Jump to content

Please help review my HJT Log


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 5:56:07 PM, on 10/12/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

CHROME: 30.0.1599.69

FIREFOX: 16.0.2 (en-US)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Application 

 

Updater\ApplicationUpdater.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' 

 

Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' 

 

Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet 

 

Security\Engine\17.6.0.32\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive 

 

Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front 

 

Parlor\WDFME\WDFME.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Western Digital\WD SmartWare\Front 

 

Parlor\WDSC.exe

C:\Program Files\Norton Internet 

 

Security\Engine\17.6.0.32\ccSvcHst.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common 

 

Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Microsoft 

 

Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Spigot\Search 

 

Settings\SearchSettings.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive 

 

Manager\WDDMStatus.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\My 

 

Documents\Downloads\HijackThis.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Daeron\Local 

 

Settings\Application 

 

Data\Google\Chrome\Application\chrome.exe

 

R1 - HKCU\Software\Microsoft\Internet 

 

Explorer\Main,Default_Page_URL = 

 

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel

 

=us&ibd=4070508

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start 

 

Page = 

 


R1 - HKLM\Software\Microsoft\Internet 

 

Explorer\Main,Default_Page_URL = 

 


R1 - HKLM\Software\Microsoft\Internet 

 

Explorer\Main,Default_Search_URL = 

 


R1 - HKLM\Software\Microsoft\Internet 

 

Explorer\Main,Search Page = 

 


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start 

 


R1 - HKLM\Software\Microsoft\Internet 

 

Explorer\Search,Default_Page_URL = 

 

www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel

 

=us&ibd=4070508

R1 - HKCU\Software\Microsoft\Internet Connection 

 

Wizard,ShellNext = http://skins.be/

R3 - URLSearchHook: Vuze Remote Toolbar - 

 

{05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program 

 

Files\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll

O2 - BHO: Vuze Remote Toolbar - 

 

{05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program 

 

Files\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - 

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file 

 

missing)

O2 - BHO: Spybot-S&D IE Protection - 

 

{53707962-6F74-2D53-2644-206D7942484F} - C:\Program 

 

Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - 

 

{5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - 

 

{5CA3D70E-1895-11CF-8E15-001234567890} - 

 

C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Symantec NCO BHO - 

 

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program 

 

Files\Norton Internet 

 

Security\Engine\17.6.0.32\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - 

 

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program 

 

Files\Norton Internet 

 

Security\Engine\17.6.0.32\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - 

 

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program 

 

Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - 

 

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 

 

Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - 

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program 

 

Files\Common Files\Microsoft Shared\Windows 

 

Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - 

 

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 

 

Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - 

 

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program 

 

Files\Norton Internet 

 

Security\Engine\17.6.0.32\coIEPlg.dll

O3 - Toolbar: Vuze Remote Toolbar - 

 

{05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program 

 

Files\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE 

 

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe 

 

nvHotkey.dll,Start

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] 

 

C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program 

 

Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iSUSPM Startup] 

 

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe 

 

-startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program 

 

Files\Common Files\InstallShield\UpdateService\issch.exe" 

 

-start

O4 - HKLM\..\Run: [PCMService] "C:\Program 

 

Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program 

 

Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LVCOMSX] 

 

C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Windows Defender] "C:\Program 

 

Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program 

 

Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft 

 

Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [searchSettings] "C:\Program 

 

Files\Common Files\Spigot\Search 

 

Settings\SearchSettings.exe"

O4 - HKCU\..\Run: [ctfmon.exe] 

 

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and 

 

Settings\Daeron\Local Settings\Application 

 

Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] 

 

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] 

 

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 

 

'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] 

 

C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: WDDMStatus.lnk = C:\Program 

 

Files\Western Digital\WD SmartWare\WD Drive 

 

Manager\WDDMStatus.exe

O8 - Extra context menu item: &Clean Traces - C:\Program 

 

Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - 

 

C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - 

 

C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel 

 

 

O9 - Extra button: Send to OneNote - 

 

{2670000A-7350-4f3c-8081-5663EE0C6C49} - 

 

C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - 

 

{2670000A-7350-4f3c-8081-5663EE0C6C49} - 

 

C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - 

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

 

C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - 

 

{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and 

 

Settings\Daeron\Start Menu\Programs\IMVU\Run 

 

IMVU.lnk (file missing)

O9 - Extra button: (no name) - 

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program 

 

Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy 

 

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - 

 

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - 

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - 

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - 

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - 

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - 

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

 

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - 

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

 

Files\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} 

 

(Support.com Configuration Class) - 

 


 

Verizon%20High%20Speed%20Internet%20Installer.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} 

 

(WUWebControl Class) - 

 


 

/en/x86/client/wuweb_site.cab?1237792997375

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} 

 

(MUWebControl Class) - 

 


 

/en/x86/client/muweb_site.cab?1237792987250

O18 - Protocol: grooveLocalGWS - 

 

{88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program 

 

Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Browseui preloader - 

 

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - 

 

C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache 

 

daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - 

 

C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - 

 

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe LM Service - Adobe Systems - 

 

C:\Program Files\Common Files\Adobe Systems 

 

Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service 

 

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated 

 


 

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateServi

 

ce.exe

O23 - Service: Application Updater - Spigot, Inc. - 

 

C:\Program Files\Application 

 

Updater\ApplicationUpdater.exe

O23 - Service: Java Quick Starter 

 

(JavaQuickStarterService) - Oracle Corporation - 

 

C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - 

 

Logitech, Inc. - C:\Program Files\Common 

 

Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - 

 

C:\Program Files\Malwarebytes' 

 

Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - 

 

C:\Program Files\Malwarebytes' 

 

Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service 

 

(MozillaMaintenance) - Mozilla Foundation - C:\Program 

 

Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Norton Internet Security (NIS) - Symantec 

 

Corporation - C:\Program Files\Norton Internet 

 

Security\Engine\17.6.0.32\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - 

 

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - 

 

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: TuneUp Drive Defrag Service 

 

(TuneUp.Defrag) - TuneUp Software GmbH - 

 

C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: WDDMService - WDC - C:\Program 

 

Files\Western Digital\WD SmartWare\WD Drive 

 

Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - 

 

Unknown owner - C:\Program Files\Western Digital\WD 

 

SmartWare\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - 

 

Unknown owner - C:\Program Files\Western Digital\WD 

 

SmartWare\Front Parlor\WDSC.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) 

 

- Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O24 - Desktop Component 1: (no name) - 

 


 

--

End of file - 14150 bytes

Link to post
Share on other sites

Welcome to the forum, HJT isn't used anymore...what are your concerns with the computer and.....

please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.10.2

Run by Mark Montilla at 20:34:33 on 2013-10-12

Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2046.862 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled* 

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Mark Montilla\My Documents\Downloads\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mark Montilla\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.6.0.32\inststub.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Norton Internet Security\Engine\17.6.0.32\Sevinst.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.




uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070508



uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - 

BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - 

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\17.6.0.32\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\17.6.0.32\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\17.6.0.32\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\17.6.0.32\coieplg.dll

TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - 

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\mark montilla\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mark montilla\start menu\programs\imvu\Run IMVU.lnk

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe












TCP: NameServer = 192.168.0.1

TCP: Interfaces\{C6934673-06F1-41EE-B661-8F97FAF1A314} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: 0aMCPClient - <orphaned>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo



FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\components\dtTransparency.dll

FF - component: c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\components\dtTransparency3.6.dll

FF - plugin: c:\documents and settings\mark montilla\application data\move networks\plugins\npqmp071705000014.dll

FF - plugin: c:\documents and settings\mark montilla\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mark montilla\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mark montilla\application data\mozilla\plugins\npo1d.dll

FF - plugin: c:\documents and settings\mark montilla\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2013-08-18 15:50; savingsslider@mybrowserbar.com; c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\extensions\savingsslider@mybrowserbar.com

FF - ExtSQL: 2013-09-03 21:57; vuze@mybrowserbar.com; c:\program files\vuze remote toolbar\FF

FF - ExtSQL: 2013-09-03 21:57; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\mark montilla\application data\mozilla\firefox\profiles\u59sculv.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-6 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-6 172592]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-12-23 22064]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-6 116784]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-12-23 66344]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-7 102448]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-1 22856]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-6 501888]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100402.001\IDSXpx86.sys [2010-4-5 329592]

S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-5-2 55296]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100406.023\NAVENG.SYS [2010-4-6 84912]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100406.023\NAVEX15.SYS [2010-4-6 1324720]

.

=============== Created Last 30 ================

.

2013-10-13 01:58:54 -------- d-----w- c:\windows\ERUNT

2013-10-13 01:58:45 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31d30af3-65fb-4ac3-8ffc-24894ead9ee6}\mpengine.dll

2013-10-12 00:02:28 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M  ====================

.

.

============= FINISH: 20:40:27.75 ===============
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 5/16/2007 10:05:39 AM

System Uptime: 10/12/2013 5:33:51 PM (3 hours ago)

.

Motherboard: Dell Inc. |  | 0XD720

Processor: Intel® Core2 CPU         T5300  @ 1.73GHz | Microprocessor | 1315/133mhz

Processor: Intel® Core2 CPU         T5300  @ 1.73GHz | Microprocessor | 1315/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 13.549 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 2794 GiB total, 1701.718 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1927: 8/27/2013 10:23:00 PM - Software Distribution Service 3.0

RP1928: 8/29/2013 6:59:20 AM - Unsigned driver install

RP1929: 9/2/2013 11:49:51 PM - Software Distribution Service 3.0

RP1930: 9/7/2013 8:00:36 AM - Software Distribution Service 3.0

RP1931: 9/8/2013 2:12:37 AM - Software Distribution Service 3.0

RP1932: 9/17/2013 10:49:34 PM - Software Distribution Service 3.0

RP1933: 9/18/2013 11:15:07 PM - Software Distribution Service 3.0

RP1934: 9/20/2013 12:38:28 AM - Software Distribution Service 3.0

RP1935: 9/21/2013 11:03:19 PM - Software Distribution Service 3.0

RP1936: 9/22/2013 2:10:06 AM - Software Distribution Service 3.0

RP1937: 9/22/2013 11:14:50 PM - Software Distribution Service 3.0

RP1938: 9/24/2013 12:14:27 AM - Software Distribution Service 3.0

RP1939: 9/25/2013 10:38:05 PM - System Checkpoint

RP1940: 9/26/2013 9:08:55 PM - Software Distribution Service 3.0

RP1941: 9/27/2013 9:50:24 PM - Software Distribution Service 3.0

RP1942: 9/28/2013 9:46:49 PM - Software Distribution Service 3.0

RP1943: 9/29/2013 2:35:32 AM - Software Distribution Service 3.0

RP1944: 9/29/2013 9:34:25 PM - Software Distribution Service 3.0

RP1945: 10/5/2013 11:16:36 PM - System Checkpoint

RP1946: 10/7/2013 2:48:29 AM - System Checkpoint

RP1947: 10/7/2013 4:30:52 PM - Software Distribution Service 3.0

RP1948: 10/8/2013 4:30:09 PM - Software Distribution Service 3.0

RP1949: 10/9/2013 4:23:38 PM - Software Distribution Service 3.0

RP1950: 10/10/2013 4:23:34 PM - Software Distribution Service 3.0

RP1951: 10/11/2013 4:59:49 PM - Software Distribution Service 3.0

RP1952: 10/12/2013 5:28:23 PM - Software Distribution Service 3.0

RP1953: 10/12/2013 6:57:47 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Ad-Aware Antivirus

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader 7.0.9

Adobe Shockwave Player 11.6

Adobe Stock Photos 1.0

AVG 2013

Avidemux 2.5

Broadcom Management Programs

BufferChm

CCleaner

CDDRV_Installer

Cheetah DVD Burner

CloneDVD2

Conexant HDA D110 MDC V.92 Modem

Counter-Strike 1.6

Dell Support 3.2.1

Dell System Restore

Dell Wireless WLAN Card

Digital Line Detect

DJ_AIO_03_F4200_Software

DJ_AIO_03_F4200_Software_Min

Download Accelerator Plus (DAP)

Dropbox

DVD Flick

Easy DVD Rip

eXPert PDF 4

F4200

Fantastic Flame Screensaver

ffdshow [rev 1167] [2007-05-14]

Folder Lock

GOM Player

Google Chrome

Google Talk Plugin

GTA San Andreas

Half-Life® 2

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915800)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3

InterActual Player

J2SE Runtime Environment 5.0 Update 6

Java 7 Update 10

Java Auto Updater

Java 6 Update 27

Java SE Runtime Environment 6 Update 1

K-Lite Codec Pack 9.6.0 (Full)

KhalInstallWrapper

LiveVDO plugin 1.3

Logitech SetPoint

Logitech® Camera Driver

Malwarebytes Anti-Malware version 1.75.0.1300

ManyCam 2.4 (remove only)

MediaDirect

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders  (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Windows XP Video Decoder Checkup Utility

Modem Helper

Move Media Player

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MP3 Cutter Joiner 3.00

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

NetWaiting

NVIDIA Drivers

ObjectDock Plus

Octoshape add-in for Adobe Flash Player

OutlookAddinSetup

PowerISO

QuickSet

QuickTime

RealPlayer

SAMSUNG Intelli-studio

Scan

SearchAssist

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Segoe UI

Skype™ 4.1

Slick Savings

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Spybot - Search & Destroy

Steam

swMSM

Synaptics Pointing Device Driver

Toolbox

TuneUp Utilities 2008

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB968220)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB912945)

Update for Windows XP (KB914882)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

VLC media player 2.0.5

Vuze

Vuze Remote Toolbar v7.6

WD SmartWare

WebFldrs XP

WebReg

Winamp

WinDirStat 1.1.2

Windows Defender

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

WinRAR archiver

XviD & MP3 Codec Pack (remove only)

XviD MPEG-4 Video Codec

.

==== Event Viewer Messages From Past Week ========

.

10/6/2013 6:39:12 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/6/2013 4:15:57 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

10/6/2013 4:12:20 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/6/2013 4:12:20 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/6/2013 4:11:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

10/6/2013 4:06:02 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.

10/6/2013 2:39:01 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/6/2013 2:16:35 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/6/2013 2:16:35 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/6/2013 2:15:25 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

10/6/2013 12:38:55 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/5/2013 12:28:19 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

10/5/2013 11:38:53 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/5/2013 11:13:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/5/2013 11:13:03 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.1016.0&asdelta=1.159.1016.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 

10/5/2013 11:11:49 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.1016.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

10/5/2013 11:08:52 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/5/2013 10:54:01 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgldx86

10/5/2013 10:53:52 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

10/12/2013 7:11:25 PM, error: Service Control Manager [7034]  - The Application Updater service terminated unexpectedly.  It has done this 1 time(s).

10/12/2013 5:38:18 PM, error: Service Control Manager [7022]  - The Ad-Aware service hung on starting.

10/12/2013 5:35:38 PM, error: Dhcp [1002]  - The IP address lease 192.168.0.109 for the Network Card with network address 001BFC105735 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

10/11/2013 7:29:52 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WDFME service.

.

==== End Of File ===========================
Link to post
Share on other sites

RogueKiller V8.7.2 [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows XP (5.1.2600 Service Pack 2) 

 

32 bits version

Started in : Normal mode

User : Daeron [Admin rights]

Mode : Scan -- Date : 10/12/2013 20:52:43

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 7 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> 

 

FOUND

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools 

 

(0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics 

 

(0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters 

 

(0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : 

 

Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : 

 

{20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[bROK VAL] HKCR\[...]\command :  () -> MISSING

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[12] : NtAlertResumeThread @ 0x805D3822 -> 

 

HOOKED (Unknown @ 0x8A4C3A80)

[Address] SSDT[13] : NtAlertThread @ 0x805D37D2 -> HOOKED 

 

(Unknown @ 0x8A4CA8E8)

[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A7950 

 

-> HOOKED (Unknown @ 0x8A4E6A60)

[Address] SSDT[19] : NtAssignProcessToJobObject @ 

 

0x805D52E6 -> HOOKED (Unknown @ 0x8A5DF6B0)

[Address] SSDT[31] : NtConnectPort @ 0x805A3466 -> HOOKED 

 

(Unknown @ 0x8A3D06E0)

[Address] SSDT[37] : NtCreateFile @ 0x80577F76 -> HOOKED 

 

(C:\WINDOWS\system32\windrvNT.sys @ 0xBA3D436A)

[Address] SSDT[43] : NtCreateMutant @ 0x806159EE -> 

 

HOOKED (Unknown @ 0x8A4532A0)

[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 

 

0x805C2722 -> HOOKED (Unknown @ 0x89F9D500)

[Address] SSDT[53] : NtCreateThread @ 0x805CFD34 -> 

 

HOOKED (Unknown @ 0x8A3E88D8)

[Address] SSDT[57] : NtDebugActiveProcess @ 0x806418B2 -> 

 

HOOKED (Unknown @ 0x8A69A6B0)

[Address] SSDT[68] : NtDuplicateObject @ 0x805BCD10 -> 

 

HOOKED (Unknown @ 0x8A4B94A0)

[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B1DB6 -> 

 

HOOKED (Unknown @ 0x8A4E92C8)

[Address] SSDT[89] : NtImpersonateAnonymousToken @ 

 

0x805F776E -> HOOKED (Unknown @ 0x8A69E890)

[Address] SSDT[91] : NtImpersonateThread @ 0x805D64A6 -> 

 

HOOKED (Unknown @ 0x8A6C5A30)

[Address] SSDT[97] : NtLoadDriver @ 0x80582FD6 -> HOOKED 

 

(Unknown @ 0x8A444108)

[Address] SSDT[108] : NtMapViewOfSection @ 0x805B0E3E -> 

 

HOOKED (Unknown @ 0x8A4BB538)

[Address] SSDT[114] : NtOpenEvent @ 0x8060D3BE -> HOOKED 

 

(Unknown @ 0x8A6C8C50)

[Address] SSDT[116] : NtOpenFile @ 0x80579074 -> HOOKED 

 

(C:\WINDOWS\system32\windrvNT.sys @ 0xBA3D4CD8)

[Address] SSDT[123] : NtOpenProcessToken @ 0x805EC43C -> 

 

HOOKED (Unknown @ 0x8A5BE5B0)

[Address] SSDT[125] : NtOpenSection @ 0x805A9282 -> 

 

HOOKED (Unknown @ 0x8A5B0428)

[Address] SSDT[128] : NtOpenThread @ 0x805CA3EC -> HOOKED 

 

(Unknown @ 0x8A403270)

[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B7222 

 

-> HOOKED (Unknown @ 0x89EF3268)

[Address] SSDT[145] : NtQueryDirectoryFile @ 0x80578D56 

 

-> HOOKED (C:\WINDOWS\system32\windrvNT.sys @ 0xBA3D4842)

[Address] SSDT[154] : NtQueryInformationProcess @ 

 

0x805CBCB4 -> HOOKED (C:\WINDOWS\system32\windrvNT.sys @ 

 

0xBA3D11E0)

[Address] SSDT[206] : NtResumeThread @ 0x805D365E -> 

 

HOOKED (Unknown @ 0x8A4C88E8)

[Address] SSDT[213] : NtSetContextThread @ 0x805D0456 -> 

 

HOOKED (Unknown @ 0x8A6A5C50)

[Address] SSDT[224] : NtSetInformationFile @ 0x80579F02 

 

-> HOOKED (C:\WINDOWS\system32\windrvNT.sys @ 0xBA3D5142)

[Address] SSDT[228] : NtSetInformationProcess @ 

 

0x805CCBAA -> HOOKED (Unknown @ 0x8A4B74C8)

[Address] SSDT[240] : NtSetSystemInformation @ 0x8060E076 

 

-> HOOKED (Unknown @ 0x8A589748)

[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B1C4C 

 

-> HOOKED (Unknown @ 0x8A622360)

[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> 

 

HOOKED (Unknown @ 0x8A6976E0)

[Address] Shadow SSDT[428] : NtUserGetRawInputData -> 

 

HOOKED (Unknown @ 0x89EEA3D8)

[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED 

 

(Unknown @ 0x8A6A2290)

[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED 

 

(Unknown @ 0x8A577088)

[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> 

 

HOOKED (Unknown @ 0x8A572038)

[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> 

 

HOOKED (Unknown @ 0x89F27438)

[inline] EAT @explorer.exe (??_7bad_cast@std@@6B@) : 

 

MSVCR90.dll -> HOOKED (Unknown @ 0xFFCA75FE)

[inline] EAT @explorer.exe 

 

(?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> 

 

HOOKED (Unknown @ 0xC8F7333C)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) 

 

(Standard disk drives) - Hitachi HTS541616J9SA00 +++++

--- User ---

[MBR] 700ea3e8fd05e344dcf6dd4fcf77222a

[bSP] 74c3e5f98933aa316c7c225b4c7cf3a6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 

 

63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 

 

112455 | Size: 147448 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 

 

302086260 | Size: 2047 Mo

3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 

 

306279225 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10122013_205243.txt >>
Link to post
Share on other sites

In case it helps, I also ran Adwcleaner. Log below.

 

# AdwCleaner v3.007 - Report created 12/10/2013 at 22:04:36
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Daeron 
# Running from : C:\Documents and Settings\Daeron\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Common Files\spigot
File Deleted : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveVDO plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\LiveVDO plugin
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
[ File : C:\Documents and Settings\Daeron\Application Data\Mozilla\Firefox\Profiles\u59sculv.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Daeron\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3277 octets] - [12/10/2013 21:45:29]
AdwCleaner[s0].txt - [3250 octets] - [12/10/2013 22:04:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3310 octets] ##########
Link to post
Share on other sites

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* 

 

 

 
You have 2 anti-virus programs running on the system, this is no good...they only conflict with each other ad cause spotty protection.
 
I suggest you uninstall one of them.
 
 

 

What are your concerns with the computer????

MrC

Link to post
Share on other sites

OK....lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-10-13.02 - daeron 10/13/2013  11:51:08.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -7:00]

Running from: c:\documents and settings\daeron\My Documents\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\DAERON~1\MYDOCU~1\MYOLDD~1\MYPICT~1\CONANM~1\GIFTs-~1.exe

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\ActNAV_cltDynam.dat

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\paypal.url

c:\windows\system32\SET7336.tmp

c:\windows\system32\SET733B.tmp

c:\windows\system32\SET7342.tmp

c:\windows\system32\winx.url

c:\windows\wininit.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected 

Restored copy from - c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe 

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((((((((   Files Created from 2013-09-13 to 2013-10-13  )))))))))))))))))))))))))))))))

.

.

2013-10-13 08:21 . 2013-10-13 08:21 -------- d-----w- c:\windows\system32\scripting

2013-10-13 08:21 . 2013-10-13 08:21 -------- d-----w- c:\windows\l2schemas

2013-10-13 08:21 . 2013-10-13 08:21 -------- d-----w- c:\windows\system32\en

2013-10-13 08:21 . 2013-10-13 08:21 -------- d-----w- c:\windows\system32\bits

2013-10-13 07:48 . 2013-10-13 07:48 -------- d-----w- c:\windows\EHome

2013-10-13 04:45 . 2013-10-13 05:06 -------- d-----w- C:\AdwCleaner

2013-10-13 03:49 . 2013-10-13 03:52 -------- d-----w- c:\windows\snack

2013-10-13 01:58 . 2013-10-13 01:58 -------- d-----w- c:\windows\ERUNT

2013-10-13 01:58 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31D30AF3-65FB-4AC3-8FFC-24894EAD9EE6}\mpengine.dll

2013-10-12 00:02 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-07 11:22 . 2009-10-04 09:21 238872 ------w- c:\windows\system32\MpSigStub.exe

2012-10-27 23:45 . 2012-10-27 23:45 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\daeron\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\daeron\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\daeron\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\daeron\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]

"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-01-09 19:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^daeron^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\documents and settings\daeron\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^daeron^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\daeron\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^daeron^Start Menu^Programs^Startup^GmoteServer.lnk]

path=c:\documents and settings\daeron\Start Menu\Programs\Startup\GmoteServer.lnk

backup=c:\windows\pss\GmoteServer.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]

c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-08-19 04:11 133104 ----atw- c:\documents and settings\daeron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]

2007-11-29 09:17 55824 ----a-w- c:\windows\KHALMNPR.Exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-03-21 11:03 1519616 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-05-17 06:40 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]

2006-05-04 13:58 998912 ----a-w- c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"dla"=c:\windows\system32\dla\tfswctrl.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\ironcurtain202\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\Documents and Settings\\daeron\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Documents and Settings\\daeron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\daeron\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 4:48 AM 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 177376]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 4:05 AM 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 2:02 PM 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 4:45 AM 19936]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 4:46 AM 164832]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/1/2012 3:04 PM 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/1/2012 3:04 PM 701512]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/1/2012 3:04 PM 22856]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 4:30 AM 159712]

S1 MpKsle096fab3;MpKsle096fab3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31D30AF3-65FB-4AC3-8FFC-24894EAD9EE6}\MpKsle096fab3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{31D30AF3-65FB-4AC3-8FFC-24894EAD9EE6}\MpKsle096fab3.sys [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 4:19 PM 13592]

S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [12/23/2012 10:25 PM 43368]

S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/2/2007 4:48 PM 55296]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/17/2012 7:03 PM 11520]

S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]

S3 WPRO_40_901;WinPcap Packet Driver (WPRO_40_901);c:\windows\system32\drivers\WPRO_40_901.sys --> c:\windows\system32\drivers\WPRO_40_901.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 03:26]

.

2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-20896565-2374446776-1664166936-1006Core.job

- c:\documents and settings\daeron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-19 04:11]

.

2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-20896565-2374446776-1664166936-1006UA.job

- c:\documents and settings\daeron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-19 04:11]

.

2013-10-13 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25]

.

.

------- Supplementary Scan -------

.



IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\daeron\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\daeron\Application Data\Mozilla\Firefox\Profiles\u59sculv.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo



FF - ExtSQL: 2013-08-18 15:50; savingsslider@mybrowserbar.com; c:\documents and settings\daeron\Application Data\Mozilla\Firefox\Profiles\u59sculv.default\extensions\savingsslider@mybrowserbar.com

FF - ExtSQL: 2013-09-03 21:57; vuze@mybrowserbar.com; c:\program files\Vuze Remote Toolbar\FF

FF - ExtSQL: 2013-09-03 21:57; {badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}; c:\documents and settings\daeron\Application Data\Mozilla\Firefox\Profiles\u59sculv.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Anti-phishing Domain Advisor - c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

MSConfigStartUp-Dell Photo AIO Printer 922 - c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-10-13 12:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-20896565-2374446776-1664166936-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:85,66,c7,63,df,03,71,62,1e,b7,31,f6,9a,da,04,5d,e6,c3,3c,31,11,97,78,

   8a,2f,ea,9a,b4,b4,bc,e1,0b,71,05,39,08,66,c0,d1,61,d4,37,13,30,50,aa,8d,6d,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(964)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(1576)

c:\windows\system32\WININET.dll

c:\documents and settings\daeron\Application Data\Dropbox\bin\DropboxExt.17.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\stsystra.exe

.

**************************************************************************

.

Completion time: 2013-10-13  12:05:04 - machine was rebooted

ComboFix-quarantined-files.txt  2013-10-13 19:05

.

Pre-Run: 16,064,282,624 bytes free

Post-Run: 16,078,282,752 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - E9681240F40C9785630AF244786C9310

91722E6BC3A2B40FF00222DCA4A3DB3E
Link to post
Share on other sites

Make sure your hard drive is running in the correct dma mode:

https://forums.malwarebytes.org/index.php?showtopic=117614

Then........

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

I'm sorry, I gave you the wrong post.....

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Looks Good.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Microsoft Security Essentials    

`````````Anti-malware/Other Utilities Check:````````` 

 Windows Defender    

 Malwarebytes Anti-Malware version 1.75.0.1300  

 CCleaner     

 Java 6 Update 27  

 Java 7 Update 10  

 Java SE Runtime Environment 6 Update 1 

 Java version out of Date! 

 Adobe Flash Player 11.5.502.135  

 Adobe Reader 7 Adobe Reader out of Date! 

 Mozilla Firefox 16.0.2 Firefox out of Date!  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Btw I think this might be a factor, Chrome keeps on opening to this: http://search.yahoo.com/?type=994519&fr=spigot-yhp-ch

That's what you have it set to:

 

CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Change it: (looks like all your browser go there)

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.