Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Win 32: RLoader-B Virus

(In Progress)
(!)

Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
22-Mar-2012, 04:40 PM #1
Win 32: RLoader-B Virus
Hello all,

I'm hoping that I can get some sort of help as my laptop has a virus that has rendered IE7 incapable of going online. Every time that I attempt to open it a window opens and freezes and I get messages like AppHangProc and the like. I've run Avast and it tells me that the computer is infected by Win32:RLoader-B. Avast won't delete this virus and my computer is all but useless for accessing the internet.

I've read the sticky regarding the Hijackthis and GMER scans but, as my computer won't go online, are there portable versions of these scans that I could download onto a flash drive and then upload onto the laptop, or perhaps someone here knows of a way to circumvent the IE7 issue I'm having. Your help would be greatly appreciated.

If it helps I'm running Windows Vista (2007 version I think) on an HP laptop.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Mar-2012, 08:51 AM #2
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Save Combofix to a USB stick, transfer directly to the Desktop of the sick PC <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
24-Mar-2012, 11:45 AM #3
Thank you, Kevin. I ran the scan and the results are pasted below. New problem, though--now when I start up the computer, it won't go to the desktop page, instead I get the following message:
"The Server is not responding properly. Verify that Credential Manager Server is properly installed on the target server". I have no password on the computer and even went into Safe Mode and opened My Computer and went into computer name settings properties to ensure that there was no password set and still cannot get to the desktop in 'normal' mode. Any help there as well as with the Win32 bug?

As requested, the ComboFix Log:

ComboFix 12-03-22.01 - HO 03/24/2012 4:53.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.937 [GMT -5:00]
Running from: I:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Recent\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Cookies\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-09 00:05 . 2012-03-09 00:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26 . 2009-10-23 17:54 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26 . 2007-08-29 03:06 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26 . 2007-08-31 02:17 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24 . 2007-09-11 02:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24 . 2007-12-16 22:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:24 . 2007-12-16 09:56 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:22 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22 . 2008-08-28 03:24 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22 . 2008-08-28 03:24 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16 . 2007-06-27 02:21 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16 . 2007-06-26 02:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16 . 2007-07-13 02:20 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16 . 2007-06-19 00:48 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16 . 2007-05-24 02:25 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16 . 2007-06-19 02:09 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16 . 2007-06-26 02:49 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16 . 2007-06-26 02:49 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:16 . 2007-06-26 02:21 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:15 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:15 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:14 . 2007-04-28 02:15 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14 . 2007-05-04 00:31 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07 . 2009-09-10 15:29 1418240 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-03-07 19:07 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07 . 2009-09-10 15:29 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2012-03-07 19:07 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41 . 2012-02-25 14:42 -------- d-----w- c:\users\HO\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-24 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 05:09
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
"imagepath"="\??\c:\windows\TEMP\BBE7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 05:15:53
ComboFix-quarantined-files.txt 2012-03-24 10:15
ComboFix2.txt 2010-02-20 05:55
.
Pre-Run: 1,297,727,488 bytes free
Post-Run: 1,892,134,912 bytes free
.
- - End Of File - - 054E36B4DCF888917947E1C7900C3BD8
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
24-Mar-2012, 12:37 PM #4
Okay, I've found a way around a credential manager to get back to the desktop. Will await feedback on the log I've posted. Thank you.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
24-Mar-2012, 03:36 PM #5
Why did you run Combofix from I:\drive? I asked you to transfer to and run from the Desktop.....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
ClearJavaCache::
File::
c:\windows\TEMP\BBE7.tmp
RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
24-Mar-2012, 10:26 PM #6
Kevin,

I'd run it from the flash drive when I couldn't get the version I'd saved from the flash to the desktop (I realize now that I'd actually saved a shortcut to the flash drive instead--simpleminded, true, but I've registered on here as a beginner, n'est pas?). At any rate, IE7 is now working on my laptop and I went and directly downloaded ComboFix to my desktop and ran it. Hope that was okay. Here is the log below. Thanks again and I await further notice.

ComboFix 12-03-22.01 - HO 03/24/2012 21:34:13.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.736 [GMT -5:00]
Running from: c:\users\HO\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Recent\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Cookies\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-09 00:05 . 2012-03-09 00:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26 . 2009-10-23 17:54 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26 . 2007-08-29 03:06 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26 . 2007-08-31 02:17 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24 . 2007-09-11 02:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24 . 2007-12-16 22:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:24 . 2007-12-16 09:56 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:22 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22 . 2008-08-28 03:24 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22 . 2008-08-28 03:24 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16 . 2007-06-27 02:21 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16 . 2007-06-26 02:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16 . 2007-07-13 02:20 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16 . 2007-06-19 00:48 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16 . 2007-05-24 02:25 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16 . 2007-06-19 02:09 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16 . 2007-06-26 02:49 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16 . 2007-06-26 02:49 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:16 . 2007-06-26 02:21 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:15 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:15 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:14 . 2007-04-28 02:15 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14 . 2007-05-04 00:31 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07 . 2009-09-10 15:29 1418240 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-03-07 19:07 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07 . 2009-09-10 15:29 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2012-03-07 19:07 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41 . 2012-02-25 14:42 -------- d-----w- c:\users\HO\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-25 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 21:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
"imagepath"="\??\c:\windows\TEMP\BBE7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 21:52:36
ComboFix-quarantined-files.txt 2012-03-25 02:52
ComboFix2.txt 2012-03-24 10:15
ComboFix3.txt 2010-02-20 05:55
.
Pre-Run: 146,255,872 bytes free
Post-Run: 456,966,144 bytes free
.
- - End Of File - - 28768D9CFCDC56C8F13AB0683362A816
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
25-Mar-2012, 04:49 AM #7
Yep that is OK, to run CF again. The Vundo infection is still there so we can do the fix again as follows....

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
ClearJavaCache::
File::
c:\windows\TEMP\BBE7.tmp
RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, Hover your cursor over "view report" and it will open, copy and paste to next reply....

Let me see those 3 logs in your reply,

Nous avons tous commencer comme les débutants

Kevin
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
25-Mar-2012, 06:56 AM #8
Kevin,

I'd run it via dragging the codebox into combofix last night before going to bed and the log will be posted first below. I also ran the Malwarebytes and bitdefender scans. Everything seems to be working now except that I can't search via Google (hadn't tried another browser) when Avast is up and running. Is it possible that I have too many shields up? Thanks for all your help and as to your last comment, it seems as if it were never more true than in my case.

ComboFix 12-03-22.01 - HO 03/24/2012 22:48:11.6.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.746 [GMT -5:00]
Running from: c:\users\HO\Desktop\ComboFix.exe
Command switches used :: c:\users\HO\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\TEMP\BBE7.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-25 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 23:45:36 - machine was rebooted
.
Pre-Run: 159,055,872 bytes free
Post-Run: 1,768,431,616 bytes free
.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.25.01
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
HO :: QUILOMBO-PC [administrator]
3/25/2012 6:06:19 AM
mbam-log-2012-03-25 (06-06-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217419
Time elapsed: 10 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)




QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Sun Mar 25 06:36:28 2012
Machine ID: 3EF04181

No infection found.
-------------------

Processes
---------
APO Access Service (32-bit) 808 C:\Windows\System32\AEADISRV.EXE
avast! Antivirus 1892 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
avast! Antivirus 3340 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
Microsoft® Windows® Operating System 2496 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 3568 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 3836 C:\Windows\System32\rundll32.exe
SMax4PNP Application 3492 C:\Program Files\Analog Devices\Core\smax4pnp.exe
(verified) ATI External Event Utility for Windows 964 C:\Windows\System32\Ati2evxx.exe
(verified) ATI External Event Utility for Windows 1652 C:\Windows\System32\Ati2evxx.exe
(verified) Cognizance Identity Manager 3712 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(verified) ComcastAntiSpy.exe 2060 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(verified) GrooveMonitor Utility 3468 C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
(verified) LightScribe 1904 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(verified) Microsoft® Windows® Operating System 3008 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1724 C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System 1384 C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System 3692 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 528 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 588 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 3632 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 632 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 640 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 2272 C:\Windows\System32\SearchIndexer.exe
(verified) Microsoft® Windows® Operating System 620 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 1300 C:\Windows\System32\SLsvc.exe
(verified) Microsoft® Windows® Operating System 428 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1992 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2064 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2108 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2120 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2144 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2196 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1768 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1320 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1232 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1068 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1460 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 916 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 884 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3116 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 3596 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 576 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 712 C:\Windows\System32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2688 C:\Windows\System32\wuauclt.exe
(verified) SoftK56 Modem Driver 2440 C:\Windows\System32\drivers\XAudio.exe
(verified) Symantec Security Technologies 1788 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(verified) Windows® Internet Explorer 3544 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process AvastSvc.exe (1892) connected on port 80 (HTTP) --> 72.5.58.54
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.27
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.155
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.27
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 184.30.15.139
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 23.3.68.99
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 64.125.87.101
Process wininit.exe (576) listens on ports: 49152 (RPC)
Process services.exe (620) listens on ports: 49161 (RPC)
Process lsass.exe (632) listens on ports: 49155 (RPC)
Process svchost.exe (916) listens on ports: 135 (RPC)
Process svchost.exe (1024) listens on ports: 49153 (RPC)
Process svchost.exe (1080) listens on ports: 49156 (RPC)
Process svchost.exe (1320) listens on ports: 49154 (RPC)

Autoruns and critical files
---------------------------
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
(verified) Cognizance Identity and Access Manageme c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll
(verified) ComcastAntiSpy.exe C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) hp digital imaging - hp all-in-one seri C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
(verified) Windows® Internet Explorer C:\Windows\system32\webcheck.dll

Browser plugins
---------------
avast! WebRep c:\program files\alwil software\avast5\aswwebrepie.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) Norton Confidential c:\program files\common files\symantec shared\coshared\browser\1.0\uibho.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\Windows\system32\ieframe.dll

Missing files
-------------
File not found: C:\Windows\system32\SSBRAN~1.SCR
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"
File not found: c:\program files\xfin_portal\auxi\comcastau.dll
--> HKLM\Software\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\InprocServer32\"(default)"

Scan
----
MD5: 53f02d0b63c0581cc75b59feb8727868 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: e4483e1ad553b637fff75270db6ceab3 C:\Program Files\Alwil Software\Avast5\1033\UILangRes.dll
MD5: c7cec19606f6c6bcef7dbd5056f93724 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: b678403bb3864b7288676764d9f3bd05 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 5fa711c78fceb7ba5f34c31ade5707ae C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
MD5: 710d1e35c7904f5b39fe46348dcf1141 C:\Program Files\Alwil Software\Avast5\AhResJs.dll
MD5: 9ad0825d4e06e4059d4b60656cdeb2b5 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
MD5: 5c1d7208e37719966fdc447d135eeadd C:\Program Files\Alwil Software\Avast5\AhResMes.dll
MD5: 51a5228a3a5888c916f3df20075a0873 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
MD5: 0fd1252cb6091d4b2c4da60bcaed8e7a C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
MD5: bb3972c96fc1feceeca79e81433e6be1 C:\Program Files\Alwil Software\Avast5\AhResStd.dll
MD5: 0e6bc5d5ebe89ca95d29963de785277a C:\Program Files\Alwil Software\Avast5\AhResWS.dll
MD5: 23f655904edbe354cacec16148073d1c C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: 1b34989ddfd77861d3bfc7bdb0ae45ea C:\Program Files\Alwil Software\Avast5\ashServ.dll
MD5: 751c5383f3995f6d6b3fa24ef89c9446 C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: 309391d362fa6036f92919cda11957f7 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: 9765a954bc96d5444a55aacbac91a7c4 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: 90111518c52523789635e09d80c53584 C:\Program Files\Alwil Software\Avast5\aswAra.dll
MD5: 0b8c72a9be02f1f1c6d2876b78f270ad C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 153c55e9f84bf079a276c0d350806dc5 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: c1101c9f70c136106c80c7de073a7801 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: d07f23592281202d8f0bed99dfaf3db2 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: a43709d69b819285970de820d3ce0df4 C:\Program Files\Alwil Software\Avast5\aswData.dll
MD5: aa8b84990d8605565c31daca9903067e C:\Program Files\Alwil Software\Avast5\aswDld.dll
MD5: c0c17ab13efe021d09e278e127560944 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: 172c234f9c72a9bb2c939851acad734b C:\Program Files\Alwil Software\Avast5\aswIdle.dll
MD5: b5b3db22e559bfd2f970a8d8f5ae9275 C:\Program Files\Alwil Software\Avast5\aswJsFlt.dll
MD5: 0bf206e2eac174e9b607fb90930c2477 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: a21f1d4883777c8f2b918b9a33988f52 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: a218dc737865366494df73601a7b4626 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: 7d634bb1b2bc4249e0e00ef39ddd5aab C:\Program Files\Alwil Software\Avast5\aswStrm.dll
MD5: 0db949d42fc8b02cee4fd2a32f9b0910 C:\Program Files\Alwil Software\Avast5\aswUtil.dll
MD5: 1d55d89c711cddc0ddff4665656e13f8 c:\program files\alwil software\avast5\aswwebrepie.dll
MD5: 589c49cebf5b5f0a45810f80c35f358d C:\Program Files\Alwil Software\Avast5\AvastGUIProxy.dll
MD5: 4041d31508a2a084dfb42c595854090f C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 782fef655dbf8653c9f2722bebf7a8a6 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
MD5: 5de753d819b3ed72bfb9ce4c57d3d047 C:\Program Files\Alwil Software\Avast5\CommonRes.dll
MD5: 9823e1779eb97ada2bb2b01412fe8377 C:\Program Files\Alwil Software\Avast5\defs\12032401\algo.dll
MD5: cac074d89b94d80cea752a814d2ce9a2 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnBS.dll
MD5: f400fcee6ff5594d36d1ccf6be2bef77 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnIS.dll
MD5: 1d9b569b0bcac111e4dab7d9cec86cba C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnOS.dll
MD5: 4bad48f68ef88e69d36304792e51b299 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswEngin.dll
MD5: 8ebd34fadf90782c3a1b77104c463dc4 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswRep.dll
MD5: 7bacb32fdc0da79536b16ea38d1604e1 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswScan.dll
MD5: e0e3a3b9f7b630a99e0dd2a7af514331 C:\Program Files\Alwil Software\Avast5\defs\12032401\uiExt.dll
MD5: 026c3bd6f2f2fdc676eced82062c9f47 C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 5616e23703ddbb615d41923d0768be84 C:\Program Files\Analog Devices\Core\smax4pnp.exe
MD5: f7c6a18f932ca00ce6179701fad08418 C:\Program Files\Analog Devices\Core\SMWDMIF.dll
MD5: 2e68b7ccf979733d8672c54de86e4bca C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBCONN.dll
MD5: a76efc0767acbe3ad7b0fc30905d92d8 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: d26acbfbbfe3ce1cd760bc78049601d7 C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
MD5: 5fdd0cf1c1fd6172e67577b7f4259916 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
MD5: 5aef652e978418e7554c09c6706b1fe1 C:\Windows\AppPatch\AcLayers.DLL
MD5: ebc89d1526dc72917d4421551656c54e C:\Windows\Downloaded Program Files\qsax.dll
MD5: 12d23758621b00b8d3134095ec3325fd C:\Windows\System32\AEADISRV.EXE
MD5: 501956fa7ff3e5277beb396e4f5c6f23 C:\Windows\system32\authui.dll
MD5: dc45739bc22d528d2b3e50d3f6761750 C:\Windows\system32\dhcpcsvc.DLL
MD5: b1143be81dd6ae13943b806261ce91a0 C:\Windows\system32\dhcpcsvc6.DLL
MD5: 032c90ad677bf7b7a8013d6087c7a921 c:\windows\system32\dps.dll
MD5: 84fc6df81212d16be5c4f441682feccc C:\Windows\system32\drivers\acpi.sys
MD5: fb9ece3f7b8a03e474e611031ad4cd23 C:\Windows\system32\drivers\ADIHdAud.sys
MD5: 6693141560b1615d8dccf0d8eb00087e C:\Windows\system32\drivers\aswMonFlt.sys
MD5: b35cfcef838382ab6490b321c87edf17 C:\Windows\system32\drivers\atapi.sys
MD5: ed97ad3df1b9005989eaf149bf06c821 C:\Windows\system32\DRIVERS\CmBatt.sys
MD5: 722936afb75a7f509662b69b5632f48a C:\Windows\system32\DRIVERS\compbatt.sys
MD5: ee95a5f89766f199557e5900ce6b2d7d C:\Windows\system32\drivers\csc.sys
MD5: 334988883de69adb27e2cf9f9715bbdb C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 0db613a7e427b5663563677796fd5258 C:\Windows\system32\DRIVERS\HDAudBus.sys
MD5: 7446e104a5fe5987ca9e4983fbac4f97 C:\Windows\system32\DRIVERS\monitor.sys
MD5: 81659cdcbd0f9a9e07e6878ad8c78d3f C:\Windows\system32\DRIVERS\ndistapi.sys
MD5: 6da4a0fc7c0e83df0cb3cfd0a514c3bc C:\Windows\system32\DRIVERS\nwifi.sys
MD5: 2c8bae55247c4e09352e870292e4d1ab C:\Windows\system32\DRIVERS\pacer.sys
MD5: caba65e9c41cd2900d4c92d4f825c5f8 C:\Windows\system32\drivers\pciide.sys
MD5: 7b3973cc28b8aa3e9e2e5d53e720e2c9 C:\Windows\system32\DRIVERS\sdbus.sys
MD5: b0ba9caffe9b0555ec0317f30cb79cd2 C:\Windows\system32\DRIVERS\usbccgp.sys
MD5: c9fcd05b0a80ea08c2768e5a279b14de C:\Windows\system32\DRIVERS\usbehci.sys
MD5: 5e44f7d957f7560da06bfe6b84b58a35 C:\Windows\system32\DRIVERS\usbhub.sys
MD5: 9333e482a173938788cbde8f81ec52fb C:\Windows\system32\DRIVERS\usbohci.sys
MD5: 80dc0c9bcb579ed9815001a4d37cbfd5 C:\Windows\system32\drivers\volsnap.sys
MD5: 6798c1209a53b5a0ded8d437c45145ff C:\Windows\system32\DRIVERS\wanarp.sys
MD5: 17eac0d023a65fa9b02114cc2baacad5 C:\Windows\system32\DRIVERS\wmiacpi.sys
MD5: 8c9ff99f4da0fbceddb2d970f751a62f C:\Windows\system32\hlink.dll
MD5: 312ba286eb3be9eae82da427ed2c0284 C:\Windows\System32\hnetcfg.dll
MD5: c23c2be657e2eee2c7bdaeebbaa65631 C:\Windows\system32\hpowiax4.dll
MD5: 9a82bf4c90b00a63150a606a1e2fd82b C:\Windows\System32\ipnathlp.dll
MD5: e051555f2157272cdec7eae174692770 C:\Windows\system32\kmddsp.tsp
MD5: a303750bf0effc0458175e67958a7324 C:\Windows\system32\Macromed\Flash\Flash11g.ocx
MD5: 1fdfc86e6effc8cfee05105a1b757d54 C:\Windows\system32\ndptsp.tsp
MD5: fde35ae1e3a1f21ae1e31674295f31e9 C:\WINDOWS\system32\netcfgx.dll
MD5: c5bfc12e10afa0c80c8912ba6bbfe44c C:\Windows\system32\PortableDeviceApi.dll
MD5: d05dc087abae3927cee384af9fe184e9 C:\Windows\system32\PortableDeviceTypes.dll
MD5: 4b555106290bd117334e9a08761c035a C:\Windows\System32\rundll32.exe
MD5: e2f160fdeaa1b980c1bb577ab67f7e38 C:\Windows\system32\SYNCENG.dll
MD5: 4b9bfc279106fde746f4a2e50e858e92 C:\Windows\system32\syncui.dll
MD5: 8f2b5fede18bd3c4c926cbf88e6f1264 c:\windows\system32\sysmain.dll
MD5: ba174723b7998bc2332d657de720a9d3 C:\Windows\system32\timedate.cpl
MD5: acd77ab54b83ca133d61209bf526927c C:\Windows\system32\twext.dll
MD5: d024930ae4dffcfce97481a77d485fbb C:\Windows\system32\wbem\wbemcomn.dll
MD5: ad38bd7f36a71d1b0be965bd3cb376ac C:\Windows\system32\windowscodecs.dll
MD5: e25400eefc06af3ac25e0fd64135a607 C:\Windows\system32\wmp.dll
MD5: 1526d7379131a1cdd039ffcf13641371 C:\Windows\system32\wmploc.dll
MD5: 4d14689094bfe7c16cdecf659d8a80f6 C:\Windows\system32\WTSAPI32.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_no ne_d1cb102c435421de\ATL80.DLL

No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.36 KB recvd
Scanned 872 files and modules - 48 seconds
=========================================================================== ===
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
25-Mar-2012, 03:10 PM #9
Your logs are clean, what happens when you try to do a Google search, I assume that you are using Internet Explorer as your browser?

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Kevin
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
25-Mar-2012, 07:53 PM #10
Internet searches are through IE7 for the moment (though I am thinking of going Google Chrome once I'm finished with this cleanup). Funny thing is, I can Google search fine when the shields on Avast are off. When they are on, I get the typical 'Internet Explorer cannot display the page' message. Don't know how to get past that while keeping Avast up.

Will do the scan later tonight and get back to you with the results. Continued thanks for the help.
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
26-Mar-2012, 12:08 AM #11
Okay, here are the DDS logs (and I have deleted DDS from my computer once I saved the logs). Thanks and I'll await further word.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037
Run by HO at 23:49:24 on 2012-03-25
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.269 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2A4E1C5B-17B1-4EA4-B235-27CBB3FECAFE} : DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
TCP: Interfaces\{3F57DD94-0C8B-4683-8D1D-D1C0C00F6B36} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-15 337880]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-12-27 32000]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-15 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-15 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-17 44768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 HSX_DPV;HSX_DPV;c:\windows\system32\drivers\HSX_DPV.sys [2006-12-27 987648]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86 .sys [2006-12-27 202872]
.
=============== Created Last 30 ================
.
2012-03-25 11:04:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 11:04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 04:09:55 -------- d-----w- C:\$RECYCLE.BIN
2012-03-15 01:14:35 -------- d-----w- c:\windows\pss
2012-03-09 00:05:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26:17 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26:02 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26:01 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24:54 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24:44 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:24:44 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:22:11 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22:10 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22:08 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21:43 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21:32 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16:47 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16:45 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16:41 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16:40 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16:39 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16:37 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16:35 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:16:35 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16:35 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:15:33 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15:33 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15:30 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15:26 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15:16 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15:06 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15:05 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15:04 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:15:04 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:14:51 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14:46 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14:39 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07:31 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-03-07 19:07:30 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07:26 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07:26 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-03-07 19:07:26 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-03-07 19:07:25 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07:25 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07:25 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-03-07 19:07:20 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41:40 -------- d-----w- c:\users\ho\appdata\roaming\QuickScan
.
==================== Find3M ====================
.
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 23:52:00.92 ===============


And here's the Attach.txt log.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2007 6:26:50 PM
System Uptime: 3/25/2012 7:39:06 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30B0
Processor: AMD Engineering Sample | U10 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 1.564 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 2 GiB total, 1.242 GiB free.
F: is FIXED (NTFS) - 6 GiB total, 0.763 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3600_Help
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AppCore
Apple Software Update
Application Installer 4.00.B10
ASL_HS_Installer32
ATI Catalyst Install Manager
AV
avast! Free Antivirus
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CA Pest Patrol Realtime Protection
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
ccCommon
Citrix Presentation Server Client
Comcast Desktop Software (v1.2.1)
CRON-O-METER 0.9.6
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Voice Editor 3
DocProc
DocProcQFolder
Essential System Updates for Microsoft Windows Vista
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Credential Manager for ProtectTools
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP OCR Software 8.0
HP Officejet J3600 Series
HP Product Assistant
HP ProtectTools Security Manager 2.00 E4
HP Quick Launch Buttons 6.10 C1
HP Smart Web Printing
HP Solution Center 8.0
HP Update
HP User Guide 0051
HP Wireless Assistant
HPProductAssistant
HPSSupply
InterVideo DVD Check
InterVideo WinDVD
J3600
Java(TM) SE Runtime Environment 6
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Media Player for Internet Explorer
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OGA Notifier 2.0.0048.0
ProductContext
QuickTime
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
SolutionCenter
Sonic Activation Module
SoundMAX
SPBBC 32bit
Status
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Default Settings
WebEx
WebReg
Windows Live OneCare safety scanner
.
==== Event Viewer Messages From Past Week ========
.
3/25/2012 11:38:43 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\HO\ntuser.dat'.
3/25/2012 11:18:13 AM, Error: EventLog [6008] - The previous system shutdown at 11:16:08 AM on 3/25/2012 was unexpected.
3/25/2012 10:17:19 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\SOFTWARE'.
3/24/2012 4:51:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/24/2012 4:47:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SYMTDI Tcpip tdx Wanarpv6 ws2ifsl
3/24/2012 4:47:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2012 4:47:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2012 4:29:02 AM, Error: EventLog [6008] - The previous system shutdown at 4:26:20 AM on 3/24/2012 was unexpected.
3/24/2012 10:47:44 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:47:44 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2012 10:47:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2012 10:47:42 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2012 10:47:41 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:47:41 PM, Error: Service Control Manager [7034] - The Andrea ADI Filters Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:45:18 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2012 6:11:08 PM, Error: EventLog [6008] - The previous system shutdown at 6:07:57 PM on 3/23/2012 was unexpected.
3/23/2012 5:25:31 AM, Error: EventLog [6008] - The previous system shutdown at 10:37:42 PM on 3/22/2012 was unexpected.
3/23/2012 3:55:30 PM, Error: EventLog [6008] - The previous system shutdown at 3:53:38 PM on 3/23/2012 was unexpected.
3/23/2012 2:19:40 PM, Error: EventLog [6008] - The previous system shutdown at 2:10:17 PM on 3/23/2012 was unexpected.
3/23/2012 12:06:06 PM, Error: EventLog [6008] - The previous system shutdown at 12:03:14 PM on 3/23/2012 was unexpected.
3/23/2012 10:49:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/23/2012 10:47:58 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:18 PM, Error: Service Control Manager [7034] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:16 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/23/2012 10:26:15 PM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:14 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:14 PM, Error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:11 PM, Error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:02 PM, Error: Service Control Manager [7034] - The Symantec AppCore Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:00 PM, Error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:00 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/23/2012 1:26:50 PM, Error: EventLog [6008] - The previous system shutdown at 1:24:18 PM on 3/23/2012 was unexpected.
3/22/2012 9:48:58 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:19 PM on 3/22/2012 was unexpected.
3/22/2012 5:49:37 AM, Error: EventLog [6008] - The previous system shutdown at 5:47:49 AM on 3/22/2012 was unexpected.
3/22/2012 2:17:35 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:00 PM on 3/22/2012 was unexpected.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SYMTDI Tcpip tdx Wanarpv6 ws2ifsl
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:12:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/21/2012 9:12:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/21/2012 9:12:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/21/2012 9:12:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/21/2012 9:12:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/21/2012 8:27:26 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:52 PM on 3/21/2012 was unexpected.
3/21/2012 6:52:53 PM, Error: EventLog [6008] - The previous system shutdown at 6:49:36 PM on 3/21/2012 was unexpected.
3/21/2012 6:43:25 AM, Error: EventLog [6008] - The previous system shutdown at 6:41:40 AM on 3/21/2012 was unexpected.
3/21/2012 5:52:24 PM, Error: EventLog [6008] - The previous system shutdown at 5:49:24 PM on 3/21/2012 was unexpected.
3/21/2012 4:44:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Comcast AntiSpyware service to connect.
3/21/2012 4:44:40 PM, Error: Service Control Manager [7000] - The Comcast AntiSpyware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 4:42:54 PM, Error: EventLog [6008] - The previous system shutdown at 4:41:34 PM on 3/21/2012 was unexpected.
3/21/2012 3:59:35 PM, Error: EventLog [6008] - The previous system shutdown at 3:57:12 PM on 3/21/2012 was unexpected.
3/20/2012 6:05:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:02:44 PM on 3/20/2012 was unexpected.
3/20/2012 4:58:15 PM, Error: EventLog [6008] - The previous system shutdown at 4:56:54 PM on 3/20/2012 was unexpected.
3/19/2012 9:02:12 PM, Error: EventLog [6008] - The previous system shutdown at 5:25:07 PM on 3/19/2012 was unexpected.
3/19/2012 6:26:32 AM, Error: EventLog [6008] - The previous system shutdown at 6:16:49 AM on 3/19/2012 was unexpected.
3/18/2012 9:15:21 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/18/2012 9:14:08 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/18/2012 9:04:30 AM, Error: EventLog [6008] - The previous system shutdown at 9:01:54 AM on 3/18/2012 was unexpected.
3/18/2012 8:17:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqcxs08 service.
3/18/2012 8:17:10 AM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 8:17:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
3/18/2012 7:14:35 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/18/2012 7:11:09 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
3/18/2012 3:08:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
3/18/2012 11:21:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
3/18/2012 11:21:05 PM, Error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 10:44:38 AM, Error: EventLog [6008] - The previous system shutdown at 10:39:54 AM on 3/18/2012 was unexpected.
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Mar-2012, 02:01 AM #12
Your logs show that as well as Avast there is also Norton Internet Security installed, is that correct, Run this please:

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Regarding Avast and your Browser, is IE running from Avasts Sandbox? if you selected that option after installing Avast it will run from there each time, that may effect the connection....
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
26-Mar-2012, 01:55 PM #13
Okay, here are the results pasted below. As to Avast, I've had it for two years now and had a friend (a sorta IT type) install it, so I don't know if IE is running out its sandbox (I actually don't even know what that means), but these problems with google searches have only happened recently. Thanks for the help, and the results are below:

Results of screen317's Security Check version 0.99.32
Windows Vista x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) SE Runtime Environment 6
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````
Zello's Avatar
Zello Zello is offline
Member with 47 posts.
THREAD STARTER
 
Join Date: Mar 2012
Location: Houston, TX
Experience: Beginner
26-Mar-2012, 01:59 PM #14
Oh, and one other thing, I note that the scan says I have several things out of date--I imagine that you'll want me to update, but I won't do it as yet until I get word from you (I wouldn't want to inadvertantly make matters worse). What I do notice is that video sites like hulu and youtube play much better now, but still on occasion have slowed down moments with choppy audio, could there be a problem with Flash?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,707 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Mar-2012, 02:26 PM #15
I dont see any malware in the recent logs, as you`ve already noted there are several issues with out of date apps that will need to be addressed. Also you have no Service Packs installed, SP1 and SP2 will need to be installed, without those packs your system will be unprdictable and very prone to infection; regardless of security.

Before we do anything we do need to sort out your security set up. Having multiple AV programs is counterproductive. I`d like you to UNinstall all references to Norton from your system as follows:

Click Start, type programs and features in the Search box, and then press ENTER.

Click to select the product to be uninstalled from the list.

Norton AV
Norton IS


Whilst using that feature also remove the following outdated and possibly exploited utility apps:

Java(TM) SE Runtime Environment 6
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!


Re-run Security Checks and post the new log.

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2