Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

no malware, but pc still locks up


  • This topic is locked This topic is locked
7 replies to this topic

#1 Vlad68

Vlad68

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 16 October 2010 - 05:26 PM

I have run Spybot, Malwarebytes and SAS successfully, however my computer still locks up after a few minutes on the internet. Here is my hijackthis log:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:06 PM, on 10/14/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
C:Program Files (x86)McAfee Security Scan2.0.181SSScheduler.exe
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
C:Program Files (x86)HPQuickPlayQPService.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program Files (x86)VerizonVSPVerizonServicepoint.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)AVGAVG8avgtray.exe
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe
C:Program Files (x86)Hewlett-PackardSharedHpqToaster.exe
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe
C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)MSNToolbar3.0.0988.2msntask.exe
C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_clipbook.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program Files (x86)AVGAVG8ToolbarIEToolbar.dll
F2 - REG:system.ini: UserInit=C:Windowssystem32userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG8avgssie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:Program Files (x86)SGPSASearchAssistant.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program Files (x86)AVGAVG8ToolbarIEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.6.5612.1312swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program Files (x86)AVGAVG8ToolbarIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles(x86)%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [UCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" update "SoftwareCyberLinkYouCam1.0"
O4 - HKLM..Run: [hpWirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [WAWifiMessage] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run: [VerizonServicepoint.exe] "C:Program Files (x86)VerizonVSPVerizonServicepoint.exe" /AUTORUN
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~2AVGAVG8avgtray.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [FBSSA] C:Program FilesSGPSAie3sh.exe
O4 - HKLM..Run: [TkBellExe] "C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [Skype] "C:Program Files (x86)Skype\PhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [WMPNSCFG] C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WindowsSysWOW64MacromedFlashFlashUtil10i_ActiveX.exe -update activex
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG8avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~2AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~2AVGAVG8avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)HP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9f9b3576aa649) (gupdate1c9f9b3576aa649) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:Program Files (x86)McAfee Security Scan2.0.181McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared FilesRichVideo.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 14985 bytes



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:53 PM

Posted 26 October 2010 - 01:05 PM

Hi Vlad68!!.. :)

It looks like you're using a pretty old version of AVG: 8...
There seems to be a bug in one of AVG's components - linkscanner, see here: AVG 2011 Bug Affects Browsing Experience, Could Also Hurt Websites (other versions of AVG could also be affected)...

That's why I suggest uninstalling AVG completely and either upgrade to the newest version of AVG (AVG Anti-Virus Free Edition 2011) or install another antivirus of your choice, for example one of the programs recommended on my site: Recommended protection programs ...

Let me know what you decide and what problem persists... :)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Vlad68

Vlad68
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 October 2010 - 01:46 PM

We uninstalled AVG, but are having problems re-installing the new version of AVG. Here is the new highjackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:58 PM, on 10/26/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
C:Program Files (x86)HPQuickPlayQPService.exe
C:Program Files (x86)McAfee Security Scan2.0.181SSScheduler.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program Files (x86)VerizonVSPVerizonServicepoint.exe
C:Program Files (x86)AdobeReader 8.0Readerreader_sl.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe
C:Program Files (x86)Hewlett-PackardSharedHpqToaster.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe
C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)MSNToolbar3.0.0988.2msntask.exe
C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_clipbook.exe
C:Program Files (x86)Trend MicroHijackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:Windowssystem32userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:Program Files (x86)SGPSASearchAssistant.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.6.5612.1312swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles(x86)%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [UCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" update "SoftwareCyberLinkYouCam1.0"
O4 - HKLM..Run: [hpWirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [WAWifiMessage] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run: [VerizonServicepoint.exe] "C:Program Files (x86)VerizonVSPVerizonServicepoint.exe" /AUTORUN
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [FBSSA] C:Program FilesSGPSAie3sh.exe
O4 - HKLM..Run: [TkBellExe] "C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [Skype] "C:Program Files (x86)Skype\PhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [WMPNSCFG] C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
- Show quoted text -
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)HP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9f9b3576aa649) (gupdate1c9f9b3576aa649) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:Program Files (x86)McAfee Security Scan2.0.181McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared FilesRichVideo.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 14018 bytes

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:53 PM

Posted 28 October 2010 - 03:04 PM

Hi again Vlad68!!.. :)

We uninstalled AVG, but are having problems re-installing the new version of AVG.

I see... What is the problem??.. Does it give you any error??.. Please provide the details...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 Vlad68

Vlad68
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 10 November 2010 - 01:06 PM

We gave on the AVG and installed Mcafee instead. The computer is much better now, but it still occasionally locks up (but not nearly as frequently as before). In addition, I can now shutdown the computer via the Start -> Shutdown, where as before I had to hold down the power button (nothing would work). Here is the new log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:58 PM, on 10/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe
C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
C:Program Files (x86)HPQuickPlayQPService.exe
C:Program Files (x86)McAfee Security Scan2.0.181SSScheduler.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program Files (x86)VerizonVSPVerizonServicepoint.exe
C:Program Files (x86)AdobeReader 8.0Readerreader_sl.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe
C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe
C:Program Files (x86)Hewlett-PackardSharedHpqToaster.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe
C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe
C:Program Files (x86)HPDigital Imagingbinhpqbam08.exe
C:Program Files (x86)HPDigital Imagingbinhpqgpc01.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)MSNToolbar3.0.0988.2msntask.exe
C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_clipbook.exe
C:Program Files (x86)Trend MicroHijackThisHiJackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:Windowssystem32userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:Program Files (x86)SGPSASearchAssistant.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.6.5612.1312swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:PROGRA~2VERIZO~1VERIZO~1.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program Files (x86)MSNToolbar3.0.0988.2msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [QPService] "C:Program Files (x86)HPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles(x86)%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [UCam_Menu] "C:Program Files (x86)CyberLinkYouCamMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkYouCam" update "SoftwareCyberLinkYouCam1.0"
O4 - HKLM..Run: [hpWirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [WAWifiMessage] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run: [VerizonServicepoint.exe] "C:Program Files (x86)VerizonVSPVerizonServicepoint.exe" /AUTORUN
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program Files (x86)Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [FBSSA] C:Program FilesSGPSAie3sh.exe
O4 - HKLM..Run: [TkBellExe] "C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [Skype] "C:Program Files (x86)Skype\PhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [WMPNSCFG] C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program Files (x86)Microsoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - ?p=GRman000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)HP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9f9b3576aa649) (gupdate1c9f9b3576aa649) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:Program Files (x86)McAfee Security Scan2.0.181McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:Program Files (x86)HPQuickPlayKernelTVQPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared FilesRichVideo.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 14018 bytes

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:53 PM

Posted 10 November 2010 - 01:40 PM

Hi again Vlad68!!.. :)

Thank you for an update!!.. Ok, please perform the scan below... Please note that I won't be available until Sunday evening (go in the mountains) - so I'll check the log later...

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:53 PM

Posted 25 November 2010 - 01:46 PM

Still with us Vlad68??.. What problem remains??..
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:08:53 PM

Posted 08 December 2010 - 11:55 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users