Jump to content

Recommended Posts

Hi, a few days ago my friend's PC stopped being able to launch .exe files by double clicking. right now to open a program he needs to use Open-With, and then open it with itself. we tried editing the registry to fix the .exe file association but to no avail.

below are the hijack this logs.

thanks for your time.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Bama at 15:40:57 on 2011-12-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5109 [GMT -5:00]

.

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG10\avgam.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [GamingMouse] C:\Program Files (x86)\GamingMouse\mousehid.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Bama\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{69BBB78F-CB04-42AC-A117-B8EDFB35E5CE} : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{F46FA383-ABBB-4A7D-954C-E3A36BCFBB5B}\130364850383134313431383 : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [GamingMouse] C:\Program Files (x86)\GamingMouse\mousehid.exe

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Bama\AppData\Roaming\Mozilla\Firefox\Profiles\knr7fmc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B409cde5c-6f48-47fd-b4fc-db57d0fcf10e%7D&mid=f6124be7b4df47d198909128c00d5318-a9a349c6900e19b582e05c5383407b667900f95c&ds=AVG&v=9.0.0.18.1〈=us&pr=pa&d=2011-12-04%2005%3A27%3A49&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll

FF - component: C:\ProgramData\AVG Secure Search\9.0.0.18\components\toolbarhomewmp.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4

FF - Ext: AVG Security Toolbar: avg@toolbar - C:\ProgramData\AVG Secure Search\9.0.0.18

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:30:21];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-19 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-19 13336]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-15 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-15 185640]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-4 855904]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 nmgmsFltr;USB Gaming Mouse;C:\Windows\System32\drivers\nmgms.sys [2011-4-28 12544]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-20 167264]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

.exe=ah

.

=============== Created Last 30 ================

.

2011-12-07 03:27:54 -------- d-----w- C:\Users\Bama\AppData\Roaming\Malwarebytes

2011-12-07 03:27:48 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-07 03:27:45 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-07 03:27:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-07 01:25:26 -------- d--h--w- C:\$AVG

2011-12-04 10:27:53 -------- d-----w- C:\ProgramData\AVG Secure Search

2011-12-04 10:27:52 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2011-12-04 10:27:52 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2011-11-09 03:07:45 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 03:07:45 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 03:07:43 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 03:07:43 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2011-10-11 03:13:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 15:41:13.83 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/20/2011 7:06:19 PM

System Uptime: 12/6/2011 10:16:38 PM (41 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 827.444 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.601 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2A16F88C&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2A16F88C&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP72: 11/3/2011 12:00:01 AM - Scheduled Checkpoint

RP73: 11/9/2011 3:00:10 AM - Windows Update

RP74: 11/12/2011 3:00:12 AM - Windows Update

RP75: 11/20/2011 - Scheduled Checkpoint

RP76: 11/20/2011 7:10:07 PM - HPSF Restore Point

RP77: 11/28/2011 12:24:02 AM - Scheduled Checkpoint

RP78: 12/6/2011 1:36:06 AM - Scheduled Checkpoint

RP79: 12/6/2011 10:13:14 PM - Restore Operation

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

ATI Catalyst Registration

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

ccc-core-static

CCC Help English

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

Darksiders

Dead Island

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

GamingMouse

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

Hulu Desktop

HydraVision

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Killing Floor

Killing Floor Mod: Defence Alliance 2

LabelPrint

League of Legends

LightScribe System Software

MagicDisc 2.7.106

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Choice Guard

Microsoft Live Search Toolbar

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox (3.6.24)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

Norton Online Backup

Pando Media Booster

PictureMover

Power2Go

PowerDirector

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Sid Meier's Civilization 4 Gold

Skype™ 5.5

Steam

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Ventrilo Client

Verizon Download Manager

Visual Studio 2008 x64 Redistributables

Warhammer 40,000 Space Marine

Warhammer 40,000: Dawn of War Gold Edition

Warhammer 40,000: Dawn of War – Dark Crusade

Warhammer 40,000: Dawn of War – Soulstorm

Warhammer® 40,000®: Dawn of War® II – Retribution™

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

12/6/2011 9:59:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/6/2011 9:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

12/6/2011 9:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/6/2011 9:53:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 9:53:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/6/2011 7:14:39 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

.

==== End Of File ===========================

thanks again,

Nass

Link to post
Share on other sites

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.