1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help DVD/CR ROM wont read disk

Discussion in 'Virus & Other Malware Removal' started by shygirluv, Nov 29, 2011.

Thread Status:
Not open for further replies.
  1. shygirluv

    shygirluv Thread Starter

    Joined:
    Nov 29, 2011
    Messages:
    6
    I have here a Compacq presario PC SR5707c 32-bit operating sys. with windows vista home premium. I recently came over to a family members to visit and the computer was messing up so i downloaded AVG an ran a scann and AVG found virus. I got ride of them so i thought but before i knew it the pictures were gone and some of the files, luckly i found them hidden and copied them on my usb but my question is..... I have tried doing a factory reset TWICE! And everythigs working correctly...i set up free nortan, a admin account and guest for her so she has more protection i even setup windows defender correctly but i cant get her DVD/CD Rom to work it wont read CDs or DVDs. I ran a hardwear diagnostics test and its the drivers so please help! i been updating the windows . i tried to uninstall the drivers for the DVD/CD but its still there what do i do? i need help please.. She doesnt have the recovery disk she lost them.[​IMG] so i cant reboot it i need sum advice im leaving back home out of state and i dont want to leave her computer like this im also sorry for not zip tying this what evr that means im new







    the driver is C:\windows\system32\drivers\Cdrom.sys???????? is this a trojan???[​IMG]





    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:36:26 AM, on 11/29/2011
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal
    Running processes:
    C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\Yola\Desktop\HijackThis.exe
    C:\Windows\system32\DllHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 7666 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19019
    Run by Yola at 1:45:44 on 2011-11-29
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.781 [GMT -8:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wuauclt.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C1153524-7BE7-495B-AD6A-3896698C3A55} : DhcpNameServer = 192.168.2.1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2008-11-28 309296]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2008-11-28 254512]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2008-11-28 362544]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20111128.030\IDSvix86.sys [2011-11-28 368248]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2008-11-28 115560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-28 106104]
    R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1000000.07d\symndisv.sys [2008-11-28 40496]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
    .
    =============== Created Last 30 ================
    .
    2011-11-29 09:01:29 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-11-29 08:20:16 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9234d9f5-f168-461a-8db1-49624dcb202f}\offreg.dll
    2011-11-29 08:19:45 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9234d9f5-f168-461a-8db1-49624dcb202f}\mpengine.dll
    2011-11-29 07:51:03 -------- d-----w- c:\users\yola\appdata\roaming\WinBatch
    2011-11-29 07:49:10 -------- d-----w- c:\users\yola\appdata\roaming\HpUpdate
    2011-11-29 07:49:07 -------- d-----w- c:\windows\Hewlett-Packard
    2011-11-29 06:12:54 -------- d-----w- c:\users\yola\appdata\local\Adobe
    2011-11-29 06:11:08 -------- d-----w- c:\users\yola\appdata\local\Google
    2011-11-29 05:36:16 80896 ----a-w- c:\windows\system32\MSNP.ax
    2011-11-29 05:36:16 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-11-29 05:36:13 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-11-29 05:36:13 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-11-29 05:27:59 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
    2011-11-29 05:27:22 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-11-29 05:16:56 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2011-11-29 05:16:55 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
    2011-11-29 05:16:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2011-11-29 05:16:54 622080 ----a-w- c:\windows\system32\icardagt.exe
    2011-11-29 05:16:54 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-11-29 05:16:54 11264 ----a-w- c:\windows\system32\icardres.dll
    2011-11-29 05:16:53 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2011-11-29 05:16:51 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-11-29 05:12:28 96760 ----a-w- c:\windows\system32\dfshim.dll
    2011-11-29 05:12:26 282112 ----a-w- c:\windows\system32\mscoree.dll
    2011-11-29 05:12:25 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2011-11-29 05:12:16 158720 ----a-w- c:\windows\system32\mscorier.dll
    2011-11-29 05:12:12 83968 ----a-w- c:\windows\system32\mscories.dll
    2011-11-29 05:10:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2011-11-29 05:10:16 411136 ----a-w- c:\windows\system32\drivers\http.sys
    2011-11-29 05:10:16 31232 ----a-w- c:\windows\system32\httpapi.dll
    2011-11-29 05:09:23 231936 ----a-w- c:\windows\system32\msshsq.dll
    2011-11-29 05:02:38 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-11-29 05:02:24 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-29 04:50:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2011-11-29 04:50:48 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
    2011-11-29 04:50:47 94720 ----a-w- c:\windows\system32\logagent.exe
    2011-11-29 04:50:45 1399296 ----a-w- c:\windows\system32\msxml6.dll
    2011-11-29 04:50:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2011-11-29 04:50:01 281600 ----a-w- c:\windows\system32\raschap.dll
    2011-11-29 04:50:01 244224 ----a-w- c:\windows\system32\rastls.dll
    2011-11-29 04:48:58 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-29 04:47:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
    2011-11-29 04:46:13 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2011-11-29 04:46:12 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2011-11-29 04:46:10 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-29 04:46:06 513024 ----a-w- c:\windows\system32\wlansvc.dll
    2011-11-29 04:46:06 302592 ----a-w- c:\windows\system32\wlansec.dll
    2011-11-29 04:46:06 293376 ----a-w- c:\windows\system32\wlanmsm.dll
    2011-11-29 04:46:06 127488 ----a-w- c:\windows\system32\L2SecHC.dll
    2011-11-29 04:46:04 603648 ----a-w- c:\windows\system32\schedsvc.dll
    2011-11-29 04:46:04 357376 ----a-w- c:\windows\system32\taskschd.dll
    2011-11-29 04:46:04 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-11-29 04:46:03 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2011-11-29 04:46:03 171520 ----a-w- c:\windows\system32\taskeng.exe
    2011-11-29 04:46:00 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2011-11-29 04:44:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2011-11-29 04:44:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
    2011-11-29 04:44:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
    2011-11-29 04:42:55 2042368 ----a-w- c:\windows\system32\win32k.sys
    2011-11-29 04:42:18 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-11-29 04:42:10 501760 ----a-w- c:\windows\system32\usp10.dll
    2011-11-29 04:42:09 81920 ----a-w- c:\windows\system32\consent.exe
    2011-11-29 04:42:02 61440 ----a-w- c:\windows\system32\msasn1.dll
    2011-11-29 04:42:00 147456 ----a-w- c:\windows\system32\Faultrep.dll
    2011-11-29 04:42:00 125952 ----a-w- c:\windows\system32\wersvc.dll
    2011-11-29 04:41:59 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-29 04:41:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2011-11-29 04:41:57 1257472 ----a-w- c:\windows\system32\msxml3.dll
    2011-11-29 04:41:54 443392 ----a-w- c:\windows\system32\win32spl.dll
    2011-11-29 04:41:53 1645568 ----a-w- c:\windows\system32\connect.dll
    2011-11-29 04:41:52 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-29 04:41:51 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-11-29 04:39:43 -------- d-----w- c:\users\yola\appdata\local\WindowsUpdate
    2011-11-29 04:37:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2011-11-29 04:37:28 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
    2011-11-29 04:37:27 7680 ----a-w- c:\windows\system32\spwmp.dll
    2011-11-29 04:37:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2011-11-29 04:37:27 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
    2011-11-29 04:37:27 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
    2011-11-29 04:37:26 4096 ----a-w- c:\windows\system32\msdxm.ocx
    2011-11-29 04:09:41 -------- d-----w- c:\program files\Ask.com
    2011-11-29 03:59:33 -------- d-----w- c:\programdata\Ask
    2011-11-29 03:59:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-29 02:55:35 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2011-11-29 02:55:32 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-11-29 02:55:32 -------- d-----w- c:\program files\Symantec
    2011-11-29 02:55:32 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-11-29 02:53:07 -------- d-----w- c:\users\yola\appdata\local\Hewlett-Packard
    2011-11-29 02:48:44 -------- d-----w- c:\users\yola\appdata\roaming\PictureMover
    2011-11-29 02:46:40 171520 ----a-w- c:\windows\system32\wintrust.dll
    2011-11-29 02:46:39 98304 ----a-w- c:\windows\system32\cabview.dll
    2011-11-29 02:43:08 -------- d-----w- c:\users\yola\appdata\roaming\HP TCS
    2011-11-29 02:39:48 -------- d-sh--we C:\Documents and Settings
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 1:46:17.47 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista&#8482; Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/28/2011 6:36:00 PM
    System Uptime: 11/29/2011 12:00:33 AM (1 hours ago)
    .
    Motherboard: ECS | | Iris8
    Processor: AMD Athlon(tm) Dual Core Processor 4850e | Socket AM2 | 2500/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 189.55 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.538 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP6: 11/28/2011 6:39:59 PM - Windows Update
    RP7: 11/28/2011 6:48:46 PM - Windows Update
    RP8: 11/28/2011 6:51:28 PM - Scripted restore
    RP9: 11/28/2011 6:58:25 PM - Installed Java(TM) 6 Update 29
    RP10: 11/28/2011 7:59:17 PM - Installed Java Runtime Environment
    RP11: 11/28/2011 9:01:47 PM - Windows Update
    RP12: 11/28/2011 9:06:01 PM - Windows Update
    RP13: 11/28/2011 11:40:24 PM - Windows Update
    RP15: 11/28/2011 11:51:26 PM - Installed MediaSmart DVD
    RP16: 11/29/2011 12:06:06 AM - Windows Update
    RP17: 11/29/2011 12:18:13 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player ActiveX
    Adobe Reader 8.3.1
    Ask Toolbar
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Demo
    HP MediaSmart DVD
    HP Recovery Manager RSS
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 6 Update 7
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    Microsoft .NET Framework 3.5 SP1
    Microsoft Live Search Toolbar
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    muvee Reveal
    My HP Games
    NetZero Preloader
    Norton Internet Security
    NVIDIA Drivers
    PictureMover
    Power2Go
    PowerDirector
    Python 2.5.2
    Realtek High Definition Audio Driver
    Soft Data Fax Modem with SmartCP
    SPORE Creature Creator Trial Edition
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/28/2011 9:21:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2418240).
    11/28/2011 10:14:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).
    11/28/2011 10:14:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Yola-PC\Yola SID (S-1-5-21-1738866542-3536279892-2797450158-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    11/28/2011 10:12:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Update for Windows Vista (KB973687).
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-52_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-51_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-50_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-5_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-49_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-47_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-44_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-41_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-4_neutral_GDR from package KB973687(Update) into Staging(Staging) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-35_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-34_neutral_GDR from package KB973687(Update) into Staging(Staging) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-32_neutral_GDR from package KB973687(Update) into Staging(Staging) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-2_neutral_GDR from package KB973687(Update) into Staging(Staging) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Staged(Staged) state
    11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Install Requested(Install Requested) state
    11/28/2011 10:11:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    11/28/2011 10:11:53 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/28/2011 10:11:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-29 02:31:18
    Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005a ST325031 rev.3.AH
    Running: 2qlzfehw.exe; Driver: C:\Users\Yola\AppData\Local\Temp\kwldrpow.sys

    ---- System - GMER 1.0.15 ----
    SSDT 95BA3048 ZwAlertResumeThread
    SSDT 95B7B048 ZwAlertThread
    SSDT 9612A138 ZwAllocateVirtualMemory
    SSDT 869D6008 ZwAlpcConnectPort
    SSDT 95D6D048 ZwAssignProcessToJobObject
    SSDT 9612C308 ZwCreateMutant
    SSDT 9612FD00 ZwCreateSymbolicLinkObject
    SSDT 9612BF20 ZwCreateThread
    SSDT 95D86048 ZwDebugActiveProcess
    SSDT 9612A290 ZwDuplicateObject
    SSDT 9612CF38 ZwFreeVirtualMemory
    SSDT 95CAB048 ZwImpersonateAnonymousToken
    SSDT 95C9E048 ZwImpersonateThread
    SSDT 86925670 ZwLoadDriver
    SSDT 9612CE58 ZwMapViewOfSection
    SSDT 95D27700 ZwOpenEvent
    SSDT 961290F0 ZwOpenProcess
    SSDT 86AC6430 ZwOpenProcessToken
    SSDT 95D97048 ZwOpenSection
    SSDT 9612A008 ZwOpenThread
    SSDT 9612FEB0 ZwProtectVirtualMemory
    SSDT 86C1F788 ZwResumeThread
    SSDT 86C1F180 ZwSetContextThread
    SSDT 9612CD00 ZwSetInformationProcess
    SSDT 95D62048 ZwSetSystemInformation
    SSDT 95D07048 ZwSuspendProcess
    SSDT 95B6F048 ZwSuspendThread
    SSDT 86B6D118 ZwTerminateProcess
    SSDT 86C8F048 ZwTerminateThread
    SSDT 86C7A068 ZwUnmapViewOfSection
    SSDT 9612A068 ZwWriteVirtualMemory
    SSDT 9612FDD0 ZwCreateThreadEx
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!KeSetTimerEx + 350 81B01974 8 Bytes [48, 30, BA, 95, 48, B0, B7, ...] {DEC EAX; XOR [EDX-0x484fb76b], BH; XCHG EBP, EAX}
    .text ntkrnlpa.exe!KeSetTimerEx + 364 81B01988 4 Bytes [38, A1, 12, 96]
    .text ntkrnlpa.exe!KeSetTimerEx + 370 81B01994 4 Bytes [08, 60, 9D, 86]
    .text ntkrnlpa.exe!KeSetTimerEx + 3C4 81B019E8 4 Bytes [48, D0, D6, 95] {DEC EAX; RCL DH, 0x1; XCHG EBP, EAX}
    .text ntkrnlpa.exe!KeSetTimerEx + 428 81B01A4C 4 Bytes [08, C3, 12, 96]
    .text ...
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA00340, 0x3DC617, 0xE8000020]
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS
    ---- EOF - GMER 1.0.15 ----
     
  2. shygirluv

    shygirluv Thread Starter

    Joined:
    Nov 29, 2011
    Messages:
    6
    i hope i did this right
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028898

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice