Solved IE won't open and other problems on HP Mini

musicteacher · 2011/07/22

[Resolved] IE won't open and other problems on HP Mini

I was referred over here after posting on the Internet Explorer forum. I have an HP Mini 110 that I got three months ago. About 2 weeks ago I was online in a hotel room and I downloaded some updates. I think one had to do with IE 8 but I'm not sure. Since then I've had tons of problems, most noteably I cannot get IE to start up.

I can get online using the QuickWeb that HP has on the mini, but I've discovered today that I can't download anything to the computer using this.

I did manage to update the anti-virus, Avira, and ran a complete scan, which found nothing.

I can't download Malwarebytes or any of the other things suggested because I can't fire up IE.

One of the messages I keep getting is that IAStorIcon can't open or something like that. I also keep getting other messages about things that can't run or open, like HP Help and Support and so forth.

The night in the hotel room that it happened, I know that I got a message about some file associated with IE being lost or gone or something.

I hope this is enough info to go on. Windows BBS has helped me to save the other 2 computers in my home and I'm hoping to get my little mini buddy going again.

Thanks.

broni · 2011/07/22

Do you have another working computer and USB flash drive, so we can download and transfer some tools?

musicteacher · 2011/07/23

Yes, I have a laptop that you guys helped me clean up a few months ago. I do have a flash drive that I can use to download from the laptop. Thanks for your help.

broni · 2011/07/23

Very well.

Transfer and run following tools...

Please, download DDS from one of the 2 mirrors and save it to your desktop.

Mirror 1
Mirror 2

* Disable any script blocking protection (if present)
* Double click the dds icon to run the tool.
* When done, DDS will open two logs:
1. DDS.txt
2. Attach.txt
* Save both reports to your desktop by clicking File>Save As in each log.

Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log.

====================================================

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)

Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.

Now click the Scan button. If you see a rootkit warning window, click OK.

When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.

Click the Copy button and paste the results into your next reply.

Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

musicteacher · 2011/07/23

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2011 8:37:20 PM
System Uptime: 7/23/2011 2:11:42 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1584
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 214 GiB total, 182.89 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.622 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP35: 7/5/2011 9:04:44 PM - Windows 7 Service Pack 1
RP36: 7/7/2011 7:12:14 AM - Windows Update
RP37: 7/8/2011 7:51:42 AM - Windows Update
RP38: 7/15/2011 10:21:50 AM - Windows Update
RP39: 7/20/2011 11:27:12 PM - Windows Update
RP40: 7/21/2011 7:20:17 AM - Windows Update
RP41: 7/22/2011 2:33:00 PM - Windows Update
RP42: 7/23/2011 1:31:40 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Alcor Micro USB Card Reader
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blasterball 3
Blio
Bounce Symphony
Broadcom 802.11 Wireless LAN Adapter
Cake Mania
Chuzzle Deluxe
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
Dream Chronicles
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote
Farm Frenzy
FATE
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickSync
HP QuickWeb Installer
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest - Heritage
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Polar Bowler
Power2Go
Realtek Ethernet Controller Driver For Windows 7
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skip-Bo - Castaway Caper
Slingo Deluxe
Synaptics Pointing Device Driver
Times Reader
Tradewinds Legends
Virtual Villagers - The Secret City
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/23/2011 2:16:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
7/23/2011 2:16:01 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2011 2:15:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
7/23/2011 2:15:49 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2011 2:15:34 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2011 2:15:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
7/22/2011 9:53:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/22/2011 9:53:10 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/22/2011 9:53:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
7/22/2011 9:53:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/22/2011 9:53:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/22/2011 9:53:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/22/2011 9:52:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb BHDrvx86 discache DVMIO IDSVix86 spldr SRTSPX ssmdrv SymIRON SymNetS Wanarpv6
7/22/2011 9:52:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/22/2011 9:18:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/22/2011 8:24:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
7/22/2011 5:22:30 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
7/21/2011 8:03:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/21/2011 7:20:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/20/2011 11:32:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2532531).
7/20/2011 11:32:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2533623).
7/20/2011 11:28:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2555917).
7/20/2011 11:04:33 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
7/20/2011 11:00:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/20/2011 10:59:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/20/2011 10:59:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/20/2011 10:59:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb BHDrvx86 DfsC discache DVMIO IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX ssmdrv SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2011 10:59:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

musicteacher · 2011/07/23

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Betsy at 14:17:03 on 2011-07-23
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.287 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: @c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.0.2282.0\npwinext.dll
uRun: [ZumoDrive] c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{7D4EAA51-0205-4FF4-931C-311B07E680B6} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{7D4EAA51-0205-4FF4-931C-311B07E680B6}\C696E6B6379737 : DhcpNameServer = 24.92.226.11 24.92.226.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer "
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs "
.
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100810.004\BHDrvx86.sys [2011-3-28 692272]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100706.002\IDSVix86.sys [2011-3-28 344112]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-13 66616]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
.
=============== Created Last 30 ================
.
2011-07-22 18:34:06 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7a91358e-bb7b-46b8-a8a3-9011f1b6edb3}\mpengine.dll
2011-07-22 13:07:51 -------- d-----w- c:\users\betsy\appdata\roaming\ZumoDrive
2011-07-21 03:38:12 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-21 03:38:10 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-21 03:38:04 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 03:28:07 -------- d-----w- c:\users\betsy\appdata\roaming\Avira
2011-07-21 03:18:29 -------- d-sh--w- C:\found.002
2011-07-08 12:14:27 -------- d-sh--w- C:\found.001
2011-07-06 01:20:15 1126912 ------w- c:\windows\system32\wininet.dll
2011-07-06 01:05:09 -------- d-----w- c:\windows\system32\SPReview
2011-07-06 01:03:48 -------- d-----w- c:\windows\system32\EventProviders
2011-07-06 01:03:44 -------- d-----w- C:\1a89a842ea04921c681b62
2011-07-01 13:53:45 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-01 13:53:45 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-01 13:53:17 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-07-01 13:53:17 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-07-01 13:53:16 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-07-01 13:53:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-07-01 13:53:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-07-01 13:53:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-07-01 13:53:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-01 13:53:14 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-07-01 13:53:14 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-30 11:59:11 -------- d-----w- c:\users\betsy\appdata\local\Microsoft Games
2011-06-30 02:39:38 -------- d-sh--w- C:\found.000
2011-06-24 00:49:59 1792000 ------w- c:\windows\system32\authui.dll
2011-06-24 00:48:59 307712 ------w- c:\windows\system32\scesrv.dll
2011-06-24 00:47:57 65024 ------w- c:\windows\system32\TSpkg.dll
2011-06-24 00:47:51 15872 ------w- c:\windows\system32\sspisrv.dll
2011-06-24 00:47:44 34816 ------w- c:\windows\system32\cscapi.dll
2011-06-24 00:47:42 90112 ------w- c:\windows\system32\srvcli.dll
2011-06-24 00:47:42 162304 ------w- c:\windows\system32\WUDFPlatform.dll
2011-06-24 00:47:35 155136 ------w- c:\windows\system32\imagehlp.dll
2011-06-24 00:47:28 44032 ------w- c:\windows\system32\basesrv.dll
2011-06-24 00:47:24 47104 ------w- c:\windows\system32\wkscli.dll
2011-06-24 00:47:12 22016 ------w- c:\windows\system32\secur32.dll
2011-06-24 00:47:04 22528 ------w- c:\windows\system32\netutils.dll
2011-06-23 21:55:25 30720 ----a-w- c:\windows\system32\msdmo.dll
2011-06-23 21:54:49 10752 ------w- c:\windows\system32\LogonUI.exe
2011-06-23 21:52:58 780288 ------w- c:\windows\system32\wbem\wbemcore.dll
2011-06-23 21:52:58 363008 ------w- c:\windows\system32\wbemcomn.dll
2011-06-23 21:52:57 606208 ------w- c:\windows\system32\wbem\fastprox.dll
.
==================== Find3M ====================
.
2011-07-02 14:14:20 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-12 01:25:35 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-14 01:44:10 5497592 ----a-w- c:\program files\avg_free_stb_all_2011_1321_cnet.exe
.
============= FINISH: 14:19:59.47 ===============

broni · 2011/07/23

I still need GMER log.

musicteacher · 2011/07/23

Trying to get it to run.

broni · 2011/07/23

If it gives you issues....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

musicteacher · 2011/07/23

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-23 22:13:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: vlj9zc5m.exe; Driver: C:\Users\Betsy\AppData\Local\Temp\pxldypod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81A8F569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AB4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

broni · 2011/07/23

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

musicteacher · 2011/07/24

ComboFix 11-07-23.04 - Betsy 07/23/2011 23:30:37.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.382 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 03:52 . 2011-07-24 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 18:34 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A91358E-BB7B-46B8-A8A3-9011F1B6EDB3}\mpengine.dll
2011-07-22 13:07 . 2011-07-24 03:25 -------- d-----w- c:\users\Betsy\AppData\Roaming\ZumoDrive
2011-07-21 03:38 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-21 03:38 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-21 03:38 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 03:28 . 2011-07-21 03:28 -------- d-----w- c:\users\Betsy\AppData\Roaming\Avira
2011-07-21 03:18 . 2011-07-21 03:18 -------- d-----w- C:\found.002
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- C:\found.001
2011-07-06 01:20 . 2011-07-06 01:20 1126912 ------w- c:\windows\system32\wininet.dll
2011-07-06 01:05 . 2011-07-21 03:11 -------- d-----w- c:\windows\system32\SPReview
2011-07-06 01:03 . 2011-07-06 01:03 -------- d-----w- c:\windows\system32\EventProviders
2011-07-06 01:03 . 2011-07-21 03:11 -------- d-----w- C:\1a89a842ea04921c681b62
2011-07-01 13:53 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-01 13:53 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-01 13:53 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-07-01 13:53 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-07-01 13:53 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-07-01 13:53 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-07-01 13:53 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-07-01 13:53 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-07-01 13:53 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-01 13:53 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-07-01 13:53 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 11:59 . 2011-06-30 20:25 -------- d-----w- c:\users\Betsy\AppData\Local\Microsoft Games
2011-06-30 11:23 . 2011-06-30 11:23 -------- d-----w- c:\users\Betsy\AppData\Roaming\PlayFirst
2011-06-30 11:23 . 2011-06-30 11:23 -------- d-----w- c:\programdata\PlayFirst
2011-06-30 02:39 . 2011-06-30 02:39 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 14:14 . 2011-04-14 02:20 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 14:14 . 2011-04-14 02:20 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-28 03:00 . 2011-06-22 22:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14 . 2011-04-15 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-12 01:25 . 2011-03-29 01:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-04 02:43 . 2011-06-21 20:15 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-21 20:15 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-21 20:15 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-21 20:15 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-21 20:16 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-21 20:16 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-21 20:16 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-21 20:15 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56 . 2011-06-21 20:16 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-14 01:44 . 2011-04-14 01:43 5497592 ----a-w- c:\program files\avg_free_stb_all_2011_1321_cnet.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-06 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
[7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[7] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
[7] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
[7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
[7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-10-19 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[7] 2010-10-19 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[7] 2010-10-19 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[7] 2010-10-19 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[7] 2010-10-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2010-10-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2010-10-19 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[7] 2010-10-19 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@= "{855156F0-2A0F-11DE-8C30-0800200C9A66} "
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive "= "c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-03-29 2038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon "= "c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"AmIcoSinglun "= "c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch "= "c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"HPWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [2010-08-09 692272]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVix86.sys [2010-06-27 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS [2011-03-22 296568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-08-03 81920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-09-29 338208]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-31 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-09-03 19:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\HPCeeScheduleForMINI$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2780)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
Completion time: 2011-07-24 08:24:15
ComboFix-quarantined-files.txt 2011-07-24 12:24
.
Pre-Run: 195,986,104,320 bytes free
Post-Run: 195,748,073,472 bytes free
.
- - End Of File - - 7DF36EC820426ADB36168DC7186490E1

broni · 2011/07/24

Please download and install Firefox so you have some usable browser: http://www.mozilla.com/en-US/firefox/new/.
Let me know if it works.

You're running two AV programs, Avira and Norton.
One of them has to go.
If Norton, make sure to use this tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

====================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll | c:\windows\System32\wininet.dll
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

musicteacher · 2011/07/24

Will start on that now. I hate Norton. It has come on my last 2 computers, but I've never activated it and I've used another program instead. I did nothing to activate the Norton so I don't know how it got running.

musicteacher · 2011/07/24

I downloaded the Norton tool onto my flashdrive and then tried to run it on the mini. I get a message that says: Norton_Removal_Tool.exe - Ordinal Not found, and then: The ordinal 383 could not be located in the dynamic link library iertutil.dll

No idea what that means. The Norton has never been started. When I tried to open it up following the directions, I get a message that wants me to click to start the 60 day free trial, which I want no part of. In the past, Norton has only messed up previous computers, and once it's there, it never ever goes away completely.

I'll proceed to the rest of your directions now.

musicteacher · 2011/07/24

The Norton removal tool finished and it said that the computer needed to be restarted, so I did. It has restarted but I'm getting a message about problems and some repair thing opened. Now I have a message about Startup Repair and it want to send info to Microsoft about this problem. Now Recovery Manager is open and it's checking stuff. CHKDSK.exe is running

musicteacher · 2011/07/24

The laptop that I've been using to communicate and download with is now starting to act funny. A Comodo scan started last night and I tried to stop it but it won't stop. It's been running for over 16 hours and seems to be stuck on a game file. Also, I keep getting little popups telling me that I have an infected file but it's called something like heur.suspicious and I know when i've had that before, it was a false alarm or something. By moving the flashdrive back and forth between my laptop and my mini, have I infected my laptop with something now?

broni · 2011/07/24

Leave it for now.

Did you install Firefox to see if you can browse?

Also, download IE9: http://windows.microsoft.com/en-US/internet-explorer/downloads/ie and try to install it. See what happens.

Then go ahead with Combofix.

musicteacher · 2011/07/24

ComboFix 11-07-23.04 - Betsy 07/24/2011 16:53:16.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.302 [GMT -4:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll --> c:\windows\System32\wininet.dll
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 21:11 . 2011-07-24 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-24 21:11 . 2011-07-24 21:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-24 19:58 . 2011-07-24 19:58 -------- d-----w- c:\users\Betsy\AppData\Local\Mozilla
2011-07-22 18:34 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A91358E-BB7B-46B8-A8A3-9011F1B6EDB3}\mpengine.dll
2011-07-22 13:07 . 2011-07-24 20:49 -------- d-----w- c:\users\Betsy\AppData\Roaming\ZumoDrive
2011-07-21 03:38 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-21 03:38 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-21 03:38 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 03:28 . 2011-07-21 03:28 -------- d-----w- c:\users\Betsy\AppData\Roaming\Avira
2011-07-21 03:18 . 2011-07-21 03:18 -------- d-----w- C:\found.002
2011-07-08 12:14 . 2011-07-08 12:14 -------- d-----w- C:\found.001
2011-07-06 01:20 . 2011-04-22 19:51 981504 ----a-w- c:\windows\system32\wininet.dll
2011-07-06 01:05 . 2011-07-21 03:11 -------- d-----w- c:\windows\system32\SPReview
2011-07-06 01:03 . 2011-07-06 01:03 -------- d-----w- c:\windows\system32\EventProviders
2011-07-06 01:03 . 2011-07-21 03:11 -------- d-----w- C:\1a89a842ea04921c681b62
2011-07-01 13:53 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-01 13:53 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-01 13:53 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-07-01 13:53 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-07-01 13:53 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-07-01 13:53 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-07-01 13:53 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-07-01 13:53 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-07-01 13:53 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-07-01 13:53 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-07-01 13:53 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-30 11:59 . 2011-06-30 20:25 -------- d-----w- c:\users\Betsy\AppData\Local\Microsoft Games
2011-06-30 11:23 . 2011-06-30 11:23 -------- d-----w- c:\users\Betsy\AppData\Roaming\PlayFirst
2011-06-30 11:23 . 2011-06-30 11:23 -------- d-----w- c:\programdata\PlayFirst
2011-06-30 02:39 . 2011-06-30 02:39 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 14:14 . 2011-04-14 02:20 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 14:14 . 2011-04-14 02:20 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-28 03:00 . 2011-06-22 22:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14 . 2011-04-15 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-21 20:15 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-21 20:15 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-21 20:15 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-21 20:15 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-21 20:16 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-21 20:16 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-21 20:16 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-21 20:15 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-14 01:44 . 2011-04-14 01:43 5497592 ----a-w- c:\program files\avg_free_stb_all_2011_1321_cnet.exe
2011-07-08 07:16 . 2011-07-24 19:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@= "{855156F0-2A0F-11DE-8C30-0800200C9A66} "
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZumoDrive "= "c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-03-29 2038]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon "= "c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"AmIcoSinglun "= "c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch "= "c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"HPWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-08-03 81920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-09-29 338208]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-31 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-09-03 19:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\HPCeeScheduleForMINI$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Betsy\AppData\Roaming\Mozilla\Firefox\Profiles\6hh3lqzs.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
Completion time: 2011-07-24 17:18:32
ComboFix-quarantined-files.txt 2011-07-24 21:18
ComboFix2.txt 2011-07-24 12:24
.
Pre-Run: 195,810,430,976 bytes free
Post-Run: 195,786,121,216 bytes free
.
- - End Of File - - 3E7E3DA1AB5B673D66FE6BCDB6FD4B5E

musicteacher · 2011/07/24

Yes, I can browse very well with the new one.

Log in or Sign up

Solved IE won't open and other problems on HP Mini

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved IE won't open and other problems on HP Mini

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

broni Moderator Malware Analyst

musicteacher Well-Known Member Thread Starter

musicteacher Well-Known Member Thread Starter

Share This Page

Useful Searches