Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop reboots everyday at same time...


  • This topic is locked This topic is locked
32 replies to this topic

#1 Ready2Work

Ready2Work

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 07 October 2011 - 01:47 PM

So my laptop restarts everyday right about 11am. I already checked auto restarts and nothing seems to be out of place. Its been restarting everyday since last week and I haven't been able to figure this one out. Is there something in my hijackthis that shows some kind of issue that I can not find?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:51 AM, on 10/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Crawler\Smileys\CSmileysIM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\windows\system32\taskeng.exe
C:\windows\System32\msdt.exe
C:\windows\System32\sdiagnhost.exe
C:\windows\system32\conhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hawthornecat.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80012
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80012
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CSmileys] "C:\Program Files\Crawler\Smileys\CSmileysIM.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\GPG Employee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FedEx Administration Service (FedExAdminService) - Unknown owner - C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
O23 - Service: FedEx Logging Service (FedExLoggingService) - FedEx Corporation - C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
O23 - Service: FedEx Shipnet Database Service (FedExShipnetDBService) - iAnywhere Solutions, Inc. - C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
O23 - Service: FedEx Shipping Engine (FedExShipService) - FedEx Corporation - C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe
O23 - Service: FedEx Transaction Engine (FedExTransactionService) - FedEx Corporation - C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
O23 - Service: FileOpenManagerSvc - FileOpen Systems Inc. - C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 12301 bytes

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 11 October 2011 - 02:06 PM

here is my DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by GPG Employee at 11:56:02 on 2011-10-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1909 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
C:\Program Files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
C:\ProgramData\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\System Control Manager\MSIService.exe
c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\FedEx\ShipManager\BIN\AdminService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\FedEx\ShipManager\BIN\ShipEngineService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\FedEx\ShipManager\BIN\TransEngineService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Crawler\Smileys\CSmileysIM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\MPower2006\mpower2006.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\spool\DRIVERS\W32X86\3\hpmup094.bin
C:\ProgramData\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hawthornecat.com/
uDefault_Page_URL = hxxp://www.msi.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80012
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80012
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CSmileys] "c:\program files\crawler\smileys\CSmileysIM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\36963736F63726 : DhcpNameServer = 68.105.28.11 68.105.29.12
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\74C6F62616C60205F6775627027427F65707 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\84F6C64656D6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{2F5F947D-01DC-426A-B06C-01A84DC1770E}\E4544574541425D223E243D274 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{E89683FE-1C5F-43DE-B274-84500B139139} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 10.0.1.12 NPI7FD12C
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gpg employee\appdata\roaming\mozilla\firefox\profiles\46vha4dg.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://66.240.236.242/admin/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80012&language=en&qkw=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gpg employee\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-6 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-6 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-6 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-6 74640]
R2 FedExAdminService;FedEx Administration Service;c:\program files\fedex\shipmanager\bin\AdminService.exe [2011-5-10 24576]
R2 FedExLoggingService;FedEx Logging Service;c:\program files\fedex\shipmanager\bin\FedEx.Gsm.Common.LoggingService.exe [2011-5-10 7168]
R2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\fedex\shipmanager\sqlanywhere\bin32\dbsrv11.exe [2011-5-10 130352]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-11-6 160768]
R2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\wstd\mssql.1\mssql\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql.1\mssql\binn\sqlservr.exe -sUPSWSDBSERVER [?]
R3 FedExShipService;FedEx Shipping Engine;c:\program files\fedex\shipmanager\bin\ShipEngineService.exe [2011-5-10 5120]
R3 FedExTransactionService;FedEx Transaction Engine;c:\program files\fedex\shipmanager\bin\TransEngineService.exe [2011-5-10 6656]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-6 64032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-11-6 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-14 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2009-11-2 626688]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-10-13 16472]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-6 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]
.
=============== Created Last 30 ================
.
2011-10-11 18:05:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e69da50a-bd57-43d7-88ba-95b530f39e48}\offreg.dll
2011-10-11 10:39:20 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e69da50a-bd57-43d7-88ba-95b530f39e48}\mpengine.dll
2011-10-06 18:52:41 -------- d-----w- c:\users\gpg employee\appdata\roaming\Avira
2011-10-06 18:52:13 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-06 18:52:13 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-06 18:52:12 -------- d-----w- c:\programdata\Avira
2011-10-06 18:52:12 -------- d-----w- c:\program files\Avira
2011-10-06 18:04:54 388096 ----a-r- c:\users\gpg employee\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-06 18:04:54 -------- d-----w- c:\program files\Trend Micro
2011-09-12 20:25:00 -------- d-----w- c:\program files\Microsoft Streets & Trips
2011-09-12 20:24:15 -------- d-----w- c:\program files\Microsoft Location Finder
.
==================== Find3M ====================
.
2011-09-06 13:18:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 11:59:04.50 ===============

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 12 October 2011 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your logs.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===
Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#4 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 October 2011 - 12:35 PM

thank you in advance nasdaq

ComboFix 11-10-12.01 - GPG Employee 10/12/2011 10:02:54.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1493 [GMT -7:00]
Running from: c:\users\GPG Employee\Desktop\ComboFix.exe.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GPG Employee\AppData\Roaming\EurekaLog
c:\users\GPG Employee\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_0\dbdata.dll
c:\windows\TEMP\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1\dbdata.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 17:09 . 2011-10-12 17:13 -------- d-----w- c:\users\GPG Employee\AppData\Local\temp
2011-10-12 17:09 . 2011-10-12 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 11:11 . 2011-10-12 11:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84E24A04-61EE-4272-A6A1-BB3780A872A8}\offreg.dll
2011-10-12 11:11 . 2011-09-21 16:00 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84E24A04-61EE-4272-A6A1-BB3780A872A8}\mpengine.dll
2011-10-06 18:52 . 2011-10-06 18:52 -------- d-----w- c:\users\GPG Employee\AppData\Roaming\Avira
2011-10-06 18:52 . 2011-09-18 15:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-06 18:52 . 2011-09-16 06:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-06 18:52 . 2011-09-16 06:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-06 18:52 . 2011-10-06 18:52 -------- d-----w- c:\programdata\Avira
2011-10-06 18:52 . 2011-10-06 18:52 -------- d-----w- c:\program files\Avira
2011-10-06 18:04 . 2011-10-06 18:04 388096 ----a-r- c:\users\GPG Employee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-06 18:04 . 2011-10-06 18:04 -------- d-----w- c:\program files\Trend Micro
2011-09-12 20:25 . 2011-09-12 20:27 -------- d-----w- c:\program files\Microsoft Streets & Trips
2011-09-12 20:24 . 2011-09-12 20:27 -------- d-----w- c:\program files\Microsoft Location Finder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 13:18 . 2011-05-14 17:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54 . 2011-08-10 23:31 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 23:31 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 23:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 17:49 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 17:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 17:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 17:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 17:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-01-28 15:38 318904 ----a-w- c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-07 13789728]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-07-24 2068480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"CSmileys"="c:\program files\Crawler\Smileys\CSmileysIM.exe" [2009-12-09 341504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-3 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^GPG Employee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\GPG Employee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^GPG Employee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZMatrix.lnk]
path=c:\users\GPG Employee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk
backup=c:\windows\pss\ZMatrix.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]
2009-12-09 09:30 341504 ----a-w- c:\progra~1\Crawler\Smileys\CSmileysIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 21:58 135664 ----atw- c:\users\GPG Employee\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Color LaserJet CM1312 MFP Series Fax]
2009-09-23 03:42 2453504 ------w- c:\program files\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2009-05-11 17:45 24576 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2009-07-22 21:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 08:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2010-08-19 22:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]
2009-12-02 05:36 24576 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2009-09-28 09:02 1529432 ----a-w- c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-22 16:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
2010-01-28 15:38 279552 ----a-w- c:\program files\SiteRanker\SiteRankTray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S2 FedExAdminService;FedEx Administration Service;c:\program files\FedEx\ShipManager\BIN\AdminService.exe [2011-05-10 24576]
S2 FedExLoggingService;FedEx Logging Service;c:\program files\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [2011-05-10 7168]
S2 FedExShipnetDBService;FedEx Shipnet Database Service;c:\program files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe -hvFedExShipnetDBService [x]
S2 FileOpenManagerSvc;FileOpenManagerSvc;c:\programdata\FileOpen\Services\FileOpenManagerSvc32.exe [2011-03-10 212352]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 MSSQL$UPSWSDBSERVER;SQL Server (UPSWSDBSERVER);c:\ups\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S3 FedExShipService;FedEx Shipping Engine;c:\program files\FedEx\ShipManager\BIN\ShipEngineService.exe [2011-05-10 5120]
S3 FedExTransactionService;FedEx Transaction Engine;c:\program files\FedEx\ShipManager\BIN\TransEngineService.exe [2011-05-10 6656]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124764205-442629660-2362482267-1000Core.job
- c:\users\GPG Employee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 21:58]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124764205-442629660-2362482267-1000UA.job
- c:\users\GPG Employee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hawthornecat.com/
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\GPG Employee\AppData\Roaming\Mozilla\Firefox\Profiles\46vha4dg.default\
FF - prefs.js: browser.search.selectedEngine - Inbox Search
FF - prefs.js: browser.startup.homepage - hxxp://66.240.236.242/admin/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80012&language=en&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-10-12 10:18:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 17:18
.
Pre-Run: 26,626,375,680 bytes free
Post-Run: 26,464,514,048 bytes free
.
- - End Of File - - D018EE144BE67BE79B520347154CDF50

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 12 October 2011 - 01:26 PM

Your ComboFix log is clean.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know if the problem persists.

#6 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 12 October 2011 - 03:23 PM

i also wanted to let you know that my laptop did not restart today. today was the first day that it did not for about 2 weeks. here is what you requested.

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira Free Antivirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (3.6.23) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avguard.exe
``````````End of Log````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 12 October 2011 - 06:26 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Keep an eye on your previous problem and let me know in a day or two if all is well.

#8 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 14 October 2011 - 01:08 PM

my laptop just got done restarting again, and it did the same yesterday as well. No progress yet to fix this.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 15 October 2011 - 08:19 AM

Please run the DDS tool again.

This time just post the Attach.txt log.

#10 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 15 October 2011 - 11:29 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2010 2:22:52 PM
System Uptime: 10/15/2011 9:15:07 AM (0 hours ago)
.
Motherboard: Micro-Star International | | MS-1683
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 173 GiB total, 23.636 GiB free.
D: is FIXED (NTFS) - 115 GiB total, 114.424 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP310: 10/8/2011 3:00:12 AM - Windows Update
RP311: 10/11/2011 3:38:57 AM - Windows Update
RP312: 10/11/2011 11:09:08 AM - Windows Update
RP313: 10/12/2011 5:01:06 PM - Windows Update
RP314: 10/13/2011 6:39:03 AM - Installed Java™ 6 Update 27
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft WebCam Companion 3
Avira Free Antivirus
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
BurnRecovery
Canon MP280 series MP Drivers
CCC
CCleaner
CDDRV_Installer
Choice Guard
Compatibility Pack for the 2007 Office system
Crawler Smileys
Crawler Toolbar
CustomerResearchQFolder
DeviceDiscovery
DeviceManagementQFolder
erLT
FedEx Ship Manager
FileOpen Client
FormsComponent
FOSS
Free Easy Burner V 4.1
GOM Player
Google Chrome
HiJackThis
HP Color LaserJet CM1312 MFP Series 5.1
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
hppCLJCM1312
hppFaxDrvCM1312
hppFaxUtilityCM1312
hppFonts
hppManualsCM1312
hppQFolderCM1312
hppScanToCM1312
hppSendFaxCM1312
hppusgCM1312
ICCHelp
Inbox Toolbar
iTunes
Java Auto Updater
Java™ 6 Update 27
Jing
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Lunascape6 (All Users)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Location Finder
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2006
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Microsoft XML Parser
Mobile Broadband Generic Drivers
MobileMe Control Panel
Mozilla Firefox (3.6.23)
MSI Software Install
MSIChecker
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NA1Messenger
NRF
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OGA Notifier 2.0.0048.0
PeerBlock 1.0.0 (r181)
PolicyManager
PrimoPDF -- by Nitro PDF Software
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Reconciler
ReportServer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SiteRanker
SupportUtility
System
System Control Manager
TrayApp
UnifiedPrinting
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
UPS WorldShip
UPSDB
UPSICC
UPSlinkHTTP
UPSVCMM
Verizon Wireless USB720-V740 Firmware Updates
Verizon Wireless USB727 Firmware Updates
VZAccess Manager
WebHelp
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WorldShip
Xvid 1.2.1 final uninstall
ZMatrix 1.5.2
.
==== Event Viewer Messages From Past Week ========
.
10/8/2011 10:11:12 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer TERRY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E89683FE-1C5F-43DE-B274-84500B139. The master browser is stopping or an election is being forced.
10/15/2011 9:17:22 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/15/2011 9:15:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000000, 0x926b8c70). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101511-19390-01.
10/13/2011 12:02:21 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.1.114. The computer with the IP address 10.0.1.107 did not allow the name to be claimed by this computer.
10/12/2011 10:17:58 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/12/2011 10:06:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/12/2011 10:00:02 AM, Error: Service Control Manager [7034] - The FileOpenManagerSvc service terminated unexpectedly. It has done this 1 time(s).
10/10/2011 7:12:25 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.1.114. The computer with the IP address 10.0.1.109 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 15 October 2011 - 05:53 PM

From your Error log.

10/15/2011 9:17:22 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.


Have a look at this page.

http://h30434.www3.hp.com/t5/Printer-All-in-One-Install-and/HP-CUE-Device-Discovery-Service/td-p/31377

can you relate to any of this?

#12 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 18 October 2011 - 01:09 PM

it doesnt seem like i relate to any of it.

I started my laptop up under safe mode with networking for when it always restarts and it did not restart under safe mode. Does this help at all?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 19 October 2011 - 10:40 AM

Try this. Let me know if you still have problem booting to Safe Mode.

Source: http://spywareinfoforum.com/index.php?showtopic=58525

; Save this text in bold as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"


; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

Delete the Fix.reg file when done.

#14 Ready2Work

Ready2Work
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:57 AM

Posted 19 October 2011 - 01:19 PM

Im sorry, i think i miss typed. The computer works fine under safe mode. It did not restart at 11 like it has been doing when it was under safe mode.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:57 AM

Posted 19 October 2011 - 05:11 PM

In Normal Mode is there any problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users