Jump to content

Virus Infection


Egarrim
 Share

Recommended Posts

Hi, i had been asked by a friend to remove some of the old and dated programs of this desktop pc. I had great dificulty removing things like pc tuneup utilities 2012, the programs were corrupted and i downloaded them again inn order to remove. There were two antivirus programs on also, Norton (Paid) and AVG 2012 (Paid) but expired. I uninstalled AVG. Anyway all seemed well untill i was asked to install the wifi printer. All went well until i pressed the scan to pc button- i was asked to install itunes !!!

Then after that the same message appeared relating to another program not related to itunes or the scanner. I thought it may be a virus, so i ran MB and it found 6 items to delete.

 

The PC is very slow even when doing word etc, 

Could you please help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.40.2
Run by The Adcock family at 17:18:09 on 2013-09-17
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2036.609 [GMT 1:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\PROGRA~1\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Users\The Adcock family\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
F:\d7.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
uProxyServer = 127.0.0.1:9666
uProxyOverride = 127.0.0.1
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - 
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MediaBar: {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - 
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [HP Photosmart 5510d series (NET)] "c:\program files\hp\hp photosmart 5510d series\bin\ScanToPCActivationApp.exe" -deviceID "CN1AQ1B81505RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [diagnostics] "c:\program files\thomson\st330\diagnostics\diagnostics.exe" /icon -l:en
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrade
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jaureg.exe" -u auto-update
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [*D7] cmd /c start "" "F:\d7.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [d7_Remove_MBAM] cmd /c start "" "c:\program files\malwarebytes' anti-malware\unins000.exe" /silent /suppressmsgboxes /norestart
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\theadc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\the adcock family\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\theadc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photol~1.lnk - c:\program files\casio\photo loader\Plauto.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001040-0002-0040-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{390E71BD-7329-477A-9E2C-4F731365DA7F} : DHCPNameServer = 192.168.1.1
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-8-5 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-8-5 934488]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130903.002\BHDrvx86.sys [2013-9-3 1097816]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-8-5 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130914.001\IDSvix86.sys [2013-9-17 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-8-5 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-8-5 352344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-30 21504]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\20.4.0.40\ccSvcHst.exe [2013-8-5 144368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-9-12 108120]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-17 40776]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-23 167264]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-29 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-6-6 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-6-6 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2008-6-6 35328]
.
=============== Created Last 30 ================
.
2013-09-17 14:52:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-17 14:51:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-17 14:51:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-16 17:44:30 -------- d-----w- c:\users\the adcock family\appdata\roaming\Malwarebytes
2013-09-16 17:43:52 -------- d-----w- c:\programdata\Malwarebytes
2013-09-16 16:32:13 -------- d-----w- C:\AdwCleaner
2013-09-16 15:14:25 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-16 13:48:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-12 19:04:00 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-09-12 19:03:58 615936 ----a-w- c:\windows\system32\themeui.dll
2013-09-12 19:03:57 2049536 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2013-09-17 14:42:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-17 14:42:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 13:47:01 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-16 13:47:00 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-05 16:05:30 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-08 12:37:10 161760 ----a-w- c:\program files\64res.dll
.
============= FINISH: 17:18:57.28 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 23/04/2008 23:21:01
System Uptime: 17/09/2013 14:37:11 (3 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Pentium® Dual  CPU  E2160  @ 1.80GHz | Socket 775 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 66.918 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.871 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0086
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #86
PNP Device ID: ROOT\*6TO4MP\0086
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0091
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #91
PNP Device ID: ROOT\*6TO4MP\0091
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0014
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #13
PNP Device ID: ROOT\*ISATAP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0027
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #25
PNP Device ID: ROOT\*ISATAP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0055
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #49
PNP Device ID: ROOT\*ISATAP\0055
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Apple Mobile Device Support
AviSynth 2.5
BBC iPlayer Download Manager
Bing Bar
Bing Bar Platform
Bingo Cafe UK
BlackBerry Desktop Software 6.1
Brother MFL-Pro Suite
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
Driver Detective
Dropbox
DVD43 v4.6.0
Free iPod Video Converter 1.34
Google Chrome
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP FWUpdateEDO2
HP Photo Creations
HP Photosmart 5510 series Basic Device Software
HP Photosmart 5510 series Help
HP Photosmart 5510 series Product Improvement Study
HP Photosmart 5510d series Basic Device Software
HP Photosmart 5510d series Help
HP Photosmart 5510d series Product Improvement Study
HP Update
HPDiagnosticAlert
HPDiagnosticCoreDll
Intel® PRO Network Connections 12.1.11.0
InterActual Player
Java 7 Update 40
Java Auto Updater
Java SE Runtime Environment 6
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Map Button (Windows Live Toolbar)
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
Norton 360
Norton Security Scan
OGA Notifier 2.0.0048.0
Photo Loader 2.3E
Photohands 1.0E
PhotoMail Maker
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Smart Menus (Windows Live Toolbar)
SpeedTouch 330
Tiscali Internet
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TuneUp Utilities Language Pack (en-GB)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
User's Guides
Vegas Pro 9.0
VLC media player 1.1.7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 
 
 
Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.6.11 [sep 11 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : The Adcock family [Admin rights]

Mode : Scan -- Date : 09/17/2013 22:43:19

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{01A9C572-B9DC-42FA-8E1A-98CD6ABF8401}.exe - --uninstall=1 [x] -> FOUND

[V2][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{01A9C572-B9DC-42FA-8E1A-98CD6ABF8401}.exe - --uninstall=1 [x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[13] : NtAlertResumeThread @ 0x8309E823 -> HOOKED (Unknown @ 0x876CE9F8)

[Address] SSDT[14] : NtAlertThread @ 0x8301734F -> HOOKED (Unknown @ 0x876CEA90)

[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8305369D -> HOOKED (Unknown @ 0x875ED0B8)

[Address] SSDT[21] : NtAlpcConnectPort @ 0x82FF58A7 -> HOOKED (Unknown @ 0x8759B2D0)

[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x82FC8B32 -> HOOKED (Unknown @ 0x876726D0)

[Address] SSDT[67] : NtCreateMutant @ 0x8302B993 -> HOOKED (Unknown @ 0x876CE820)

[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82FCB349 -> HOOKED (Unknown @ 0x876724C8)

[Address] SSDT[78] : NtCreateThread @ 0x8309CE40 -> HOOKED (Unknown @ 0x87646938)

[Address] SSDT[116] : NtDebugActiveProcess @ 0x8306FED4 -> HOOKED (Unknown @ 0x87672768)

[Address] SSDT[129] : NtDuplicateObject @ 0x83003579 -> HOOKED (Unknown @ 0x87806A38)

[Address] SSDT[147] : NtFreeVirtualMemory @ 0x82E8FE75 -> HOOKED (Unknown @ 0x877870E0)

[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x82FC5F3F -> HOOKED (Unknown @ 0x876CE8C8)

[Address] SSDT[158] : NtImpersonateThread @ 0x82FDB589 -> HOOKED (Unknown @ 0x876CE960)

[Address] SSDT[165] : NtLoadDriver @ 0x82F76E12 -> HOOKED (Unknown @ 0x8759B258)

[Address] SSDT[177] : NtMapViewOfSection @ 0x8301B994 -> HOOKED (Unknown @ 0x87787048)

[Address] SSDT[184] : NtOpenEvent @ 0x83004DF7 -> HOOKED (Unknown @ 0x876CE788)

[Address] SSDT[194] : NtOpenProcess @ 0x8302C12F -> HOOKED (Unknown @ 0x876468B0)

[Address] SSDT[195] : NtOpenProcessToken @ 0x8300CA58 -> HOOKED (Unknown @ 0x875ED140)

[Address] SSDT[197] : NtOpenSection @ 0x8301C78C -> HOOKED (Unknown @ 0x876728B8)

[Address] SSDT[201] : NtOpenThread @ 0x8302762B -> HOOKED (Unknown @ 0x87806AC0)

[Address] SSDT[210] : NtProtectVirtualMemory @ 0x830253E2 -> HOOKED (Unknown @ 0x87672628)

[Address] SSDT[282] : NtResumeThread @ 0x83026C4A -> HOOKED (Unknown @ 0x8768F028)

[Address] SSDT[289] : NtSetContextThread @ 0x8309E2CF -> HOOKED (Unknown @ 0x8768F1F0)

[Address] SSDT[305] : NtSetInformationProcess @ 0x8301F9E6 -> HOOKED (Unknown @ 0x8768F288)

[Address] SSDT[317] : NtSetSystemInformation @ 0x82FF1F1E -> HOOKED (Unknown @ 0x87672800)

[Address] SSDT[330] : NtSuspendProcess @ 0x8309E75F -> HOOKED (Unknown @ 0x87672930)

[Address] SSDT[331] : NtSuspendThread @ 0x82FA5945 -> HOOKED (Unknown @ 0x8768F0C0)

[Address] SSDT[334] : NtTerminateProcess @ 0x82FFC16B -> HOOKED (Unknown @ 0x875ED850)

[Address] SSDT[335] : NtTerminateThread @ 0x83027660 -> HOOKED (Unknown @ 0x8768F158)

[Address] SSDT[348] : NtUnmapViewOfSection @ 0x8301BC57 -> HOOKED (Unknown @ 0x8768F330)

[Address] SSDT[358] : NtWriteVirtualMemory @ 0x83018A27 -> HOOKED (Unknown @ 0x87787168)

[Address] SSDT[382] : NtCreateThreadEx @ 0x83027115 -> HOOKED (Unknown @ 0x87672570)

[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87F6F208)

[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x881C6A48)

[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x881C69D0)

[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87F6F1D0)

[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x881C6B00)

[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x88016630)

[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x881C6948)

[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x880166B8)

[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87F6F280)

[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x87F6F308)

[Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807BA140)

[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807BA140)

[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807A8A5A)

[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\System32\DRIVERS\dvd43llh.sys @ 0x8DE01B20)

[Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807A8A88)

[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807B5B70)

[Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807B5B3C)

 

¤¤¤ External Hives: ¤¤¤

-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD2500AAJS-75VWA0 ATA Device +++++

--- User ---

[MBR] e8d9f7b30f13d94c12a4a53c07f53c61

[bSP] 7b8e47267250a06aa39260c2dc400db6 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09172013_224319.txt >>
Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.