Jump to content

Hijack This Lob


Recommended Posts

Computer is slow, won't allow certain programs to load and is freezing.

Any help much appreciated! :)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:48:43 PM, on 5/4/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Google Update Service (gupdate1c99c20f81df850) (gupdate1c99c20f81df850) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6634 bytes

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

RogueKiller V7.4.3 [05/04/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: john [Admin rights]

Mode: Scan -- Date: 05/04/2012 23:50:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA SCSI Disk Device +++++

--- User ---

[MBR] 7a5018e2f3edf779b3824b6f9eb9c633

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 466441 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 955273095 | Size: 10495 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: HP Photosmart D110 USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

----------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/4/2008 8:37:45 PM

System Uptime: 5/4/2012 9:37:29 PM (2 hours ago)

.

Motherboard: OEM_MB | | NARRA3

Processor: AMD Athlon 64 X2 Dual Core Processor 5400+ | Socket AM2 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 456 GiB total, 282.905 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.355 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

I: is Removable

J: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP1690: 4/26/2012 6:45:46 PM - Scheduled Checkpoint

RP1691: 4/27/2012 2:29:48 AM - Windows Update

RP1692: 4/28/2012 12:00:18 AM - Scheduled Checkpoint

RP1693: 4/29/2012 12:00:17 AM - Scheduled Checkpoint

RP1694: 4/30/2012 6:59:59 PM - Scheduled Checkpoint

RP1695: 5/1/2012 2:29:51 AM - Windows Update

RP1696: 5/2/2012 12:33:45 AM - Installed Java 6 Update 31

RP1698: 5/2/2012 12:38:03 AM - Revo Uninstaller Pro's restore point - Bonjour

RP1699: 5/2/2012 12:39:07 AM - Removed Bonjour

RP1701: 5/2/2012 12:42:27 AM - Revo Uninstaller Pro's restore point - Shop for HP Supplies

RP1703: 5/2/2012 12:43:55 AM - Revo Uninstaller Pro's restore point - My HP Games

RP1704: 5/2/2012 1:25:37 AM - Installed League of Legends

RP1705: 5/2/2012 12:56:00 PM - Installed League of Legends

RP1706: 5/2/2012 8:28:28 PM - Removed League of Legends

RP1707: 5/2/2012 9:30:34 PM - avast! Free Antivirus Setup

RP1708: 5/2/2012 10:56:03 PM - avast! Free Antivirus Setup

RP1709: 5/3/2012 6:10:27 PM - Windows Update

RP1710: 5/4/2012 8:31:03 AM - Scheduled Checkpoint

RP1711: 5/4/2012 11:58:49 AM - Installed AVG 2012

RP1712: 5/4/2012 11:59:24 AM - Installed AVG 2012

RP1714: 5/4/2012 6:46:34 PM - Revo Uninstaller Pro's restore point - Anvi Smart Defender 1.01

RP1716: 5/4/2012 9:10:19 PM - Revo Uninstaller Pro's restore point - AVG 2012

RP1718: 5/4/2012 9:13:05 PM - Revo Uninstaller Pro's restore point - AVG 2012

RP1720: 5/4/2012 9:14:47 PM - Revo Uninstaller Pro's restore point - AVG 2012

RP1721: 5/4/2012 9:18:05 PM - Removed AVG 2012

RP1722: 5/4/2012 9:25:09 PM - Removed AVG 2012

RP1724: 5/4/2012 9:30:04 PM - Revo Uninstaller Pro's restore point - Anvi Smart Defender 1.01

RP1726: 5/4/2012 9:32:02 PM - Revo Uninstaller Pro's restore point - Pando Media Booster

RP1728: 5/4/2012 9:34:06 PM - Revo Uninstaller Pro's restore point - CCleaner

RP1729: 5/4/2012 9:43:23 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader X (10.1.2)

Adobe Shockwave Player

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BufferChm

Canon Inkjet Printer Driver Add-On Module

CCScore

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

CyberLink PowerDirector

D110

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DVD Flick 1.3.0.7

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

essvatgt

fflink

Google Chrome

Google Update Helper

GPBaseService2

Hewlett-Packard Active Check for Health Check

Hewlett-Packard Asset Agent for Health Check

Highlight Viewer (Windows Live Toolbar)

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Feedback

HP Customer Participation Program 14.0

HP Demo

HP Easy Setup - Frontend

HP Imaging Device Functions 14.0

HP MediaSmart DVD

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

iCloud

iTunes

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kobo

Kodak EasyShare software

KSU

LabelPrint

LightScribe System Software

LightScribeTemplateLabeler

Logitech Legacy USB Camera Driver Package

Logitech QuickCam

Logitech QuickCam Driver Package

Map Button (Windows Live Toolbar)

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2000 Disc 2

Microsoft Office 2000 Premium

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft WSE 3.0 Runtime

MobileMe Control Panel

Mozilla Firefox (3.0.19)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

muvee autoProducer 6.1

netbrdg

Network

Notifier

NVIDIA Drivers

OfotoXMI

Origin

Power2Go

PS_AIO_07_D110_SW_Min

Python 2.5

QuickTime

QuickTransfer

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.5.3

RPS CRT

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Segoe UI

SFR

SHASTA

skin0001

SKINXSDK

Smart Menus (Windows Live Toolbar)

SmartWebPrinting

Soft Data Fax Modem with SmartCP

SolutionCenter

Spybot - Search & Destroy

staticcr

Status

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Pets

The Sims™ 3 Town Life Stuff

Toolbox

tooltips

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VeryPDF PDFcamp Printer v2.3

VPRINTOL

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WIRELESS

.

==== Event Viewer Messages From Past Week ========

.

5/4/2012 9:39:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

5/4/2012 9:39:29 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/4/2012 9:39:01 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032

5/4/2012 11:41:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/4/2012 11:34:55 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

5/4/2012 11:34:08 PM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

5/4/2012 11:17:45 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.

.

==== End Of File ===========================

----------------------------------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by john at 23:48:47 on 2012-05-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2942.1401 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\john\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BDCF3C6C-35D8-40AC-AE14-7C55CE9A6BC1} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\l5l6121a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2535290&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6fd10923-dcba-4fd6-b0fa-a12e23008c88%7D&mid=5e09df67aea447d181f9d16b53c1c057-926ab491d97ab3adef45c912479a084423daacbf&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-04%2012%3A02%3A14&sap=ku&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c99c20f81df850;Google Update Service (gupdate1c99c20f81df850);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-3 133104]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-19 21504]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-14 27192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-05-05 03:41:54 -------- d-sh--w- C:\$RECYCLE.BIN

2012-05-05 03:34:16 98816 ----a-w- c:\windows\sed.exe

2012-05-05 03:34:16 518144 ----a-w- c:\windows\SWREG.exe

2012-05-05 03:34:16 256000 ----a-w- c:\windows\PEV.exe

2012-05-05 03:34:16 208896 ----a-w- c:\windows\MBR.exe

2012-05-05 03:34:13 -------- d-----w- C:\ComboFix

2012-05-05 01:43:51 388096 ----a-r- c:\users\john\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-05 01:43:51 -------- d-----w- c:\program files\Trend Micro

2012-05-04 16:13:45 -------- d-----w- c:\users\john\appdata\roaming\Anvisoft

2012-05-04 16:12:09 -------- d-----w- c:\program files\Anvisoft

2012-05-03 22:11:02 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de269c54-a7f1-4961-a771-fa9f63d52461}\mpengine.dll

2012-05-03 01:30:41 -------- d-----w- c:\program files\AVAST Software

2012-05-02 05:56:43 -------- d-----w- c:\users\john\appdata\roaming\LolClient

2012-05-02 05:31:59 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2012-05-02 05:31:59 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2012-05-02 05:31:59 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-05-02 05:31:59 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-05-02 05:31:59 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-05-02 05:25:55 -------- d-----w- C:\Riot Games

2012-05-02 04:37:01 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-05-02 04:37:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-02 04:06:53 -------- d-----w- c:\program files\Pando Networks

2012-04-13 21:36:29 -------- d-----w- c:\users\john\appdata\local\{4A08AB7A-40E3-4308-981E-F8AB6E200BFE}

2012-04-12 07:07:46 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 07:07:46 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 07:07:46 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 07:07:46 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 07:07:02 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-12 07:07:02 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 02:50:41 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

.

==================== Find3M ====================

.

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-26 15:02:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll

.

============= FINISH: 23:49:09.54 ===============

Link to post
Share on other sites

Not much showing.....

Please make sure system restore is running and create a new restore point before continuing.

XP <====> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

OK, those files are harmless and not malware related.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.