Solved s04.cltrda.com Popup

imjhemp · 2012/04/23

[Resolved] s04.cltrda.com Popup

A popup titled s04.cltrda.com comes up every time i go to a new page or click on anything. Nothing shows up on a scan from mbam. It seems to slow my comp down alot. Any ideas since it doesnt show up on a scan?

Admin. · 2012/04/23

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

imjhemp · 2012/04/26

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-26 22:10:04
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000075 SAMSUNG_ rev.VT10
Running: y61bsw6h.exe; Driver: C:\Users\JOEYHE~1\AppData\Local\Temp\uwkiqpow.sys

---- System - GMER 1.0.15 ----

SSDT 922E7110 ZwAlertResumeThread
SSDT 922E8120 ZwAlertThread
SSDT 92360320 ZwAllocateVirtualMemory
SSDT 92209130 ZwAlpcConnectPort
SSDT 9230DE00 ZwAssignProcessToJobObject
SSDT 92360BD0 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x82C70C0C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x82C70ED4]
SSDT 922FF418 ZwCreateSymbolicLinkObject
SSDT 922F1148 ZwCreateThread
SSDT 9231C210 ZwDebugActiveProcess
SSDT 9235E6D8 ZwDuplicateObject
SSDT 9231DA88 ZwFreeVirtualMemory
SSDT 90FD0948 ZwImpersonateAnonymousToken
SSDT 922E6068 ZwImpersonateThread
SSDT 862D6A60 ZwLoadDriver
SSDT 9231DD98 ZwMapViewOfSection
SSDT 862C9A20 ZwOpenEvent
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA226FF3C]
SSDT 939821B0 ZwOpenProcessToken
SSDT 92312068 ZwOpenSection
SSDT 9235E528 ZwOpenThread
SSDT 9235D4B8 ZwProtectVirtualMemory
SSDT 922EF210 ZwResumeThread
SSDT 922F8538 ZwSetContextThread
SSDT 923225D8 ZwSetInformationProcess
SSDT 92313788 ZwSetSystemInformation
SSDT 9239C918 ZwSuspendProcess
SSDT 922E0648 ZwSuspendThread
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA226FFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA2270080]
SSDT 862D11F0 ZwUnmapViewOfSection
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA227011C]
SSDT 9231CC88 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x82C711D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 822D5974 8 Bytes [10, 71, 2E, 92, 20, 81, 2E, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 822D5988 4 Bytes [20, 03, 36, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 370 822D5994 4 Bytes [30, 91, 20, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 822D59E8 4 Bytes [00, DE, 30, 92]
.text ntkrnlpa.exe!KeSetTimerEx + 428 822D5A4C 4 Bytes [D0, 0B, 36, 92]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F208340, 0x3DA8C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\hp\support\hpsysdrv.exe[332] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 003B000A
.text C:\hp\support\hpsysdrv.exe[332] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\hp\support\hpsysdrv.exe[332] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\hp\support\hpsysdrv.exe[332] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\hp\support\hpsysdrv.exe[332] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\hp\support\hpsysdrv.exe[332] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 003A000A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1752] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Windows\RtHDVCpl.exe[1936] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001C000A
.text C:\Windows\RtHDVCpl.exe[1936] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Windows\RtHDVCpl.exe[1936] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[1936] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Windows\RtHDVCpl.exe[1936] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Windows\RtHDVCpl.exe[1936] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\taskeng.exe[2172] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0166000A
.text C:\Windows\system32\taskeng.exe[2172] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Windows\system32\taskeng.exe[2172] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2172] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Windows\system32\taskeng.exe[2172] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Windows\system32\taskeng.exe[2172] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0024000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[2508] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0038000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2908] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 2 Bytes [0A, 00] {OR AL, [EAX]}
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] kernel32.dll!GetConsoleScreenBufferInfoEx + 135 770E31C0 1 Byte [04]
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe[3016] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0020000A
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\AVG Secure Search\vprot.exe[3192] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Windows\System32\rundll32.exe[3348] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0092000A
.text C:\Windows\System32\rundll32.exe[3348] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Windows\System32\rundll32.exe[3348] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3348] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Windows\System32\rundll32.exe[3348] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Windows\System32\rundll32.exe[3348] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0085000A
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\AVG\AVG2012\avgtray.exe[3632] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 008E000A
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe[3716] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0029000A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3820] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 00A7000A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3844] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] KERNEL32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0031000A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3892] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001E000A
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3972] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Windows\ehome\ehtray.exe[4120] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 007D000A
.text C:\Windows\ehome\ehtray.exe[4120] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Windows\ehome\ehtray.exe[4120] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4120] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Windows\ehome\ehtray.exe[4120] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Windows\ehome\ehtray.exe[4120] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0155000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4196] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001E000A
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe[4204] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0099000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[4212] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[4284] kernel32.dll!CreateThread + 1A 771048FA 4 Bytes CALL 0044C4B9 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 0037000A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[4408] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A
.text C:\Windows\ehome\ehmsas.exe[4552] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001B000A
.text C:\Windows\ehome\ehmsas.exe[4552] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AE0F5A
.text C:\Windows\ehome\ehmsas.exe[4552] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4552] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A7, 71]
.text C:\Windows\ehome\ehmsas.exe[4552] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A50F5A
.text C:\Windows\ehome\ehmsas.exe[4552] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A20F5A
.text C:\Windows\system32\wuauclt.exe[5172] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 2 Bytes [0A, 00] {OR AL, [EAX]}
.text C:\Windows\system32\wuauclt.exe[5172] kernel32.dll!GetConsoleScreenBufferInfoEx + 135 770E31C0 1 Byte [00]
.text C:\Windows\system32\wuauclt.exe[5172] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Windows\system32\wuauclt.exe[5172] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5172] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\wuauclt.exe[5172] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Windows\system32\wuauclt.exe[5172] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A
.text C:\Program Files\PC Tools Security\pctsGui.exe[5320] kernel32.dll!CreateThread + 1A 771048FA 4 Bytes CALL 0044CD69 C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001C000A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[5352] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 770E31BD 4 Bytes JMP 001A000A
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] USER32.dll!SetForegroundWindow 76E1B5F5 6 Bytes JMP 71AF0F5A
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] USER32.dll!SetWindowPos 76E221FE 3 Bytes [FF, 25, 1E]
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] USER32.dll!SetWindowPos + 4 76E22202 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] USER32.dll!ChangeDisplaySettingsExA 76E413E2 6 Bytes JMP 71A60F5A
.text C:\Users\Joey Hemphill\Desktop\y61bsw6h.exe[5408] USER32.dll!ChangeDisplaySettingsExW 76E5A981 6 Bytes JMP 71A30F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74068864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740A9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7406B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7405FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74067A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7405EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7409B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7406BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74060756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740606BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740571B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740ED9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74087329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7405E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7405697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740569A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74062475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\PC Tools Security\pctsSvc.exe[4284] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044C610] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
IAT C:\Program Files\PC Tools Security\pctsSvc.exe[4284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044C610] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
IAT C:\Program Files\PC Tools Security\pctsGui.exe[5320] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044CEC0] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
IAT C:\Program Files\PC Tools Security\pctsGui.exe[5320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044CEC0] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)

---- EOF - GMER 1.0.15 ----

imjhemp · 2012/04/27

Hey guys, sorry for not posting info all at one time. My comp is not wanting to cooperate with me. I will get it all done soon.

imjhemp · 2012/04/27

Malwarebytes' Anti-Malware 1.10
Database version: 583

Scan type: Quick Scan
Objects scanned: 32233
Time elapsed: 7 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

imjhemp · 2012/04/27

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-27 16:55:35
-----------------------------
16:55:35.297 OS Version: Windows 6.0.6001 Service Pack 1
16:55:35.298 Number of processors: 2 586 0x4B02
16:55:35.301 ComputerName: JOEYHEMPHILL-PC UserName: Joey Hemphill
16:58:21.100 Initialize success
17:01:13.184 AVAST engine defs: 12042701
17:09:22.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
17:09:22.695 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 6
17:09:22.818 Disk 0 MBR read successfully
17:09:22.823 Disk 0 MBR scan
17:09:23.417 Disk 0 unknown MBR code
17:09:23.498 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 230609 MB offset 63
17:09:23.621 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7862 MB offset 472288320
17:09:23.675 Disk 0 scanning sectors +488391120
17:09:24.093 Disk 0 scanning C:\Windows\system32\drivers
17:10:52.150 Service scanning
17:11:45.343 Modules scanning
17:12:51.013 Disk 0 trace - called modules:
17:12:51.105 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
17:12:51.574 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ce578]
17:12:51.581 3 CLASSPNP.SYS[869a1745] -> nt!IofCallDriver -> [0x859ced78]
17:12:51.589 5 PCTCore.sys[82c74407] -> nt!IofCallDriver -> [0x8409f8b8]
17:12:51.598 7 acpi.sys[806406a0] -> nt!IofCallDriver -> \Device\00000075[0x8409fc90]
17:12:58.704 AVAST engine scan C:\Windows
17:13:57.255 AVAST engine scan C:\Windows\system32
17:23:26.845 AVAST engine scan C:\Windows\system32\drivers
17:24:05.411 AVAST engine scan C:\Users\Joey Hemphill
17:34:25.807 File: C:\Users\Joey Hemphill\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dll **INFECTED** Win32:Adware-gen [Adw]
17:35:35.031 AVAST engine scan C:\ProgramData
17:41:51.969 Scan finished successfully
17:44:10.816 Disk 0 MBR has been saved successfully to "C:\Users\Joey Hemphill\Documents\MBR.dat "
17:44:10.902 The log file has been saved successfully to "C:\Users\Joey Hemphill\Documents\aswMBR.txt "
17:44:47.316 Disk 0 MBR has been saved successfully to "C:\Users\Joey Hemphill\Desktop\MBR.dat "
17:44:47.361 The log file has been saved successfully to "C:\Users\Joey Hemphill\Desktop\aswMBR.txt "

imjhemp · 2012/04/28

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Joey Hemphill at 14:01:37 on 2012-04-28
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.173 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP Multimedia Keyboard\Kmaestro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.3.6\IPSBHO.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: FreeWorkz Games: {d1ecd019-8423-43de-98d1-7892af2da309} - c:\program files\freeworkz\FreeWorkzIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.3.6\coIEPlg.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SRS Premium Sound] "c:\program files\srs labs\premium sound for monitors\SRSPremiumSound_Win32.exe" /hideme
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe "
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Malwarebytes Anti-Malware Reboot] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [BtcMaestro] "c:\program files\hp multimedia keyboard\KMaestro.exe "
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe "
mRun: [vProt] "c:\program files\avg secure search\vprot.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0824166D-6FB5-4A3D-AACA-2B5CEB8AA820} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.3.6\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-4-22 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-4-22 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-4-22 909728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-11-13 310320]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-11-13 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-11-13 467592]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090730.003\IDSvix86.sys [2009-7-30 293424]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-4-22 185560]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 SRS_PremSoundMon;SRS for Monitors;c:\windows\system32\drivers\SRS_PremSoundMon_i386.sys [2011-12-9 131056]
S3 PCD5SRVC{8A863ACB-F5F6CC6A-05010004};PCD5SRVC{8A863ACB-F5F6CC6A-05010004} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2006-11-17 28144]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile= "%1" %*
.
=============== Created Last 30 ================
.
2012-04-22 23:35:18 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-04-22 23:35:18 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-04-22 23:35:14 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-22 23:35:14 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-04-22 23:34:33 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-22 23:34:33 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-22 23:33:51 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-22 23:33:51 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-04-22 23:33:40 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-04-22 23:33:12 -------- d-----w- c:\program files\common files\PC Tools
2012-04-22 23:33:10 -------- d-----w- c:\programdata\PC Tools
2012-04-22 23:33:10 -------- d-----w- c:\program files\PC Tools Security
2012-04-22 23:25:29 -------- d-----w- c:\users\joey hemphill\appdata\roaming\GetRightToGo
2012-04-22 22:01:56 110080 ----a-r- c:\users\joey hemphill\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-04-22 22:01:56 110080 ----a-r- c:\users\joey hemphill\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-04-22 22:01:56 110080 ----a-r- c:\users\joey hemphill\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-04-22 22:01:08 -------- d-----w- C:\sh4ldr
2012-04-22 22:01:05 -------- d-----w- c:\program files\Enigma Software Group
2012-04-22 21:56:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-22 21:31:47 -------- d-----w- c:\users\joey hemphill\appdata\roaming\DriverCure
2012-04-22 21:31:46 -------- d-----w- c:\users\joey hemphill\appdata\roaming\SpeedyPC Software
2012-04-22 21:31:25 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-04-22 21:31:24 -------- d-----w- c:\programdata\SpeedyPC Software
2012-04-22 21:31:24 -------- d-----w- c:\program files\SpeedyPC Software
2012-04-02 04:10:44 -------- d-----w- c:\users\joey hemphill\appdata\local\Ilivid Player
2012-04-02 04:09:17 -------- d-----w- c:\program files\iLivid
2012-04-02 04:08:07 -------- d-----w- c:\program files\Searchqu Toolbar
.
==================== Find3M ====================
.
.
============= FINISH: 14:04:27.63 ===============

imjhemp · 2012/04/28

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/29/2007 2:39:44 PM
System Uptime: 4/26/2012 7:29:32 PM (43 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 162.996 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.878 GiB free.
E: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Manufacturer: Generic-
Name: Compact Flash
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP519: 3/1/2012 12:00:15 AM - Scheduled Checkpoint
RP520: 3/2/2012 12:00:15 AM - Scheduled Checkpoint
RP521: 3/6/2012 9:48:45 PM - Scheduled Checkpoint
RP522: 3/8/2012 12:09:09 AM - Scheduled Checkpoint
RP523: 3/9/2012 12:00:11 AM - Scheduled Checkpoint
RP524: 3/10/2012 1:31:44 AM - Scheduled Checkpoint
RP525: 3/11/2012 1:42:15 AM - Scheduled Checkpoint
RP526: 3/12/2012 3:57:30 AM - Scheduled Checkpoint
RP527: 3/13/2012 12:00:14 AM - Scheduled Checkpoint
RP528: 3/14/2012 12:00:14 AM - Scheduled Checkpoint
RP529: 3/14/2012 3:00:13 AM - Windows Update
RP530: 4/6/2012 10:55:01 AM - Scheduled Checkpoint
RP531: 4/7/2012 1:13:55 AM - Scheduled Checkpoint
RP532: 4/8/2012 4:11:12 AM - Scheduled Checkpoint
RP533: 4/9/2012 3:52:43 AM - Scheduled Checkpoint
RP534: 4/10/2012 1:39:25 AM - Scheduled Checkpoint
RP535: 4/11/2012 12:00:20 AM - Scheduled Checkpoint
RP536: 4/12/2012 12:00:19 AM - Scheduled Checkpoint
RP537: 4/13/2012 12:00:20 AM - Scheduled Checkpoint
RP538: 4/13/2012 3:00:12 AM - Windows Update
RP539: 4/14/2012 12:00:22 AM - Scheduled Checkpoint
RP540: 4/15/2012 1:54:04 AM - Scheduled Checkpoint
RP541: 4/16/2012 12:00:24 AM - Scheduled Checkpoint
RP542: 4/17/2012 12:00:30 AM - Scheduled Checkpoint
RP543: 4/18/2012 12:00:26 AM - Scheduled Checkpoint
RP544: 4/19/2012 12:00:26 AM - Scheduled Checkpoint
RP545: 4/20/2012 12:00:35 AM - Scheduled Checkpoint
RP546: 4/21/2012 12:00:32 AM - Scheduled Checkpoint
RP547: 4/22/2012 12:08:37 AM - Scheduled Checkpoint
RP548: 4/22/2012 4:58:52 PM - Installed SpyHunter
RP549: 4/23/2012 2:41:04 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 2012
Bonjour
BufferChm
C4100
c4100_Help
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX
DocProc
DocProcQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
FreeWorkz
GearDrvs
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 8.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP Multimedia Keyboard Driver V1.6 (2.0.W-137A9 MUL)
HP OCR Software 8.0
HP On-Screen Caps/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Picasso Media Center Add-In
HP Product Assistant
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
iLivid
iTunes
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Norton 360
NVIDIA Drivers
PC Tools Spyware Doctor with AntiVirus 9.0
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Searchqu Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Soft Data Fax Modem with SmartCP
SolutionCenter
SpeedyPC Pro
SpyHunter
SRS Premium Sound for Monitors
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
ViewSonic Monitor Drivers
WebReg
.
==== Event Viewer Messages From Past Week ========
.
4/26/2012 7:37:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.
4/26/2012 7:37:13 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/26/2012 7:31:03 PM, Error: EventLog [6008] - The previous system shutdown at 7:28:09 PM on 4/26/2012 was unexpected.
4/23/2012 3:30:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
4/23/2012 3:30:32 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 3:30:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/23/2012 2:54:18 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a10.
4/23/2012 2:28:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
4/23/2012 2:28:09 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 2:22:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
4/23/2012 2:22:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton 360 service to connect.
4/23/2012 2:22:52 PM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 2:22:52 PM, Error: Service Control Manager [7000] - The Norton 360 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/23/2012 2:17:33 PM, Error: EventLog [6008] - The previous system shutdown at 2:05:39 PM on 4/23/2012 was unexpected.
4/22/2012 6:48:46 PM, Error: PCTCore [280] - The item store is corrupted: @5512.
4/22/2012 4:00:40 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/22/2012 4:00:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
4/22/2012 4:00:40 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/22/2012 4:00:40 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 3:54:52 PM, Error: EventLog [6008] - The previous system shutdown at 3:47:28 PM on 4/22/2012 was unexpected.
4/21/2012 12:43:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

imjhemp · 2012/04/28

Alright..i got this done.
Sorry for not going ahead and doing it before.

broni · 2012/04/28

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

You're running 3 AV programs, PC Tools Spyware Doctor with AntiVirus, Norton and AVG.
TWO of them have to go.
If AVG is one of them, use AVG Remover: http://www.avg.com/us-en/utilities
If Norton is one of them use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

When done...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

imjhemp · 2012/04/29

Ok, i clicked on the majorgeeks.com Norton removal tool and downloaded it. When i try to open the icon...a box appears saying 'Extraction Failed', 'File is corrupt'.

I didnt want to go any further without telling you this.

broni · 2012/04/29

Maybe bad download.
Re-download the tool.

imjhemp · 2012/04/29

You were right..i downloaded it again and removed Norton. PC Spyware is uninstalled also.
I now have AVG uninstalled so i can run Combofix.

Moving on.................

imjhemp · 2012/04/29

I ran the ComboFix without any problems.
Here is the results log.

ComboFix 12-04-29.02 - Joey Hemphill 04/29/2012 17:21:19.1.2 - x86
Running from: c:\users\Joey Hemphill\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET8F78.tmp
c:\windows\system32\SET8FE9.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 22:32 . 2012-04-29 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 22:08 . 2012-04-18 08:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{391D5DE8-3AF3-47D8-95B2-89D88D39A5AF}\mpengine.dll
2012-04-29 20:36 . 2012-04-29 20:36 20 ----a-w- c:\windows\system32\drivers\N360\0308030.006\BHDRVX86.SYS
2012-04-22 23:25 . 2012-04-23 00:35 -------- d-----w- c:\users\Joey Hemphill\AppData\Roaming\GetRightToGo
2012-04-22 22:01 . 2012-04-22 22:01 110080 ----a-r- c:\users\Joey Hemphill\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-22 22:01 . 2012-04-22 22:01 110080 ----a-r- c:\users\Joey Hemphill\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-22 22:01 . 2012-04-22 22:01 110080 ----a-r- c:\users\Joey Hemphill\AppData\Roaming\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-22 22:01 . 2012-04-22 22:01 -------- d-----w- C:\sh4ldr
2012-04-22 22:01 . 2012-04-22 22:01 -------- d-----w- c:\program files\Enigma Software Group
2012-04-22 21:56 . 2012-04-22 21:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-22 21:31 . 2012-04-22 21:31 -------- d-----w- c:\users\Joey Hemphill\AppData\Roaming\DriverCure
2012-04-22 21:31 . 2012-04-22 21:31 -------- d-----w- c:\users\Joey Hemphill\AppData\Roaming\SpeedyPC Software
2012-04-22 21:31 . 2012-04-22 21:31 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-04-22 21:31 . 2012-04-22 21:31 -------- d-----w- c:\programdata\SpeedyPC Software
2012-04-22 21:31 . 2012-04-22 21:31 -------- d-----w- c:\program files\SpeedyPC Software
2012-04-02 04:10 . 2012-04-02 04:11 -------- d-----w- c:\users\Joey Hemphill\AppData\Local\Ilivid Player
2012-04-02 04:09 . 2012-04-02 04:09 -------- d-----w- c:\program files\iLivid
2012-04-02 04:08 . 2012-04-02 04:08 -------- d-----w- c:\program files\Searchqu Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2011-11-15 04:34 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1ECD019-8423-43de-98D1-7892AF2DA309}]
2012-03-28 19:57 140288 ----a-w- c:\program files\FreeWorkz\FreeWorkzIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-23 1480296]
"WindowsWelcomeCenter "= "oobefldr.dll" [2008-01-19 2153472]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]
"SRS Premium Sound "= "c:\program files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_Win32.exe" [2010-11-18 3093864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro "= "c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-15 4874240]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"Malwarebytes Anti-Malware Reboot "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-04-02 1191632]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-21 245760]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"KBD "= "c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-24 44136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-13 15:16]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-13 15:16]
.
2012-04-29 c:\windows\Tasks\HPCeeScheduleForJoey Hemphill.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-26 22:04]
.
2012-04-27 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-04-28 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-04-23 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-04-29 c:\windows\Tasks\User_Feed_Synchronization-{AFF7285E-A754-41F2-9225-082E5682DE5C}.job
- c:\windows\system32\msfeedssync.exe [2011-11-13 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 17:32
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010004}]
"ImagePath "= "\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2009665904-2265977237-1145775437-1000\¬ Ã®**]
@Allowed: (Read) (RestrictedCode)
"MachineID "=hex:15,ef,1e,b8,d2,33,c2,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2012-04-29 17:37:13
ComboFix-quarantined-files.txt 2012-04-29 22:37
.
Pre-Run: 177,653,268,480 bytes free
Post-Run: 177,423,917,056 bytes free
.
- - End Of File - - 85BA5DDA3185EBED41A65355B77C0078

imjhemp · 2012/04/29

broni, i have a quick question. I havent reinstalled AVG yet from uninstalling it to run ComboFix. In your opinion..should i reinstall AVG or install another Anti-Virus program?
Your opinion would help out lots if you think there is a better one that I should be using.

broni · 2012/04/29

AVG is a good program.

Combofix log looks good.

How is computer doing?

Uninstall Searchqu Toolbar, not desirable program.

Uninstall SpeedyPC Pro.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

==============================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni · 2012/05/03

Still with me?

imjhemp · 2012/05/03

Im here broni, been working long hours this week. Thanks for your help by the way.

Im gonna download the OTL here in a bit. Thats the only thing i havent done so far.
My computer seems to be acting lots better. The pop-up is gone and there is more speed to web surfing. I will hit back a lil later for hopefully a final update. I think maybe i can mark this one down as 'Resolved'.

broni · 2012/05/03

We have to complete cleaning process before we can mark this as "Resolved ".

imjhemp · 2012/05/03

Ok. Im getting ahead of myself.
Here are those logs.

Log in or Sign up

Solved s04.cltrda.com Popup

imjhemp Inactive Thread Starter

Admin. Administrator Administrator Staff

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

Share This Page

Log in or Sign up

Solved s04.cltrda.com Popup

imjhemp Inactive Thread Starter

Admin. Administrator Administrator Staff

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

broni Moderator Malware Analyst

imjhemp Inactive Thread Starter

Share This Page

Useful Searches