 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2888 C:\Windows\System32\svchost.exe
2916 C:\Windows\System32\svchost.exe
2972 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3004 C:\Program Files\Vongo\VongoService.exe
3056 C:\Windows\System32\svchost.exe
3076 C:\Windows\System32\SearchIndexer.exe
3120 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3372 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
3708 C:\Program Files\Microsoft Security Essentials\msseces.exe
3716 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
812 C:\Program Files\Internet Explorer\ieuser.exe
2692 C:\Program Files\Internet Explorer\iexplore.exe
2264 C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
1220 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4080 C:\Windows\System32\taskeng.exe
1764 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
3516 C:\Windows\System32\notepad.exe
3220 C:\Windows\System32\wuauclt.exe
2024 C:\Windows\System32\wbem\WMIADAP.exe
1656 WmiPrvSE.exe
3776 dllhost.exe
4076 dllhost.exe
1036 C:\Users\Constance\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`28871800 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

broni · 2010/10/14

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

wealthymike · 2010/10/14

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion tx1000 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 154):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8022A000 \SystemRoot\system32\drivers\acpi.sys
0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80219000 \SystemRoot\system32\drivers\msisadrv.sys
0x8047F000 \SystemRoot\system32\drivers\pci.sys
0x8020A000 \SystemRoot\system32\drivers\volmgr.sys
0x80207000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80475000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80465000 \SystemRoot\System32\drivers\mountmgr.sys
0x80200000 \SystemRoot\system32\drivers\pciide.sys
0x80457000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8040D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80405000 \SystemRoot\system32\drivers\atapi.sys
0x807E2000 \SystemRoot\system32\drivers\ataport.SYS
0x807C8000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80788000 \SystemRoot\system32\DRIVERS\storport.sys
0x80757000 \SystemRoot\system32\drivers\fltmgr.sys
0x80747000 \SystemRoot\system32\drivers\fileinfo.sys
0x8073E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8063A000 \SystemRoot\system32\drivers\ndis.sys
0x8060F000 \SystemRoot\system32\drivers\msrpc.sys
0x87DC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x87CBF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87C55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80607000 \SystemRoot\System32\Drivers\spldr.sys
0x87C10000 \SystemRoot\System32\drivers\partmgr.sys
0x87C01000 \SystemRoot\System32\Drivers\mup.sys
0x87FDB000 \SystemRoot\System32\drivers\ecache.sys
0x87FCA000 \SystemRoot\system32\drivers\disk.sys
0x87FA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FA0000 \SystemRoot\system32\drivers\crcdisk.sys
0x88C07000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B5CA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x889F1000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8B2A4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8882A000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88D50000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88CA2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B5D3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BFC1000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BF24000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B263000 \SystemRoot\System32\drivers\watchdog.sys
0x88833000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B374000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B226000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B218000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B2B6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B2FE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE62000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8B2EB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B2E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BE37000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8881E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B2D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BE0C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B2CA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B582000 \SystemRoot\system32\drivers\lmvac.sys
0x8C7D3000 \SystemRoot\system32\drivers\portcls.sys
0x8C7AE000 \SystemRoot\system32\drivers\drmk.sys
0x8C784000 \SystemRoot\system32\drivers\ks.sys
0x8B37E000 \SystemRoot\system32\drivers\tbhsd.sys
0x8C76D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B415000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C74A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B480000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B402000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B432000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0x8B48F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x88814000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B388000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C73D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B594000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C9CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88D80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C823000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CD10000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C66D000 \SystemRoot\system32\drivers\modem.sys
0x8C800000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B59D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88C47000 \SystemRoot\System32\Drivers\Null.SYS
0x88C4E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C611000 \SystemRoot\System32\drivers\vga.sys
0x8CCAF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88919000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88949000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BE01000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C603000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B5A6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF2B000 \SystemRoot\System32\drivers\tcpip.sys
0x8CC76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CC61000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC4D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CC06000 \SystemRoot\system32\drivers\afd.sys
0x8CEF9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CEE3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CED5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x88812000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8CEC2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CE87000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B392000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CE70000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C67A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B39C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x88C12000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8E37C000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E342000 \SystemRoot\System32\Drivers\bthport.sys
0x8E331000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8B3A6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8E317000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8E2B0000 \SystemRoot\system32\drivers\btwavdt.sys
0x8E235000 \SystemRoot\system32\drivers\btwaudio.sys
0x88842000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x94C00000 \SystemRoot\System32\win32k.sys
0x8B3BA000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E21E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E3DF000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x8E20C000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x96ADF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E201000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8B570000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x88959000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B49E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98600000 \SystemRoot\System32\TSDDD.dll
0x98610000 \SystemRoot\System32\cdd.dll
0x994E5000 \SystemRoot\system32\drivers\luafv.sys
0x9E6E2000 \SystemRoot\system32\drivers\spsys.sys
0x88D40000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9DFD5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8B360000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9DE21000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E827000 \SystemRoot\system32\drivers\HTTP.sys
0x9E607000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E80E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F56C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F54C000 \SystemRoot\system32\drivers\mrxdav.sys
0x9F52E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F4F5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F4E3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F4BF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F46E000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2522000 \SystemRoot\system32\drivers\peauth.sys
0x88DB6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E9EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x77D20000 \Windows\System32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
596 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
980 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1160 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\audiodg.exe
1368 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\wisptis.exe
1684 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1700 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\spoolsv.exe
328 C:\Windows\System32\svchost.exe
308 C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
1036 C:\Windows\System32\dwm.exe
1452 C:\Windows\System32\wisptis.exe
1416 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2064 C:\Windows\System32\taskeng.exe
2092 C:\Windows\explorer.exe
2560 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2580 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
2608 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2636 C:\Program Files\Bonjour\mDNSResponder.exe
2656 C:\Windows\System32\svchost.exe
2668 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
2880 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3000 C:\Windows\System32\svchost.exe
3024 C:\Windows\System32\svchost.exe
3084 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3128 C:\Program Files\Vongo\VongoService.exe
3144 C:\Windows\System32\svchost.exe
3164 C:\Windows\System32\SearchIndexer.exe
3224 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3504 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
3764 C:\Program Files\Microsoft Security Essentials\msseces.exe
3772 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3100 C:\Windows\System32\SearchProtocolHost.exe
3476 C:\Windows\System32\SearchFilterHost.exe
3448 dllhost.exe
1920 dllhost.exe
2788 C:\Users\Constance\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`28871800 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

wealthymike · 2010/10/14

Is it ok that it says Windows XP MBR code detected when this laptop uses Vista? I'm sorry if it's a dumb question i'm just trying to learn as I go.

broni · 2010/10/15

Yes, that's fine.
Looks good now

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wealthymike · 2010/10/15

I started combofix and the green bar loaded all the way to the end and then it just exited. No sign of it running at all.

wealthymike · 2010/10/15

Forget it - I deleted it and downloaded it from the second link you gave. Now it's working.

wealthymike · 2010/10/15

I finished it and I got the log on the computer but now whenever I try to open something (in this case internet explorer) I get an error message with the file name (...iexplorer.exe) and "Illegal Operation attempted on a registry key that has been marked for deletion." I can't even open it to send you the log

broni · 2010/10/15

You need to restart computer and it'll cure the issue.

wealthymike · 2010/10/15

ComboFix 10-10-12.03 - Constance 10/15/2010 2:21.1.2 - x86
Running from: c:\users\Constance\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 06:18 . 2010-10-15 06:19 -------- d-----w- C:\32788R22FWJFW
2010-10-15 03:44 . 2010-10-09 00:12 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6B14C6C-439B-4907-809E-D41530EFC096}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-03 20:42 1362824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-03 1362824]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE "= "c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 19:12 17920 ----a-r- c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 500 Series]
2008-02-21 21:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-11 02:22 133104 ----atw- c:\users\Constance\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1196203260\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 20:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 08:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-01-13 17:40 7766016 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-01-13 17:40 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-01-13 17:40 90191 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 17:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 19:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-11 03:04 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-10-09 04:43 729088 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 09:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-30 22:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-01-13 03:36 827392 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-06-14 17:25 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-07-01 18912]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-19 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-19 43904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-30 11:53]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821945497-2058085213-3717382629-1000Core.job
- c:\users\Constance\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-11 02:22]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3821945497-2058085213-3717382629-1000UA.job
- c:\users\Constance\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-11 02:22]

2010-10-15 c:\windows\Tasks\User_Feed_Synchronization-{8DB12A1A-D7AB-4B74-AFD6-4771D6CA95C4}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3821945497-2058085213-3717382629-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%*"]
@Class= "Shell "

[HKEY_USERS\S-1-5-21-3821945497-2058085213-3717382629-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R%* "\OpenWithList]
@Class= "Shell "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(332)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-10-15 02:37:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-15 06:37

Pre-Run: 62,202,970,112 bytes free
Post-Run: 63,113,273,344 bytes free

- - End Of File - - 8C45EA82F8BDF2120A205A51CB5EC034

Log in or Sign up

Solved Computer Acting Strange - WIFI/Sound not working

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Computer Acting Strange - WIFI/Sound not working

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

wealthymike Inactive Thread Starter

broni Moderator Malware Analyst

wealthymike Inactive Thread Starter

Share This Page

Useful Searches