Jump to content

Computer often locks up on start up and some apps dont work correctly


Recommended Posts

Vista system sometimes will require multiple startup attempts. When it acts up, mouse, keyboard or ctl alt del don't work. Only thing that works is man. off. Sometimes when it finally does start up, may lock up after a few minutes. Especially if running more than one program. Many times using media player. Maybe coincidence. Once up and running past 5 minutes, works great all night long. Occasionally no problem experienced. Lately, burning CDs with media player has been problematic also.

Attach.txt

DDS.txt

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/1/2008 10:07:02 PM

System Uptime: 4/2/2012 7:46:56 PM (1 hours ago)

.

Motherboard: ECS | | MCP61PM-GM

Processor: AMD Phenom 9600 Quad-Core Processor | Socket AM2 | 1150/1mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 100.921 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 4.473 GiB free.

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is FIXED (NTFS) - 466 GiB total, 465.657 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

.

==== System Restore Points ===================

.

RP607: 3/21/2012 3:00:12 AM - Windows Update

RP608: 3/21/2012 8:33:27 PM - Windows Update

RP609: 3/22/2012 3:00:30 AM - Windows Update

RP610: 3/22/2012 11:52:00 PM - Scheduled Checkpoint

RP611: 3/23/2012 3:00:38 AM - Windows Update

RP612: 3/23/2012 3:11:45 AM - Windows Update

RP613: 3/24/2012 12:45:36 AM - Scheduled Checkpoint

RP614: 3/24/2012 3:00:12 AM - Windows Update

RP615: 3/25/2012 3:01:28 AM - Windows Update

RP616: 3/25/2012 3:03:48 AM - Windows Update

RP617: 3/26/2012 7:46:05 PM - Windows Update

RP618: 3/26/2012 8:01:47 PM - Windows Update

RP619: 3/26/2012 11:02:40 PM - Windows Update

RP620: 3/28/2012 3:00:31 AM - Windows Update

RP621: 3/28/2012 3:11:44 AM - Windows Update

RP622: 3/28/2012 11:04:11 PM - Windows Update

RP623: 3/29/2012 9:20:41 PM - Windows Update

RP624: 3/30/2012 3:00:17 AM - Windows Update

RP625: 3/30/2012 7:26:51 AM - Windows Update

RP626: 4/1/2012 9:25:54 PM - Windows Update

RP627: 4/2/2012 12:00:19 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Brochures & Flyers

ArcSoft Print Creations - Photo Calendar

ATI Catalyst Install Manager

BD Advisor 2.0

BigFix

Bonjour

Browser Address Error Redirector

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility

CCC Help English

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD

DRAW Pro Premier 1.5

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 610 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup

FinePixViewer Resource

FinePixViewer Ver.5.5

FinePixViewer YTUPL

Free File Opener v2011.7.0.1

Garmin City Navigator North America NT 2010.20

Garmin City Navigator North America NT 2011.30 Update

Garmin Communicator Plugin

Garmin USB Drivers

Garmin WebUpdater

Gateway Connect

Gateway Games

Gateway Recovery Center Installer

Geek Squad 24 Hour Computer Support

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hi-Def Suite

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iCloud

InstallIQ Updater

iTunes

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

LTCM Client

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft WSE 2.0 SP3 Runtime

MobileMe Control Panel

Move Media Player

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Napster

Napster Burn Engine

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

Power2Go 5.0

Presto! PageManager 8.15.01 SE

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skins

Smart Copy

Snood 4

Soft Data Fax Modem with SmartCP

Spare Backup

Total Seal Catalog

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

VoiceOver Kit

WebEx

WildTangent Games App (Gateway Games)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

Windows Driver Package - ViXS Systems Inc. ViXS PureTV-U (05/29/2007 6.2.100.7)

Yahoo! Install Manager

Yahoo! Software Update

Yahoo! Toolbar

Yahtzee

.

==== Event Viewer Messages From Past Week ========

.

4/2/2012 7:54:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ARV5Y5DGJH\Main SID (S-1-5-21-1495362464-177437668-2316947567-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/2/2012 7:54:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user ARV5Y5DGJH\Main SID (S-1-5-21-1495362464-177437668-2316947567-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/2/2012 12:00:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB2541012).

3/29/2012 9:10:00 PM, Error: EventLog [6008] - The previous system shutdown at 9:08:10 PM on 3/29/2012 was unexpected.

3/29/2012 9:02:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/28/2012 8:43:44 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

3/28/2012 8:43:40 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

3/28/2012 3:00:22 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

3/28/2012 3:00:22 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/27/2012 7:03:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/27/2012 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/27/2012 7:03:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/27/2012 7:03:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/27/2012 7:03:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/27/2012 7:03:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/27/2012 7:03:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/27/2012 7:02:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/27/2012 7:02:33 PM, Error: EventLog [6008] - The previous system shutdown at 7:00:32 PM on 3/27/2012 was unexpected.

3/26/2012 7:51:01 PM, Error: EventLog [6008] - The previous system shutdown at 7:48:49 PM on 3/26/2012 was unexpected.

3/26/2012 7:41:57 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:28 PM on 3/25/2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Main at 20:09:42 on 2012-04-02

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1999 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\IOI\ButtonMonitor.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIFJA.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files\FinePixViewer\QuickDCF2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\ehome\ehRecvr.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5664

mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5664

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5664

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S8CC5.tmp" /EF "HKCU"

uRun: [PMSpeed] c:\program files\newsoft\presto! pagemanager 8 for ep\PMSpeed.EXE

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_ActiveX.exe -update activex

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [buttonMonitor] c:\program files\ioi\ButtonMonitor.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent

mRun: [NapsterShell] c:\program files\napster\napster.exe /systray

mRun: [skytel] Skytel.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\users\main\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {1E4FF862-57ED-4E5C-9C57-3ECB8DC17827} - hxxp://70.183.185.26:8181/ePlusDVR.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{34D12321-3CAA-455F-BFAB-5198CFB27376} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: DfLogon - LogonDll.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl25df5dfd;MpKsl25df5dfd;c:\programdata\microsoft\microsoft antimalware\definition updates\{b10d2333-2922-4575-8f99-8bfb53684a1c}\MpKsl25df5dfd.sys [2012-4-2 29904]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-1 21504]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-11-26 156672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-1 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-02 23:53:57 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b10d2333-2922-4575-8f99-8bfb53684a1c}\MpKsl25df5dfd.sys

2012-04-02 01:32:51 -------- d-----w- c:\program files\iPod

2012-04-02 01:26:32 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b10d2333-2922-4575-8f99-8bfb53684a1c}\mpengine.dll

2012-03-15 01:04:21 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-15 01:04:18 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-15 01:04:18 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-15 01:04:17 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-15 01:04:17 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-15 01:04:17 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-15 01:04:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-03-15 01:02:28 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-15 01:02:28 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

==================== Find3M ====================

.

2012-02-26 14:02:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-17 03:59:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 20:09:58.70 ===============

Link to post
Share on other sites

Hello speedracer269 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • aswMBR log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-03 19:20:59

-----------------------------

19:20:59.962 OS Version: Windows 6.0.6002 Service Pack 2

19:20:59.962 Number of processors: 2 586 0x202

19:20:59.963 ComputerName: ARV5Y5DGJH UserName: Main

19:21:16.281 Initialize success

19:22:11.232 AVAST engine defs: 12040302

19:22:17.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

19:22:17.462 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6

19:22:17.467 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000056

19:22:17.471 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6

19:22:17.483 Disk 0 MBR read successfully

19:22:17.488 Disk 0 MBR scan

19:22:17.499 Disk 0 Windows VISTA default MBR code

19:22:17.504 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11264 MB offset 63

19:22:17.541 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 465674 MB offset 23069340

19:22:17.582 Disk 0 scanning sectors +976771120

19:22:17.692 Disk 0 scanning C:\Windows\system32\drivers

19:22:41.476 Service scanning

19:22:59.142 Service MpKslaabf1982 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92F88E0A-1831-4F1B-B112-E4CAEABF0885}\MpKslaabf1982.sys **LOCKED** 32

19:22:59.222 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

19:23:22.719 Modules scanning

19:23:27.969 Disk 0 trace - called modules:

19:23:27.993 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

19:23:28.002 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cfe2a8]

19:23:28.011 3 CLASSPNP.SYS[8a4578b3] -> nt!IofCallDriver -> [0x84c42d40]

19:23:28.020 5 acpi.sys[89ddb6bc] -> nt!IofCallDriver -> \Device\00000055[0x84c42990]

19:23:30.878 AVAST engine scan C:\Windows

19:23:37.990 AVAST engine scan C:\Windows\system32

19:29:41.247 AVAST engine scan C:\Windows\system32\drivers

19:30:29.530 AVAST engine scan C:\Users\Main

19:41:58.086 File: C:\Users\Main\AppData\Local\Temp\iqu_bootstrap.exe **INFECTED** Win32:Adware-gen [Adw]

20:59:49.120 AVAST engine scan C:\ProgramData

21:04:18.933 Scan finished successfully

18:27:36.313 Disk 0 MBR has been saved successfully to "C:\Users\Main\Desktop\MBR.dat"

18:27:36.335 The log file has been saved successfully to "C:\Users\Main\Desktop\aswMBR.txt"

Had to run the Malware scan in safe mode as the pc was just shutting off.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.09

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Main :: ARV5Y5DGJH [administrator]

4/4/2012 6:37:12 PM

mbam-log-2012-04-04 (18-37-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201409

Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

This was done in normal mode.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.05.11

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Main :: ARV5Y5DGJH [administrator]

4/5/2012 7:29:30 PM

mbam-log-2012-04-05 (19-29-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205038

Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 12-04-07.02 - Main 04/07/2012 12:10:55.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1778 [GMT -4:00]

Running from: c:\users\Main\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\dfinstall.log

c:\windows\security\Database\tmp.edb

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))

.

.

2012-04-07 16:22 . 2012-04-07 16:23 -------- d-----w- c:\users\Main\AppData\Local\temp

2012-04-07 16:22 . 2012-04-07 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-07 16:22 . 2012-04-07 16:22 -------- d-----w- c:\users\Experience\AppData\Local\temp

2012-04-07 16:06 . 2012-04-07 16:06 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8FDC8C5-4B4C-4ACF-9592-53F261C525ED}\MpKsl8aeb62cd.sys

2012-04-07 16:02 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8FDC8C5-4B4C-4ACF-9592-53F261C525ED}\mpengine.dll

2012-04-05 03:25 . 2012-04-05 03:25 -------- d-----w- c:\program files\Microsoft Silverlight

2012-04-03 23:14 . 2012-04-03 23:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-02 01:32 . 2012-04-02 01:32 -------- d-----w- c:\program files\iPod

2012-03-15 01:04 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-15 01:04 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-15 01:04 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-15 01:04 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-15 01:04 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-15 01:04 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-15 01:04 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-03-15 01:02 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-15 01:02 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 23:14 . 2011-05-21 13:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-14 02:15 . 2011-04-03 21:41 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-26 14:02 . 2011-01-16 22:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-02-11 00:45 . 2012-02-11 00:46 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FB22522-B9DC-4B18-A53E-2EFE748423C5}\gapaengine.dll

2012-01-31 12:44 . 2009-10-03 22:20 237072 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-01-12 1517368]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-07 39408]

"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]

"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]

"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-13 5252936]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]

"Skytel"="Skytel.exe" [2007-10-11 1826816]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-17 87336]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-12-24 1643200]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

.

c:\users\Main\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-12-28 303104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL8AEB62CD

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-07-12 16:28 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:14]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:37]

.

2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:37]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5664

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {1E4FF862-57ED-4E5C-9C57-3ECB8DC17827} - hxxp://70.183.185.26:8181/ePlusDVR.cab

.

- - - - ORPHANS REMOVED - - - -

.

Notify-DfLogon - LogonDll.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-07 12:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\Main\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-04-07 12:31:38

ComboFix-quarantined-files.txt 2012-04-07 16:31

.

Pre-Run: 109,936,320,512 bytes free

Post-Run: 115,233,038,336 bytes free

.

- - End Of File - - 9674731D2ACE1DEAC9F2F47C845840BB

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-12 19:07:50

-----------------------------

19:07:50.958 OS Version: Windows 6.0.6002 Service Pack 2

19:07:50.959 Number of processors: 2 586 0x202

19:07:50.960 ComputerName: ARV5Y5DGJH UserName: Main

19:08:07.807 Initialize success

19:08:18.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057

19:08:18.450 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6

19:08:18.454 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000058

19:08:18.458 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6

19:08:18.473 Disk 0 MBR read successfully

19:08:18.477 Disk 0 MBR scan

19:08:18.482 Disk 0 Windows VISTA default MBR code

19:08:18.487 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11264 MB offset 63

19:08:18.505 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 465674 MB offset 23069340

19:08:18.513 Disk 0 scanning sectors +976771120

19:08:18.567 Disk 0 scanning C:\Windows\system32\drivers

19:08:24.778 Service scanning

19:08:30.049 Service MpKsld48c8722 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C728762F-5CF4-42B1-BEDB-CCCE665A7838}\MpKsld48c8722.sys **LOCKED** 32

19:08:30.103 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

19:08:37.244 Modules scanning

19:08:42.559 Disk 0 trace - called modules:

19:08:42.578 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

19:08:42.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4bac8]

19:08:42.598 3 CLASSPNP.SYS[8a5a78b3] -> nt!IofCallDriver -> [0x84cc8958]

19:08:42.611 5 acpi.sys[89de16bc] -> nt!IofCallDriver -> \Device\00000057[0x84cc8c90]

19:08:42.626 Scan finished successfully

19:09:02.895 Disk 0 MBR has been saved successfully to "C:\Users\Main\Desktop\MBR.dat"

19:09:02.910 The log file has been saved successfully to "C:\Users\Main\Desktop\aswMBR.txt"

Its working fine now. Could you tell us what the problem was?

Link to post
Share on other sites

Looks good. :)

Could you tell us what the problem was?

It is difficult to say exactly what caused your problem. I found infection that are spread from the removable media such as DVDs, USB Devices, CD ROMs, as well as Memory Sticks and each time you insert the removable media and double-click your drives to open it, virus files begin executing and infect your computer.

This one too:

19:41:58.086 File: C:\Users\Main\AppData\Local\Temp\iqu_bootstrap.exe **INFECTED** Win32:Adware-gen [Adw]

Now, please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and aswMBR.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

I suggest you the following: Plug your removable media and then

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.