Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows Help and Support Popup / Redirect

Started by fredII , Jul 24 2011 06:03 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 24 July 2011 - 06:03 PM

Just recently picked up this problem. I'm struggling with Windows Help and Support popping up ALOT and in most cases it won't close when i X it out, it comes back. Double -tap control on the pad goes away, have to use the left button and it may or may not close out. Go back to IE8 to another site and it immediately comes back with a response or redirects to a Windows Help and Support knowledge area. I usually go to Task Manager, highlight it and press quit. I will come back later, or if i shut down and cold restart, the process starts all over again. It acts just like malware issues I've had before with my old Toshiba laptop. Have HP Pavillion, DV7-2273cl, IE8, Windows 7 OS. I ran the DDS report and will post (hopefully if done right). Don't know if this is the result of automatic updates or what. Ran updated Avast antivirus and Malwarebytes with no issues found. BTW, looked at the report and Windows Defender is activated and don't know if that should be or not as a firewall with Avast and Malwarbytes (seperate question). Thanks in advance, you all have been fantastic before and it's much appreciated! FredII

Attached Files


    Advertisements

Register to Remove

#2 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 25 July 2011 - 06:06 AM

Hello fredll and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

============================================================

The problem you describe could be connected to the Bios but we’ll check out the possibility of malware first.

============================================================

Run aswMBR

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Please can you also copy and paste DDS.txt in your reply as you only attached Attach.txt in your previous post.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#3 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 25 July 2011 - 12:29 PM

Satchfan, thanks for the quick reply back. I had issues with finding my log "saves" when I save to Desktop. I'm still figuring out Windows 7 and learning. On my initial post there were 2 attachments and I thought I got both as attachments in my original post. As for this post, I have run aswMBR and here is the info in an attachment. i assume you want it as an attachment instead of copy/paste the results in this box. Thanks again, FredII

Attached Files


#4 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 26 July 2011 - 04:51 AM

Hi fredll

Please do not attach posts, just copy and paste them in future. Thanks

To locate Attach.txt
  • click on the “Start” button and in the “Search” box type in Attach.txt
  • right-click Attach.txt and choose Open
Copy and paste it in your next reply.

===========================================

Download and run MBRCheck

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.
Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 27 July 2011 - 09:50 PM

Sorry, about the attachments. Hope this is what you were instructing me to do. FredII MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv7 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 242): 0x02E63000 \SystemRoot\system32\ntoskrnl.exe 0x02E1A000 \SystemRoot\system32\hal.dll 0x00BAD000 \SystemRoot\system32\kdcom.dll 0x00CCE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D12000 \SystemRoot\system32\PSHED.dll 0x00D26000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00E72000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F16000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F25000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F7C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F85000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F8F000 \SystemRoot\system32\DRIVERS\pci.sys 0x00FC2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FCF000 \SystemRoot\system32\DRIVERS\isapnp.sys 0x00E00000 \SystemRoot\system32\DRIVERS\mpio.sys 0x00E2A000 \SystemRoot\System32\drivers\partmgr.sys 0x00E3F000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E48000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E54000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D84000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E69000 \SystemRoot\system32\DRIVERS\intelide.sys 0x00FD8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00FE8000 \SystemRoot\system32\DRIVERS\aliide.sys 0x00FEF000 \SystemRoot\system32\DRIVERS\amdide.sys 0x00FF6000 \SystemRoot\system32\DRIVERS\cmdide.sys 0x00DE0000 \SystemRoot\System32\drivers\mountmgr.sys 0x01029000 \SystemRoot\system32\DRIVERS\msdsm.sys 0x0104F000 \SystemRoot\system32\drivers\nvraid.sys 0x01077000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x010A7000 \SystemRoot\system32\DRIVERS\pciide.sys 0x010AE000 \SystemRoot\system32\DRIVERS\viaide.sys 0x010B6000 \SystemRoot\system32\drivers\iaStorV.sys 0x01265000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x01381000 \SystemRoot\system32\DRIVERS\atapi.sys 0x0138A000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x013B4000 \SystemRoot\system32\DRIVERS\lsi_sas.sys 0x01200000 \SystemRoot\system32\DRIVERS\storport.sys 0x013D1000 \SystemRoot\system32\DRIVERS\msahci.sys 0x013DC000 \SystemRoot\system32\DRIVERS\HpSAMD.sys 0x0143F000 \SystemRoot\system32\DRIVERS\adp94xx.sys 0x014BA000 \SystemRoot\system32\DRIVERS\adpahci.sys 0x01510000 \SystemRoot\system32\DRIVERS\adpu320.sys 0x0153F000 \SystemRoot\system32\drivers\amdsata.sys 0x0155D000 \SystemRoot\system32\DRIVERS\amdsbs.sys 0x015A4000 \SystemRoot\system32\drivers\amdxata.sys 0x015AF000 \SystemRoot\system32\DRIVERS\arc.sys 0x015C8000 \SystemRoot\system32\DRIVERS\arcsas.sys 0x0165A000 \SystemRoot\system32\DRIVERS\elxstor.sys 0x016E1000 \SystemRoot\system32\DRIVERS\iirsp.sys 0x016F2000 \SystemRoot\system32\DRIVERS\lsi_fc.sys 0x01711000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys 0x01724000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys 0x01743000 \SystemRoot\system32\DRIVERS\megasas.sys 0x0174F000 \SystemRoot\system32\DRIVERS\MegaSR.sys 0x01600000 \SystemRoot\system32\DRIVERS\nfrd960.sys 0x01610000 \SystemRoot\system32\drivers\nvstor.sys 0x01801000 \SystemRoot\system32\DRIVERS\ql2300.sys 0x01AFC000 \SystemRoot\system32\DRIVERS\ql40xx.sys 0x01B5B000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys 0x01B69000 \SystemRoot\system32\DRIVERS\sisraid4.sys 0x01B81000 \SystemRoot\system32\DRIVERS\stexstor.sys 0x01B8B000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x01A00000 \SystemRoot\system32\drivers\fltmgr.sys 0x01A4C000 \SystemRoot\system32\drivers\fileinfo.sys 0x01C4A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01A60000 \SystemRoot\System32\Drivers\msrpc.sys 0x01C00000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01E6A000 \SystemRoot\System32\Drivers\cng.sys 0x01EDD000 \SystemRoot\System32\drivers\pcw.sys 0x01EEE000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01EF8000 \SystemRoot\system32\drivers\ndis.sys 0x01E00000 \SystemRoot\system32\drivers\NETIO.SYS 0x01C1A000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x02002000 \SystemRoot\System32\drivers\tcpip.sys 0x01BB5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01E60000 \SystemRoot\system32\DRIVERS\wd.sys 0x019A5000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01FEA000 \SystemRoot\System32\Drivers\spldr.sys 0x01ABE000 \SystemRoot\system32\DRIVERS\sbp2port.sys 0x01400000 \SystemRoot\System32\drivers\rdyboost.sys 0x01DEC000 \SystemRoot\System32\Drivers\mup.sys 0x01FF2000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01ADB000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x02262000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0229C000 \SystemRoot\system32\DRIVERS\disk.sys 0x02200000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x0367A000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x03712000 \SystemRoot\System32\Drivers\Null.SYS 0x0371B000 \SystemRoot\System32\Drivers\Beep.SYS 0x03722000 \SystemRoot\System32\drivers\vga.sys 0x03730000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03755000 \SystemRoot\System32\drivers\watchdog.sys 0x03765000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0376E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x03777000 \SystemRoot\system32\drivers\rdprefmp.sys 0x03780000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0378B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0379C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x037BA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x037C7000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x0449C000 \SystemRoot\system32\drivers\afd.sys 0x04525000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x0452F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04574000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x0457D000 \SystemRoot\system32\DRIVERS\pacer.sys 0x045A3000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x045B9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x045E5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04400000 \SystemRoot\system32\DRIVERS\termdd.sys 0x04414000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04465000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04471000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x0447C000 \SystemRoot\System32\drivers\discache.sys 0x037D5000 \SystemRoot\System32\Drivers\dfsc.sys 0x0448B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03600000 \SystemRoot\System32\Drivers\aswSP.SYS 0x0364D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x045C8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x045DE000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x04644000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x04C5B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04D4F000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04D95000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04DB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x04E34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04E8A000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x05299000 \SystemRoot\system32\DRIVERS\NETw5s64.sys 0x05200000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x0520D000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04ED9000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x04F08000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x05283000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x04F26000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x04F35000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x0528F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04F81000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04F90000 \SystemRoot\system32\DRIVERS\enecir.sys 0x04FAD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x04FBA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x04FC3000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x04FCF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04FDF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x04E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04E24000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04DC6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04600000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0461B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0222A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x05291000 \SystemRoot\system32\DRIVERS\swenum.sys 0x0602D000 \SystemRoot\system32\DRIVERS\ks.sys 0x06070000 \SystemRoot\system32\DRIVERS\circlass.sys 0x06082000 \SystemRoot\system32\DRIVERS\umbus.sys 0x06094000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x060EE000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x06103000 \SystemRoot\system32\drivers\AtiHdmi.sys 0x06123000 \SystemRoot\system32\drivers\portcls.sys 0x06160000 \SystemRoot\system32\drivers\drmk.sys 0x06182000 \SystemRoot\system32\drivers\ksthunk.sys 0x08A69000 \SystemRoot\system32\DRIVERS\stwrt64.sys 0x08C79000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x08DAA000 \SystemRoot\system32\drivers\modem.sys 0x08DB9000 \SystemRoot\system32\DRIVERS\hidir.sys 0x08DCA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x08DE3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x08DEC000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x08C00000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x08C0D000 \SystemRoot\System32\drivers\Dxapi.sys 0x08C19000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x08AE4000 \SystemRoot\system32\DRIVERS\udfs.sys 0x08C36000 \SystemRoot\System32\Drivers\usbvideo.sys 0x08C64000 \SystemRoot\System32\Drivers\crashdmp.sys 0x022B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x08B38000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x08B4B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004D0000 \SystemRoot\System32\TSDDD.dll 0x00780000 \SystemRoot\System32\cdd.dll 0x00870000 \SystemRoot\System32\ATMFD.DLL 0x08B59000 \SystemRoot\system32\drivers\luafv.sys 0x08B7C000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x08BB6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x08BBF000 \SystemRoot\system32\drivers\WudfPf.sys 0x08BE0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x08A00000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x08A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x06188000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x05087000 \SystemRoot\system32\drivers\HTTP.sys 0x0514F000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0516D000 \SystemRoot\System32\drivers\mpsdrv.sys 0x05185000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x051B2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x05000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0A62C000 \SystemRoot\system32\drivers\peauth.sys 0x0A6D2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0A6DD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0A70A000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0A71C000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 0x0A747000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0B047000 \SystemRoot\System32\DRIVERS\srv.sys 0x0B1B4000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x0B000000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x77770000 \Windows\System32\ntdll.dll 0x47A90000 \Windows\System32\smss.exe 0xFFA90000 \Windows\System32\apisetschema.dll 0xFFBD0000 \Windows\System32\autochk.exe 0xFFA50000 \Windows\System32\imm32.dll 0xFFA40000 \Windows\System32\lpk.dll 0xFF930000 \Windows\System32\msctf.dll 0xFF800000 \Windows\System32\rpcrt4.dll 0xFF760000 \Windows\System32\msvcrt.dll 0xFF500000 \Windows\System32\iertutil.dll 0xFF4E0000 \Windows\System32\imagehlp.dll 0xFF300000 \Windows\System32\setupapi.dll 0xFF0F0000 \Windows\System32\ole32.dll 0xFF0D0000 \Windows\System32\sechost.dll 0x77940000 \Windows\System32\normaliz.dll 0xFEFF0000 \Windows\System32\advapi32.dll 0xFEF10000 \Windows\System32\oleaut32.dll 0xFEEC0000 \Windows\System32\ws2_32.dll 0xFEE40000 \Windows\System32\shlwapi.dll 0xFEDD0000 \Windows\System32\gdi32.dll 0xFED30000 \Windows\System32\comdlg32.dll 0xFEC00000 \Windows\System32\wininet.dll 0xFEB30000 \Windows\System32\usp10.dll 0xFE9B0000 \Windows\System32\urlmon.dll 0xFE930000 \Windows\System32\difxapi.dll 0x77670000 \Windows\System32\user32.dll 0xFE8E0000 \Windows\System32\Wldap32.dll 0x77550000 \Windows\System32\kernel32.dll 0xFE840000 \Windows\System32\clbcatq.dll 0xFE830000 \Windows\System32\nsi.dll 0xFDAA0000 \Windows\System32\shell32.dll 0x77930000 \Windows\System32\psapi.dll 0xFD930000 \Windows\System32\crypt32.dll 0xFD910000 \Windows\System32\devobj.dll 0xFD870000 \Windows\System32\comctl32.dll 0xFD830000 \Windows\System32\wintrust.dll 0xFD7F0000 \Windows\System32\cfgmgr32.dll 0xFD780000 \Windows\System32\KernelBase.dll 0xFD770000 \Windows\System32\msasn1.dll 0x75E50000 \Windows\SysWOW64\normaliz.dll Processes (total 94): 0 System Idle Process 4 System 336 C:\Windows\System32\smss.exe 468 csrss.exe 544 csrss.exe 552 C:\Windows\System32\wininit.exe 604 C:\Windows\System32\services.exe 628 C:\Windows\System32\winlogon.exe 640 C:\Windows\System32\lsass.exe 652 C:\Windows\System32\lsm.exe 760 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\atiesrxx.exe 984 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 364 C:\Windows\System32\svchost.exe 548 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe 1216 C:\Windows\System32\svchost.exe 1260 C:\Windows\System32\hpservice.exe 1328 C:\Windows\System32\atieclxx.exe 1360 C:\Windows\System32\svchost.exe 1496 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 1836 C:\Windows\System32\spoolsv.exe 1872 C:\Windows\System32\svchost.exe 2012 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe 2040 C:\Program Files\LSI SoftModem\agr64svc.exe 1116 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1168 C:\Program Files (x86)\Bonjour\mDNSResponder.exe 1544 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE 1612 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 1952 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 2128 C:\Windows\System32\taskhost.exe 2220 C:\Windows\System32\dwm.exe 2268 C:\Windows\explorer.exe 2580 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2592 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2624 C:\Program Files\Java\jre6\bin\jusched.exe 2692 C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe 2728 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 2736 C:\Program Files\IDT\WDM\sttray64.exe 2772 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2864 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe 2992 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe 3008 C:\Windows\System32\spool\drivers\x64\3\E_IATIFFA.EXE 2316 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2264 C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe 2256 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 2088 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 2076 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 2724 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2844 C:\Program Files\Alwil Software\Avast5\AvastUI.exe 2796 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 2372 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2456 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3040 C:\Program Files\Common Files\Motive\McciCMService.exe 3140 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 3244 C:\Windows\System32\taskeng.exe 3252 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 3516 C:\Windows\System32\svchost.exe 3524 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe 3532 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe 3540 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe 3592 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3808 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 3872 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 4608 C:\Program Files\iPod\bin\iPodService.exe 5048 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 5092 C:\Windows\System32\SearchIndexer.exe 1232 WmiPrvSE.exe 4488 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 5164 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 5292 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5472 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 5676 C:\Program Files\Windows Media Player\wmpnetwk.exe 6112 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4688 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 5572 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe 6044 C:\Windows\System32\svchost.exe 3900 dllhost.exe 5588 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe 2192 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe 3892 C:\Windows\System32\svchost.exe 792 C:\Windows\System32\wuauclt.exe 4468 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe 572 C:\Program Files (x86)\Internet Explorer\iexplore.exe 4388 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3000 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3732 C:\Windows\System32\audiodg.exe 4788 dllhost.exe 1064 dllhost.exe 4960 C:\Users\Bly4\Desktop\MBRCheck.exe 2680 C:\Windows\System32\conhost.exe 5088 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`b4300000 (NTFS) PhysicalDrive0 Model Number: ST9500420AS, Rev: 0006HPM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 968D9F53F6A6A0EDC288C1070C950C99DC2FDFD0 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!

#6 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 28 July 2011 - 02:42 AM

Hi Fred

Windows Defender is activated and don't know if that should be or not as a firewall with Avast and Malwarbytes

All these can be run together but Windows Defender is useless so you could get rid of it!!

==========================================

My turn to apologise. It is DDS.txt that you didn't send: I have the Attach.txt. could you please locate DDS.txt and copy/paste it in your reply.

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#7 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 28 July 2011 - 10:40 AM

Satchfan, here is DDS.txt. This is the second one I ran when i was having problems figuring out how to do this when we first started. FredII . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/13/2009 2:56:16 PM System Uptime: 7/24/2011 10:22:21 AM (6 hours ago) . Motherboard: Quanta | | 3624 Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 333.76 GiB free. D: is FIXED (NTFS) - 15 GiB total, 2.461 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP252: 6/22/2011 2:56:30 PM - Windows Update RP253: 6/24/2011 3:42:21 PM - Windows Update RP254: 6/28/2011 10:25:01 AM - Windows Update RP255: 6/28/2011 11:08:34 AM - Windows Update RP256: 7/1/2011 7:59:03 PM - Windows Update RP257: 7/5/2011 11:32:06 AM - Windows Update RP258: 7/8/2011 8:18:07 PM - Windows Update RP259: 7/12/2011 2:49:53 PM - Windows Update RP260: 7/12/2011 8:05:20 PM - Windows Update RP261: 7/15/2011 7:15:23 PM - Windows Update RP262: 7/19/2011 10:50:21 PM - Windows Update RP263: 7/21/2011 7:56:43 PM - HPSF Applying updates RP264: 7/21/2011 8:01:44 PM - Installed HP Support Assistant RP265: 7/21/2011 8:04:42 PM - Windows Modules Installer RP266: 7/21/2011 8:05:32 PM - Windows Modules Installer . ==== Installed Programs ====================== . . Acrobat.com Action Replay Code Manager Action Replay DSi Code Manager Activate Norton Online Backup ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.4.5 MUI Adobe Shockwave Player 11.5 aiofw aioscnnr Any Video Converter 3.0.7 Apple Application Support Apple Software Update avast! Free Antivirus AVS Update Manager 1.0 AVS Video Converter 7 AVS4YOU Software Navigator 1.4 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish center Compatibility Pack for the 2007 Office system Corel Paint Shop Pro Photo X2 Corel VideoStudio 12 Costco Photo Organizer CyberLink DVD Suite D3DX10 Definition update for Microsoft Office 2010 (KB982726) Epson CreativeZone Epson Easy Photo Print 2 Epson Print CD Google Chrome Google Update Helper Homepage Protection HP Advisor HP Customer Experience Enhancements HP Games HP MediaSmart DVD HP MediaSmart Internet TV HP MediaSmart Live TV HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SlingPlayer HP MediaSmart Software Notebook Demo HP MediaSmart Webcam HP Quick Launch Buttons HP Setup HP Smart Web Printing HP Support Assistant HP Update HP User Guides 0153 HP Wireless Assistant HPAsset component for HP Active Support Library IDT Audio iSEEK AnswerWorks English Runtime Java Auto Updater Java™ 6 Update 26 JMicron Flash Media Controller Driver Juniper Networks Cache Cleaner 6.4.0 Juniper Networks Host Checker Juniper Networks Setup Client Junk Mail filter update KODAK AiO Home Center KODAK All-in-One Printer Software ksDIP LabelPrint LEGO Digital Designer LightScribe System Software LTCM Client Malwarebytes' Anti-Malware version 1.51.1.1800 Marble Blast Gold (remove only) Mavis Beacon Teaches Typing Deluxe 20 Mesh Runtime Messenger Companion Microsoft Live Search Toolbar Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK netbrdg PhotoNow! Power2Go PowerDirector PowerRecover PreReq QLBCASL QuickTime Realtek 8136 8168 8169 Ethernet Driver Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft Excel 2010 (KB2523021) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) SFR SlingBoxWatchYourTVAnyWhere SpeedBit Video Downloader Super Letter Linker TurboTax 2009 TurboTax 2009 wcaiper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper Unity Web Player Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2441641) VideoStudio Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Yahoo! BrowserPlus 2.9.8 . ==== Event Viewer Messages From Past Week ======== . 7/24/2011 10:18:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect. 7/24/2011 10:18:34 AM, Error: Service Control Manager [7000] - The Kodak AiO Network Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/22/2011 10:56:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect. 7/22/2011 10:56:08 AM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/22/2011 10:56:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E} 7/21/2011 8:13:59 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 7/18/2011 3:49:33 PM, Error: RTL8167 [5008] - Realtek PCIe GBE Family Controller : Has encountered an invalid network address. . ==== End Of File ===========================

#8 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 28 July 2011 - 03:45 PM

Hi Fred

I'd like you to try another scan

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#9 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 29 July 2011 - 10:54 PM

Satchfan, here is the info from Combofix. FredII `````` ComboFix 11-07-29.03 - Bly4 07/29/2011 21:01:47.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2616 [GMT -7:00] Running from: c:\users\Bly4\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll c:\users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812} c:\users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}\chrome.manifest c:\users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}\chrome\content\_cfg.js c:\users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}\chrome\content\overlay.xul c:\users\Bly4\AppData\Local\{BD20A947-EF74-4633-A96A-84D2F26A4812}\install.rdf c:\users\Bly4\AppData\Roaming\.# c:\users\Public\videos\HP MediaSmart Demo.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))) . . 2011-07-30 03:59 . 2011-07-30 03:59 -------- d-----w- C:\32788R22FWJFW 2011-07-24 01:21 . 2011-07-24 01:22 -------- d-----w- c:\program files\iTunes 2011-07-24 01:21 . 2011-07-24 01:22 -------- d-----w- c:\program files (x86)\iTunes 2011-07-24 01:21 . 2011-07-24 01:21 -------- d-----w- c:\program files\iPod 2011-07-24 01:20 . 2011-07-24 01:20 -------- d-----w- c:\program files\Bonjour 2011-07-24 01:20 . 2011-07-24 01:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-07-22 03:01 . 2011-07-22 03:01 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} 2011-07-20 05:51 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D6A76D5-6246-43E6-B43C-B4AEC7AE7EED}\mpengine.dll 2011-07-12 21:59 . 2011-07-12 21:59 -------- d-----w- c:\programdata\kds_kodak 2011-07-12 21:59 . 2011-07-12 21:59 -------- d-----w- c:\programdata\Eastman Kodak Company 2011-07-12 21:49 . 2011-06-02 06:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-12 21:49 . 2011-06-02 05:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-12 21:49 . 2011-06-02 05:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-12 21:49 . 2011-06-02 03:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-12 21:49 . 2011-06-02 03:50 2048 ----a-w- c:\windows\SysWow64\user.exe 2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-08 04:10 . 2011-07-08 04:10 -------- d-----w- c:\program files (x86)\Apple Software Update . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-10 20:43 . 2011-06-07 18:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-07 02:52 . 2010-02-25 06:27 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2010-02-25 06:27 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43 . 2010-06-30 03:34 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2010-06-04 03:59 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-07-04 11:43 . 2011-01-18 07:35 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-05-04 21:45 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2010-06-04 04:00 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2010-06-04 04:00 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2010-06-04 04:00 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2010-06-04 04:00 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2010-06-04 04:00 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-02 05:56 . 2011-07-12 21:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-28 03:25 . 2011-06-15 19:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-28 03:00 . 2011-06-15 19:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-05-25 02:14 . 2010-02-12 05:31 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:21 . 2011-06-28 17:25 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:34 . 2011-06-28 17:25 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:34 . 2011-06-28 17:25 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:34 . 2011-06-28 17:25 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:32 . 2011-06-28 17:25 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-16 17:17 . 2010-10-10 05:48 952 --sha-w- c:\programdata\KGyGaAvL.sys 2011-05-13 15:49 . 2010-01-01 02:03 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-05-13 15:48 . 2010-01-01 02:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-05-13 15:44 . 2010-05-20 04:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-05-13 15:43 . 2010-03-03 05:06 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-06 02:46 . 2010-04-05 20:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-05-06 02:45 . 2010-08-02 03:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-05-06 02:45 . 2010-01-01 02:02 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-05-04 11:52 . 2010-12-20 18:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-04 05:30 . 2011-06-28 17:25 2326016 ----a-w- c:\windows\system32\tquery.dll 2011-05-04 05:28 . 2011-06-28 17:25 2228224 ----a-w- c:\windows\system32\mssrch.dll 2011-05-04 05:28 . 2011-06-28 17:25 779264 ----a-w- c:\windows\system32\mssvp.dll 2011-05-04 05:28 . 2011-06-28 17:25 491520 ----a-w- c:\windows\system32\mssph.dll 2011-05-04 05:28 . 2011-06-28 17:25 75264 ----a-w- c:\windows\system32\msscntrs.dll 2011-05-04 05:28 . 2011-06-28 17:25 288256 ----a-w- c:\windows\system32\mssphtb.dll 2011-05-04 05:24 . 2011-06-28 17:25 593408 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-05-04 05:24 . 2011-06-28 17:25 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-05-04 05:24 . 2011-06-28 17:25 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-05-04 04:53 . 2011-06-28 17:25 1553920 ----a-w- c:\windows\SysWow64\tquery.dll 2011-05-04 04:52 . 2011-06-28 17:25 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll 2011-05-04 04:52 . 2011-06-28 17:25 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2011-05-04 04:52 . 2011-06-28 17:25 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2011-05-04 04:52 . 2011-06-28 17:25 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2011-05-04 04:52 . 2011-06-28 17:25 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2011-05-04 04:52 . 2011-06-28 17:25 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2011-05-04 04:52 . 2011-06-28 17:25 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:52 . 2011-06-28 17:25 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2011-05-04 02:51 . 2011-06-15 19:57 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:51 . 2011-06-15 19:57 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-05-04 02:51 . 2011-06-15 19:57 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-03 05:21 . 2011-06-15 19:56 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-03 04:50 . 2011-06-15 19:56 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-05-02 04:47 . 2011-05-02 04:47 204584 ----a-w- c:\windows\system32\SynTPAPI.dll 2011-05-02 04:47 . 2011-05-02 04:47 147752 ----a-w- c:\windows\system32\SynTPCo4.dll 2011-05-02 04:47 . 2011-05-02 04:47 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll 2011-05-02 04:47 . 2011-05-02 04:47 286768 ----a-w- c:\windows\system32\drivers\SynTP.sys 2011-05-02 04:47 . 2011-05-02 04:47 395048 ----a-w- c:\windows\system32\SynCOM.dll 2011-05-02 04:47 . 2011-05-02 04:47 261928 ----a-w- c:\windows\system32\SynCtrl.dll 2011-05-02 04:47 . 2011-05-02 04:47 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll 2011-05-02 04:47 . 2011-05-02 04:47 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll 2011-05-02 04:45 . 2011-05-02 04:45 7680512 ----a-w- c:\windows\system32\drivers\NETw5s64.sys 2011-05-02 04:43 . 2011-05-02 04:44 604672 ------w- c:\windows\system32\stapi64.dll 2011-05-02 04:43 . 2011-05-02 04:44 487936 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-05-02 04:43 . 2011-05-02 04:44 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-05-02 04:43 . 2011-05-02 04:44 1431552 ----a-w- c:\windows\system32\stapo64.dll 2011-05-02 04:43 . 2009-08-25 08:30 456192 ----a-w- c:\windows\sttray64.exe 2011-05-02 04:43 . 2009-08-25 08:30 3738112 ----a-w- c:\windows\system32\stlang64.dll 2011-05-02 04:43 . 2009-08-25 08:30 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2011-05-02 04:43 . 2009-08-25 08:30 444928 ----a-w- c:\windows\system32\AESTEC64.dll 2011-05-02 04:43 . 2009-08-25 08:30 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2011-05-02 04:43 . 2009-08-25 08:30 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2011-05-02 04:43 . 2009-08-25 08:30 564224 ----a-w- c:\windows\system32\idt64mp1.exe 2011-05-02 04:43 . 2009-08-25 08:30 12350464 ----a-w- c:\windows\system32\idtcpl64.cpl 2011-05-02 04:43 . 2009-08-25 08:29 209920 ----a-w- c:\windows\system32\staco64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}] 2010-10-08 00:29 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-06-22 16712] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 2023936] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2008-12-24 1540288] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 136176] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/25 01:51];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 03:45 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2011-05-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 04:00] . 2011-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 04:00] . 2011-07-30 c:\windows\Tasks\HPCeeScheduleForBly4.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 171520] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-08-03 2023936] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-02 456192] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 Trusted Zone: $talisma_url$ Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2011-07-29 21:21:27 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-30 04:21 . Pre-Run: 363,044,560,896 bytes free Post-Run: 364,400,766,976 bytes free . - - End Of File - - 3DEB06FDF82A231F617AB02EEE8AB60A

#10 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 July 2011 - 09:49 AM

Hi Fred

Nothing in that either.

I think this could be a software/hardware problem but let’s just make sure

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:
  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan 1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.

3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish
If a log has been produced post it in your next reply.

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#11 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 30 July 2011 - 08:25 PM

Satchfan, interesting news. In checking for you latest guidance I was sitting at the keyboard and noticed a different look in the keys, top row F1 "help" key. It was lower than the others across the top row. It was "stuck" down!! It took me working it loose to get it to be the same height. I haven't had the issue since. I think this key has enabled "help" ALL the time which would make sense. Haven't had the pop-up issue since. To me it had malware issues all over it but as you've been "reading" all the results I think your insticts were correct that is would be a software or hardware issue and this stuck key, especially the "help" stuck key was the issue. What do you think? I'm back to "normal". I'll take a little good luck anytime. FredII

#12 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 31 July 2011 - 03:53 AM

Well done for noticing Fred :thumbup: I agree. It appears that we were both correct in thinking this was never a malware problem but it was better to check just to be sure. If you are happy with your computer and have no more problems I'll close this topic. Safe computing Satchfan.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#13 fredII

fredII

    Authentic Member

  • Authentic Member
  • PipPip
  • 79 posts

Posted 31 July 2011 - 10:57 AM

Satchfan, as usual, thanks for all the help. Really appreciate it. I assume, go ahead and clear all the other diagnosis software, shouldn't need it around. I'm still using "free" Avast, and Malwarebytes. If there's better, I'd be interested. Other than that, we can close this out and THANKS ALOT! FredII

#14 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 August 2011 - 02:26 AM

Hi Fred

As long as your computer seems to be running well, please do the following to tidy up and set a restore point:

Uninstall Combofix

Follow these steps to uninstall Combofix
  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
Posted Image
  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

After that, if there are any tools/logs on your desktop you can delete them.

===================================================

I'm still using "free" Avast, and Malwarebytes.

Avast is fine but you could also consider the free Microsoft Security Essentials which can be downloaded from here.

Don’t forget to only install and run only ONE antivirus program at one time.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Install Spybot - Search and Destroy - Download and install Spybot Search and Destroy which provides real time spyware and hijacker protection .

You should scan your computer with the program on a regular basis as you would with your anti-virus software.

A tutorial on installing and using SS&D can be found here:

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Safe computing

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#15 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,813 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 August 2011 - 03:26 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·