Jump to content

Hijack UserInt


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 1.6.0_35

Run by Miss Hugill at 15:27:04 on 2013-09-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1265 [GMT 1:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\WINDOWS\SYSTEM32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={0CF7B058-7589-4463-8FC9-FC300CCDC206}&mid=d41ed8e02b0c47d0a41e5b26693d5ac9-99e6f4ecb7e89a8a23d00e7ae57224ff75c232cb〈=en&ds=AVG&pr=fr&d=2013-01-22%2018:02:32&pid=avg&sg=&v=14.0.0.14&sap=hp

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.uk.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [PiqQpdkr] c:\users\miss hugill\appdata\local\gqwdyqyd\piqqpdkr.exe

uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Notify: SDWinLogon - SDWinLogon.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-5 64288]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-22 37664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-12 27632]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]

S2 CFRDBService;Finnigan Database Service;c:\xcalibur\system\programs\CFRDBService.exe [2013-9-6 262144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe [2013-9-6 65536]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-15 21504]

S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-10-1 376144]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-28 1817560]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-28 1033688]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-28 171928]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-11-20 12400]

S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-2 847392]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-2-12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-2-12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-2-12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-2-12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-2-12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-2-12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-2-12 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-12 90536]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-12 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-12 122152]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-12 115496]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-12 25768]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-12 111912]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-12 117672]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-12-2 31232]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2010-9-26 155320]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

.

=============== Created Last 30 ================

.

2013-09-28 21:54:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-09-28 21:53:06 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-09-28 21:52:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-09-28 15:57:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-28 15:57:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-12 20:29:02 615936 ----a-w- c:\windows\system32\themeui.dll

2013-09-12 20:27:55 2049536 ----a-w- c:\windows\system32\win32k.sys

2013-09-10 00:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-08 13:42:35 -------- d-----w- c:\users\miss hugill\.SquashOccurrences

2013-09-08 10:50:06 -------- d-----w- c:\users\miss hugill\Rob

2013-09-07 10:53:22 -------- d-----w- c:\users\miss hugill\appdata\roaming\.minecraft

2013-09-06 11:08:06 -------- d-----w- C:\Xcalibur

2013-09-05 00:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

==================== Find3M ====================

.

2013-09-28 21:31:38 5 ----a-w- c:\windows\system32\drivers\etc\hosts

2013-09-28 12:46:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-23 18:52:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-23 18:52:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-20 00:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 00:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 00:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 00:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 15:31:43.62 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 02/01/2008 19:37:06

System Uptime: 30/09/2013 15:15:20 (0 hours ago)

.

Motherboard: Acer | | Grapevine

Processor: Intel® Core2 CPU T5500 @ 1.66GHz | U1 | 1662/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 9.739 GiB free.

D: is FIXED (NTFS) - 71 GiB total, 16.449 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0171

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #53

PNP Device ID: ROOT\*ISATAP\0171

Service: tunnel

.

==== System Restore Points ===================

.

RP1546: 26/09/2013 10:25:52 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Acer Arcade Deluxe

Acer Camera Driver

Acer Empowering Technology

Acer GridVista

Acer Mobility Center Plug-In

Acer OrbiCam Application

Acer ScreenSaver

Acer Tour

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player 11.6

Age of Empires III

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2013

AVG Security Toolbar

BBC iPlayer Desktop

BlackBerry Device Manager 7.0

Bonjour

BT Desktop Help

BTHomeHub

BufferChm

CCleaner

Citrix Presentation Server Client - Web Only

Click to Call with Skype

Copy

Coupon Printer

CustomerResearchQFolder

D3DX10

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

eSupportQFolder

F300

F300_Help

F300Trb

Fax

GameShadow

Google Chrome

Google Earth

Google Update Helper

GoToAssist Corporate

HDAUDIO Soft Data Fax Modem with SmartCP

HelixDownloadManager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Photosmart Essential

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

Intel PROSet Wireless

Intel® PROSet/Wireless WiFi Software

iTunes

Java Auto Updater

Java 6 Update 2

Java 6 Update 3

Java 6 Update 35

Java 6 Update 5

Java 6 Update 7

K-Lite Codec Pack 4.7.0 (Full)

Launch Manager

LightScribe 1.4.124.1

Logitech Video Enumerator

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Media Go

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Age of Empires Gold

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MS Access 97 SP2

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MVision

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Panda Internet Security 2010

PATRICIAN II

PlayStation®Network Downloader

PlayStation®Store

PowerProducer

QuickTime

RealPlayer

Realtek High Definition Audio Driver

ReelPortal Private

Scan

SCARM 0.9.16 beta

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition

Segoe UI

SimCity 3000 UK Edition

Skype™ 6.1

SMSC Fast Infrared Driver

SolutionCenter

Sony Ericsson Update Engine

Sony Ericsson Update Service

Sony PC Companion 2.10.108

Spybot - Search & Destroy

Status

Stronghold

Stronghold 2 Deluxe

swMSM

Synaptics Pointing Device Driver

THE SETTLERS - Heritage of Kings

THE SETTLERS - Rise of an Empire

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Unity Web Player

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.1

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 5.00 (32-bit)

Xcalibur

.

==== Event Viewer Messages From Past Week ========

.

30/09/2013 15:19:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

30/09/2013 15:19:45, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0018DEADB669 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

30/09/2013 15:18:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF001-DD27-11D9-8F9C-0002B3988E81}

30/09/2013 15:17:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

30/09/2013 15:17:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

30/09/2013 15:16:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

30/09/2013 15:16:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim Avgldx86 spldr Wanarpv6

30/09/2013 15:16:52, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

30/09/2013 15:16:52, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

30/09/2013 15:16:52, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

30/09/2013 15:16:45, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

30/09/2013 15:16:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

30/09/2013 15:16:18, Error: EventLog [6008] - The previous system shutdown at 15:12:27 on 30/09/2013 was unexpected.

30/09/2013 15:05:09, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

30/09/2013 15:05:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

30/09/2013 15:05:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Driver HPZ12 service to connect.

30/09/2013 15:05:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MobilityService service to connect.

30/09/2013 15:05:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cyberlink RichVideo Service(CRVS) service to connect.

30/09/2013 15:05:09, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

30/09/2013 15:05:09, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/09/2013 15:05:09, Error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/09/2013 15:05:09, Error: Service Control Manager [7000] - The MobilityService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/09/2013 15:05:09, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/09/2013 22:49:31, Error: EventLog [6008] - The previous system shutdown at 22:48:03 on 28/09/2013 was unexpected.

28/09/2013 22:47:21, Error: EventLog [6008] - The previous system shutdown at 22:45:26 on 28/09/2013 was unexpected.

28/09/2013 21:33:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.

28/09/2013 21:33:02, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/09/2013 13:57:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

28/09/2013 13:54:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

28/09/2013 13:54:16, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/09/2013 13:47:22, Error: PlugPlayManager [10] - Error writing to server side install pipe

28/09/2013 13:45:38, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "1314" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding

28/09/2013 13:45:33, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

28/09/2013 13:45:33, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/09/2013 13:45:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

28/09/2013 13:45:33, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}. The error: "1314" Happened while starting this command: C:\Windows\ehome\ehmsas.exe -Embedding

26/09/2013 17:24:47, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {28778B62-8481-400D-8E8A-A4C81ED3F65C} as /. The error: "1314" Happened while starting this command: "C:\Windows\System32\wermgr.exe" -senstrigger -Embedding

26/09/2013 17:21:55, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

26/09/2013 17:18:25, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

26/09/2013 17:18:25, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/09/2013 17:18:15, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

26/09/2013 17:18:06, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

26/09/2013 17:17:54, Error: Service Control Manager [7034] - The eRecovery Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:43, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:40, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

26/09/2013 17:17:20, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:20, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:09, Error: Service Control Manager [7034] - The Finnigan Security Server service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:08, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:03, Error: Service Control Manager [7034] - The Finnigan Database Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:17:02, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:16:56, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

26/09/2013 17:16:56, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/09/2013 17:16:42, Error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:16:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Live ID Sign-in Assistant service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/09/2013 17:16:18, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

26/09/2013 17:16:13, Error: Service Control Manager [7034] - The pcCMService service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:16:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Lavasoft Ad-Aware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/09/2013 17:16:11, Error: Service Control Manager [7034] - The MobilityService service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:16:08, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

26/09/2013 17:16:08, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

26/09/2013 11:00:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

26/09/2013 10:54:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

26/09/2013 10:52:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.

26/09/2013 10:52:34, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

26/09/2013 09:12:32, Error: EventLog [6008] - The previous system shutdown at 20:35:05 on 25/09/2013 was unexpected.

25/09/2013 18:48:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

24/09/2013 20:35:37, Error: EventLog [6008] - The previous system shutdown at 20:25:08 on 24/09/2013 was unexpected.

24/09/2013 18:11:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.

24/09/2013 18:11:15, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

23/09/2013 21:04:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

23/09/2013 20:51:31, Error: volsnap [20] - The shadow copies of volume D: were aborted because of a failed free space computation.

23/09/2013 20:35:40, Error: EventLog [6008] - The previous system shutdown at 20:14:36 on 23/09/2013 was unexpected.

23/09/2013 19:56:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

23/09/2013 19:56:59, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Safe mode with network support

User : Miss Hugill [Admin rights]

Mode : Scan -- Date : 09/30/2013 15:47:02

| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [-] -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PiqQpdkr (C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2146661600-1499433993-4118350145-1000\[...]\Run : PiqQpdkr (C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [-]) -> FOUND

[sHELL][sUSP PATH] HKLM\[...]\Winlogon : userinit (userinit.exe,,C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [x][-]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ SECU][PUM] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{A593F6EB-99AF-4843-B4D4-006D25F4063A}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

MZP

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1600BEVS-22RST0 ATA Device +++++

--- User ---

[MBR] 2cfd5ee75126dfd67e48be1f5fcbacbb

[bSP] f9dbfb3ce51d71565415d3ff0a658f3e : Acer MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo

1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 14329980 | Size: 72990 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 163814805 | Size: 72637 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_09302013_154702.txt >>

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 1.6.0_35

Run by Miss Hugill at 15:27:04 on 2013-09-30

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1265 [GMT 1:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\WINDOWS\SYSTEM32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={0CF7B058-7589-4463-8FC9-FC300CCDC206}&mid=d41ed8e02b0c47d0a41e5b26693d5ac9-99e6f4ecb7e89a8a23d00e7ae57224ff75c232cb〈=en&ds=AVG&pr=fr&d=2013-01-22%2018:02:32&pid=avg&sg=&v=14.0.0.14&sap=hp

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.uk.acer.yahoo.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.0.0.9\AVG Secure Search_toolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [PiqQpdkr] c:\users\miss hugill\appdata\local\gqwdyqyd\piqqpdkr.exe

uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Acer Tour]

Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll

Notify: SDWinLogon - SDWinLogon.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-5 64288]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-22 37664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-12 27632]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]

S2 CFRDBService;Finnigan Database Service;c:\xcalibur\system\programs\CFRDBService.exe [2013-9-6 262144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Finnigan Security Server;Finnigan Security Server;c:\xcalibur\system\programs\finSS_Server.exe [2013-9-6 65536]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-15 21504]

S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-10-1 376144]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-28 1817560]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-28 1033688]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-28 171928]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-3-22 93072]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-11-20 12400]

S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-2 847392]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-2-12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-2-12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-2-12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-2-12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-2-12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-2-12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-2-12 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-12 90536]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-12 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-12 122152]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-12 115496]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-12 25768]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-12 111912]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-12 117672]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-12-2 31232]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2010-9-26 155320]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

.

=============== Created Last 30 ================

.

2013-09-28 21:54:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-09-28 21:53:06 15224 ----a-w- c:\windows\system32\sdnclean.exe

2013-09-28 21:52:53 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2013-09-28 15:57:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-28 15:57:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-09-12 20:29:02 615936 ----a-w- c:\windows\system32\themeui.dll

2013-09-12 20:27:55 2049536 ----a-w- c:\windows\system32\win32k.sys

2013-09-10 00:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-08 13:42:35 -------- d-----w- c:\users\miss hugill\.SquashOccurrences

2013-09-08 10:50:06 -------- d-----w- c:\users\miss hugill\Rob

2013-09-07 10:53:22 -------- d-----w- c:\users\miss hugill\appdata\roaming\.minecraft

2013-09-06 11:08:06 -------- d-----w- C:\Xcalibur

2013-09-05 00:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

==================== Find3M ====================

.

2013-09-28 21:31:38 5 ----a-w- c:\windows\system32\drivers\etc\hosts

2013-09-28 12:46:49 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-23 18:52:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-23 18:52:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-20 00:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 00:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 00:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 00:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-17 19:41:34 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-10 09:47:00 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 12:10:36 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-07-08 04:55:51 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-07-08 04:55:51 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-08 04:20:04 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-07-08 04:16:55 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-08 04:16:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-08 04:16:54 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-07-05 04:53:33 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 15:31:43.62 ===============

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : PiqQpdkr (C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2146661600-1499433993-4118350145-1000\[...]\Run : PiqQpdkr (C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [-]) -> FOUND

[sHELL][sUSP PATH] HKLM\[...]\Winlogon : userinit (userinit.exe,,C:\Users\Miss Hugill\AppData\Local\gqwdyqyd\piqqpdkr.exe [x][-]) -> FOUND

Now click Delete on the right hand column under Options

-------------

Then..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

I've included the new rogue killer log as it has a new process which had been killed, ran anti-route kit 3 times, each time it did not restart the computer and the same four were found each time.

 

RKreport0_D_09302013_165340.txt

mbar-log-2013-09-30 (17-57-48).txt

system-log.txt

mbar-log-2013-09-30 (17-32-40).txt

mbar-log-2013-09-30 (16-57-15).txt

Link to post
Share on other sites

I think you're infected with a polymorphic file infector....lets see:

Please run a free online scan with the ESET Online Scanner (it may take a while to run)
Note: You will need to use Internet Explorer for this scan.
First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked
Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

after using google translate I managed to get the green button to change, after clicking it, hit a 404 error, when i clicked back got a slightly different page with a link to esetsmartinstaller_enu.exe after copyng the link back to hidemyass I can download the file. This file says that it installs an application and launches ESET Online scanner in a seperate window. Would you like me download this file and run it?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.