Help DVD/CR ROM wont read disk

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

shygirluv

Thread Starter
Joined
Nov 29, 2011
Messages
6
I have here a Compacq presario PC SR5707c 32-bit operating sys. with windows vista home premium. I recently came over to a family members to visit and the computer was messing up so i downloaded AVG an ran a scann and AVG found virus. I got ride of them so i thought but before i knew it the pictures were gone and some of the files, luckly i found them hidden and copied them on my usb but my question is..... I have tried doing a factory reset TWICE! And everythigs working correctly...i set up free nortan, a admin account and guest for her so she has more protection i even setup windows defender correctly but i cant get her DVD/CD Rom to work it wont read CDs or DVDs. I ran a hardwear diagnostics test and its the drivers so please help! i been updating the windows . i tried to uninstall the drivers for the DVD/CD but its still there what do i do? i need help please.. She doesnt have the recovery disk she lost them.
so i cant reboot it i need sum advice im leaving back home out of state and i dont want to leave her computer like this im also sorry for not zip tying this what evr that means im new







the driver is C:\windows\system32\drivers\Cdrom.sys???????? is this a trojan???






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:26 AM, on 11/29/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Yola\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7666 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by Yola at 1:45:44 on 2011-11-29
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.781 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C1153524-7BE7-495B-AD6A-3896698C3A55} : DhcpNameServer = 192.168.2.1
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2008-11-28 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2008-11-28 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2008-11-28 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20111128.030\IDSvix86.sys [2011-11-28 368248]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2008-11-28 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-28 106104]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1000000.07d\symndisv.sys [2008-11-28 40496]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-28 136176]
.
=============== Created Last 30 ================
.
2011-11-29 09:01:29 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-29 08:20:16 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9234d9f5-f168-461a-8db1-49624dcb202f}\offreg.dll
2011-11-29 08:19:45 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9234d9f5-f168-461a-8db1-49624dcb202f}\mpengine.dll
2011-11-29 07:51:03 -------- d-----w- c:\users\yola\appdata\roaming\WinBatch
2011-11-29 07:49:10 -------- d-----w- c:\users\yola\appdata\roaming\HpUpdate
2011-11-29 07:49:07 -------- d-----w- c:\windows\Hewlett-Packard
2011-11-29 06:12:54 -------- d-----w- c:\users\yola\appdata\local\Adobe
2011-11-29 06:11:08 -------- d-----w- c:\users\yola\appdata\local\Google
2011-11-29 05:36:16 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-11-29 05:36:16 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-29 05:36:13 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-29 05:36:13 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-29 05:27:59 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-11-29 05:27:22 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-11-29 05:16:56 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-11-29 05:16:55 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-11-29 05:16:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-11-29 05:16:54 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-11-29 05:16:54 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-11-29 05:16:54 11264 ----a-w- c:\windows\system32\icardres.dll
2011-11-29 05:16:53 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-11-29 05:16:51 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-11-29 05:12:28 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-11-29 05:12:26 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-11-29 05:12:25 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-11-29 05:12:16 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-11-29 05:12:12 83968 ----a-w- c:\windows\system32\mscories.dll
2011-11-29 05:10:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-11-29 05:10:16 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-11-29 05:10:16 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-11-29 05:09:23 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-11-29 05:02:38 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-29 05:02:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-29 04:50:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-11-29 04:50:48 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-11-29 04:50:47 94720 ----a-w- c:\windows\system32\logagent.exe
2011-11-29 04:50:45 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-11-29 04:50:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-11-29 04:50:01 281600 ----a-w- c:\windows\system32\raschap.dll
2011-11-29 04:50:01 244224 ----a-w- c:\windows\system32\rastls.dll
2011-11-29 04:48:58 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-29 04:47:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-11-29 04:46:13 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-11-29 04:46:12 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2011-11-29 04:46:10 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-29 04:46:06 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-11-29 04:46:06 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-11-29 04:46:06 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-11-29 04:46:06 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-11-29 04:46:04 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-11-29 04:46:04 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-11-29 04:46:04 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-11-29 04:46:03 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-11-29 04:46:03 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-11-29 04:46:00 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-11-29 04:44:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-11-29 04:44:56 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-11-29 04:44:56 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-11-29 04:42:55 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-11-29 04:42:18 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-11-29 04:42:10 501760 ----a-w- c:\windows\system32\usp10.dll
2011-11-29 04:42:09 81920 ----a-w- c:\windows\system32\consent.exe
2011-11-29 04:42:02 61440 ----a-w- c:\windows\system32\msasn1.dll
2011-11-29 04:42:00 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-11-29 04:42:00 125952 ----a-w- c:\windows\system32\wersvc.dll
2011-11-29 04:41:59 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-29 04:41:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-11-29 04:41:57 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-11-29 04:41:54 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-11-29 04:41:53 1645568 ----a-w- c:\windows\system32\connect.dll
2011-11-29 04:41:52 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-11-29 04:41:51 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-29 04:39:43 -------- d-----w- c:\users\yola\appdata\local\WindowsUpdate
2011-11-29 04:37:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-11-29 04:37:28 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-11-29 04:37:27 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-11-29 04:37:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-11-29 04:37:27 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-11-29 04:37:27 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-11-29 04:37:26 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-11-29 04:09:41 -------- d-----w- c:\program files\Ask.com
2011-11-29 03:59:33 -------- d-----w- c:\programdata\Ask
2011-11-29 03:59:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-29 02:55:35 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2011-11-29 02:55:32 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-29 02:55:32 -------- d-----w- c:\program files\Symantec
2011-11-29 02:55:32 -------- d-----w- c:\program files\common files\Symantec Shared
2011-11-29 02:53:07 -------- d-----w- c:\users\yola\appdata\local\Hewlett-Packard
2011-11-29 02:48:44 -------- d-----w- c:\users\yola\appdata\roaming\PictureMover
2011-11-29 02:46:40 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-11-29 02:46:39 98304 ----a-w- c:\windows\system32\cabview.dll
2011-11-29 02:43:08 -------- d-----w- c:\users\yola\appdata\roaming\HP TCS
2011-11-29 02:39:48 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 1:46:17.47 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista&#8482; Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2011 6:36:00 PM
System Uptime: 11/29/2011 12:00:33 AM (1 hours ago)
.
Motherboard: ECS | | Iris8
Processor: AMD Athlon(tm) Dual Core Processor 4850e | Socket AM2 | 2500/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 189.55 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.538 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 11/28/2011 6:39:59 PM - Windows Update
RP7: 11/28/2011 6:48:46 PM - Windows Update
RP8: 11/28/2011 6:51:28 PM - Scripted restore
RP9: 11/28/2011 6:58:25 PM - Installed Java(TM) 6 Update 29
RP10: 11/28/2011 7:59:17 PM - Installed Java Runtime Environment
RP11: 11/28/2011 9:01:47 PM - Windows Update
RP12: 11/28/2011 9:06:01 PM - Windows Update
RP13: 11/28/2011 11:40:24 PM - Windows Update
RP15: 11/28/2011 11:51:26 PM - Installed MediaSmart DVD
RP16: 11/29/2011 12:06:06 AM - Windows Update
RP17: 11/29/2011 12:18:13 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player ActiveX
Adobe Reader 8.3.1
Ask Toolbar
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Microsoft .NET Framework 3.5 SP1
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
muvee Reveal
My HP Games
NetZero Preloader
Norton Internet Security
NVIDIA Drivers
PictureMover
Power2Go
PowerDirector
Python 2.5.2
Realtek High Definition Audio Driver
Soft Data Fax Modem with SmartCP
SPORE Creature Creator Trial Edition
.
==== Event Viewer Messages From Past Week ========
.
11/28/2011 9:21:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2418240).
11/28/2011 10:14:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).
11/28/2011 10:14:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Yola-PC\Yola SID (S-1-5-21-1738866542-3536279892-2797450158-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/28/2011 10:12:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Update for Windows Vista (KB973687).
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-52_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-51_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-50_neutral_PACKAGE from package KB973687(Update) into Absent(Absent) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-5_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-49_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-47_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-44_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-41_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-4_neutral_GDR from package KB973687(Update) into Staging(Staging) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-35_neutral_PACKAGE from package KB973687(Update) into Resolved(Resolved) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-34_neutral_GDR from package KB973687(Update) into Staging(Staging) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-32_neutral_GDR from package KB973687(Update) into Staging(Staging) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973687-2_neutral_GDR from package KB973687(Update) into Staging(Staging) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Staged(Staged) state
11/28/2011 10:12:45 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973687 (Update) into Install Requested(Install Requested) state
11/28/2011 10:11:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/28/2011 10:11:53 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2011 10:11:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-29 02:31:18
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005a ST325031 rev.3.AH
Running: 2qlzfehw.exe; Driver: C:\Users\Yola\AppData\Local\Temp\kwldrpow.sys

---- System - GMER 1.0.15 ----
SSDT 95BA3048 ZwAlertResumeThread
SSDT 95B7B048 ZwAlertThread
SSDT 9612A138 ZwAllocateVirtualMemory
SSDT 869D6008 ZwAlpcConnectPort
SSDT 95D6D048 ZwAssignProcessToJobObject
SSDT 9612C308 ZwCreateMutant
SSDT 9612FD00 ZwCreateSymbolicLinkObject
SSDT 9612BF20 ZwCreateThread
SSDT 95D86048 ZwDebugActiveProcess
SSDT 9612A290 ZwDuplicateObject
SSDT 9612CF38 ZwFreeVirtualMemory
SSDT 95CAB048 ZwImpersonateAnonymousToken
SSDT 95C9E048 ZwImpersonateThread
SSDT 86925670 ZwLoadDriver
SSDT 9612CE58 ZwMapViewOfSection
SSDT 95D27700 ZwOpenEvent
SSDT 961290F0 ZwOpenProcess
SSDT 86AC6430 ZwOpenProcessToken
SSDT 95D97048 ZwOpenSection
SSDT 9612A008 ZwOpenThread
SSDT 9612FEB0 ZwProtectVirtualMemory
SSDT 86C1F788 ZwResumeThread
SSDT 86C1F180 ZwSetContextThread
SSDT 9612CD00 ZwSetInformationProcess
SSDT 95D62048 ZwSetSystemInformation
SSDT 95D07048 ZwSuspendProcess
SSDT 95B6F048 ZwSuspendThread
SSDT 86B6D118 ZwTerminateProcess
SSDT 86C8F048 ZwTerminateThread
SSDT 86C7A068 ZwUnmapViewOfSection
SSDT 9612A068 ZwWriteVirtualMemory
SSDT 9612FDD0 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 350 81B01974 8 Bytes [48, 30, BA, 95, 48, B0, B7, ...] {DEC EAX; XOR [EDX-0x484fb76b], BH; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 364 81B01988 4 Bytes [38, A1, 12, 96]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81B01994 4 Bytes [08, 60, 9D, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81B019E8 4 Bytes [48, D0, D6, 95] {DEC EAX; RCL DH, 0x1; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 428 81B01A4C 4 Bytes [08, C3, 12, 96]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA00340, 0x3DC617, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS
---- EOF - GMER 1.0.15 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top