Jump to content

svchost.exe -f netsvcs malware involved or not?


Recommended Posts

I am kinda a rookie at this stuff, but wanted to see if someone could help me determine if my system is infected or not?  I am have issues with system performance.  I used Process Explorer to determine that svchost.exe -f netsvcs is hogging system resources.  There are lots of services listed under netsvcs and I'm not sure if any are malicious.  Help please? Thanks

 

Dave

 

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Here are the two logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 10.40.2
Run by Fugina Inc at 12:08:56 on 2013-11-13
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Fugina Inc\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\office14\offlb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080611
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [QuickenScheduledUpdates] c:\program files\quicken\billmind.exe
uRun: [Auto EPSON Stylus Photo R320 Series on DAVID] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P44 "Auto EPSON Stylus Photo R320 Series on DAVID" /M "Stylus Photo R320" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Auto EPSON Stylus Photo R320 Series on DAVID] c:\windows\system32\spool\drivers\w32x86\3\e_fati9fa.exe /p44 "auto epson stylus photo r320 series on david" /o16 "\\david\Printer2" /M "Stylus Photo R320"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fugina inc\application data\mozilla\firefox\profiles\g7u22b3m.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R? BrYNSvc;BrYNSvc
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? LMIRfsClientNP;LMIRfsClientNP
R? SASENUM;SASENUM
R? VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? LMIGuardianSvc;LMIGuardianSvc
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl487e8ec1;MpKsl487e8ec1
S? NovacomD;Palm Novacom
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? VBoxDrv;VirtualBox Service
S? VBoxNetFlt;VirtualBox Bridged Networking Service
S? VBoxUSBMon;VirtualBox USB Monitor Driver
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-11-13 17:26:37 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b1b1a6d-83f0-4c37-952e-75a150d3e86d}\MpKsl487e8ec1.sys
2013-11-12 00:06:30 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b1b1a6d-83f0-4c37-952e-75a150d3e86d}\mpengine.dll
2013-11-11 00:25:43 7796464 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-22 00:06:55 -------- d-----w- c:\documents and settings\fugina inc\application data\Enplase
2013-10-22 00:06:50 -------- d-----w- c:\program files\Ultima Steganography
2013-10-16 14:26:10 -------- d-----w- c:\documents and settings\fugina inc\.VirtualBox
2013-10-16 14:25:07 188176 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-10-16 14:21:33 -------- d-----w- c:\program files\Oracle
.
==================== Find3M  ====================
.
2013-11-03 22:02:55 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-11-03 22:02:55 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-11-03 22:02:53 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-11-03 22:02:52 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-09-24 20:38:34 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-24 20:38:30 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-24 20:38:29 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-24 20:38:29 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 07:40:04 668672 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 07:40:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-09-23 07:40:03 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-09-23 01:22:30 369664 ----a-w- c:\windows\system32\html.iec
2013-09-06 20:42:36 93968 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-09-06 20:42:36 174864 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-09-06 20:42:36 115984 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 20:42:36 104720 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-22 21:46:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-22 21:46:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-05 20:25:26 11019776 ----a-w- c:\program files\common files\lpuninstall.exe
.
============= FINISH: 12:20:17.21 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2008 11:15:55 AM
System Uptime: 11/13/2013 11:16:03 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel Pentium II processor | Socket 775 | 1995/200mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player
AltoMP3 Gold 5.20
Amazon MP3 Downloader 1.0.17
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Bonjour
Browser Address Error Redirector
Budget for Windows 5.0.3
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
CCleaner
Compatibility Pack for the 2007 Office system
CompTIA A+ 220-801 Essentials
Coupon Printer for Windows
CramMaster
Cucusoft DVD to iPad + iPad Video Converter Suite 8.9.8.9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Documentation & Support Launcher
Dropbox
Easy-WebPrint
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
ESPR320 Reference Guide
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
HL-2240
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Internet Service Offers Launcher
IrfanView (remove only)
iTunes
Java 7 Update 40
Java Auto Updater
Java 6 Update 5
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Sync Framework 2.0 Core Components (x86) ENU 
Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
MySQL Server 5.0
MySQL Tools for 5.0
Novacomd
Oracle VM VirtualBox 4.2.18
Picasa 3
PowerDVD
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2008
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft OmniPage SE 4.0
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2879017)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spotify
SUPERAntiSpyware Free Edition
SyncToy 2.1 (x86)
Ultima Steganography 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update for Zip Opener
VMware vSphere Client 4.1
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Driver Package - Palm (WinUSB) Palm Devices  (11/30/2008 1.0.0)
Windows Installer 3.1 (KB893803)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
Zip Opener Packages
.
==== End Of File ===========================
 
Link to post
Share on other sites

Here is the RogueKiller report

 

RogueKiller V8.7.7 [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Fugina Inc [Admin rights]
Mode : Scan -- Date : 11/13/2013 12:45:51
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][sUSP PATH] At1.job : C:\DOCUME~1\FUGINA~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\HP_Administrator\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250310AS +++++
--- User ---
[MBR] 5ad52750c1684301f1de54441b9d0e39
[bSP] 26fe7d691f9edb5d824e85e8f49dc627 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 234982 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 481339530 | Size: 3380 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD2000JD-22HBC0 +++++
--- User ---
[MBR] 938c1baa57fd501dbe48ac5e739e88a3
[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7139 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14621040 | Size: 183632 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11132013_124551.txt >>
Link to post
Share on other sites

Not much showing....lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Finally finished! No malware detected. Here are the two logs. 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.11.13.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Fugina Inc :: FUGINA [administrator]
 
11/13/2013 1:32:52 PM
mbar-log-2013-11-13 (13-32-52).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 307225
Time elapsed: 1 hour(s), 42 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.5512
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3478237184, free: 2000293888
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 6.0.2900.5512
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 3478237184, free: 2102243328
 
Downloaded database version: v2013.11.13.08
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/13/2013 13:32:27
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
kskqr.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7B1B1A6D-83F0-4C37-952E-75A150D3E86D}\MpKsl487e8ec1.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\DOCUME~1\FUGINA~1\LOCALS~1\Temp\mbr.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8afc2ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\
Lower Device Object: 0xffffffff8afc4b00
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8afe9ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8af81940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8afe9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aff0900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8afe9ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8afccf18, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af81940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 96327
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 96390  Numsec = 481243140
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 481339530  Numsec = 6924015
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250000000000 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8afc2ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8afc7900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8afc2ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8afc4b00, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 14620977
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 14621040  Numsec = 376079760
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 200049647616 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_96390_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_1_14621040_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 
Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Been slammed at work today and I'm in class as we speak.  I haven't had a chance to do anything else with what you sent me. I did want to mention that I was messing around looking at the processes and found that the "wuausrvcs" Automatic Updates process was what was specifically hogging the system. I disabled the process and the system resources went back to normal.  When I turned it back on it was hogging resources again. I wonder if the process just went haywire or if there is a virus causing the process to do that? Thoughts. 

Link to post
Share on other sites

Ok, I am trying out a couple of the solutions you posted. I never use Internet Explorer so that's why its out of date.  However, I ran the security update for it and enabled the automatic updates again and still had the same problem.  So I am looking at the other solutions to see if they will work.  If you think my system looks clean otherwise then I will continue with these solutions. Thanks for your time and research.  I will leave a tip in the jar if one of these does the trick. Thanks. 

 

Dave

Link to post
Share on other sites

Here's how I resolved mine, I went to Windows Update and had it scan for updates...it took almost 3 hours of scanning before any updates were listed.

After I installed all the updates, the problem was solved.

I would still like you to run ComboFix if you get a chance.

MrC

Link to post
Share on other sites

ok. so now I'm having trouble with getting rid of an AVG scanner.  I used an Avg removal software and it still came up when I tried to run ComboFix.  This is a link to the utility i used (http://www.avg.com/ww-en/utilities).  The application data files are gone, but somehow its still showing up. I currently run MSE antivirus and was able to disable it.  Any thoughts on the AVG issue? 

Link to post
Share on other sites

Ok. Here is the ComboFix log. 

 

ComboFix 13-11-23.02 - Fugina Inc 11/24/2013  14:09:13.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3317.2636 [GMT -6:00]
Running from: c:\documents and settings\Fugina Inc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Fugina Inc\System
c:\documents and settings\Fugina Inc\System\win_qs8.jqx
c:\windows\system32\Cache
c:\windows\system32\Cache\0aee985f42bc2486.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\29b8a734664dfb80.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\65a0a659d9c001e2.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\eb8733694b1e0039.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fa01331f514be706.fb
c:\windows\system32\Cache\fcd8e76d2fcb3ab9.fb
c:\windows\system32\Cache\fe9d6f22b738d763.fb
c:\windows\system32\SET4D.tmp
F:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-24 to 2013-11-24  )))))))))))))))))))))))))))))))
.
.
2013-11-24 03:22 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E50EAA-AAD4-40CB-816F-19387A14E750}\mpengine.dll
2013-11-22 19:57 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-21 03:53 . 2013-11-21 03:53 -------- d-----w- c:\windows\Temp6F2B27D5-D6BD-1E2D-2708-5667EF9E6F2D-Signatures
2013-11-17 16:51 . 2013-11-17 16:51 -------- d-sh--w- c:\documents and settings\Fugina Inc\PrivacIE
2013-11-17 16:50 . 2013-11-17 16:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-11-17 16:46 . 2013-10-13 07:25 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2013-11-17 16:46 . 2013-10-13 07:25 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-11-17 16:46 . 2013-10-13 07:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2013-11-17 16:46 . 2013-10-13 07:25 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2013-11-17 16:46 . 2013-10-13 07:24 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-11-17 16:46 . 2013-10-13 07:25 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-17 16:46 . 2013-10-13 07:24 2006016 ------w- c:\windows\system32\dllcache\iertutil.dll
2013-11-17 16:46 . 2013-10-13 07:24 11113472 ------w- c:\windows\system32\dllcache\ieframe.dll
2013-11-17 16:37 . 2013-11-17 16:37 -------- d-sh--w- c:\documents and settings\Fugina Inc\IETldCache
2013-11-17 16:34 . 2013-11-17 16:36 -------- dc-h--w- c:\windows\ie8
2013-11-13 19:32 . 2013-11-13 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-13 19:32 . 2013-11-13 19:32 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 19:26 . 2013-11-13 19:30 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2012-09-26 14:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-03 22:02 . 2012-12-11 03:54 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-11-03 22:02 . 2012-12-11 03:54 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-11-03 22:02 . 2012-12-11 03:54 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-11-03 22:02 . 2012-12-11 03:54 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-13 07:25 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-10 17:51 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-10 17:51 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-10 17:50 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-17 02:57 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 15:53 . 2012-08-31 03:03 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-24 20:38 . 2013-09-24 20:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-24 20:38 . 2008-06-11 16:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-24 20:38 . 2012-09-23 22:08 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-24 20:38 . 2010-09-25 15:12 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-06 20:43 . 2013-10-16 14:25 188176 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-09-06 20:42 . 2013-09-06 20:42 174864 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-09-06 20:42 . 2013-09-06 20:42 115984 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 20:42 . 2013-09-06 20:42 104720 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-09-06 20:42 . 2013-01-31 03:53 93968 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-08-29 01:31 . 2004-08-10 17:51 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 20:25 . 2013-06-05 20:10 11019776 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickenScheduledUpdates"="c:\program files\Quicken\billmind.exe" [2008-10-27 34080]
"Auto EPSON Stylus Photo R320 Series on DAVID"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Auto EPSON Stylus Photo R320 Series on DAVID"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-10-10 63048]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\Administrator.FUGINA\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\Regular User\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\Fugina Inc\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files\Quicken\billmind.exe [2008-11-6 34080]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-11 16:33 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-11-03 22:02 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Fugina Inc\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Fugina Inc\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [10/16/2013 8:25 AM 188176]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/30/2013 9:53 PM 93968]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/19/2012 6:08 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/24/2012 2:41 PM 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/25/2013 1:13 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/29/2009 4:14 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/29/2009 4:14 PM 22856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [9/6/2013 2:42 PM 115984]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [7/2/2009 4:28 PM 30720]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [4/22/2013 6:39 PM 245760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9/6/2013 2:42 PM 104720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 17:38 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-03 00:26]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-03 00:26]
.
2013-11-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fugina Inc\Application Data\Mozilla\Firefox\Profiles\g7u22b3m.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HijackThis - g:\hijackthis\HijackThis.exe
AddRemove-DSite - c:\documents and settings\Fugina Inc\Application Data\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-24 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Auto EPSON Stylus Photo R320 Series on DAVID = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P44 "Auto EPSON Stylus Photo R320 Series on DAVID" /M "Stylus Photo R320" /EF "HKCU"??????????????????p?????D~0?A~????*?A~??B~????w?C~?????????????????/V???B~????????????????????T???p6????????D~??B~??????B~o?B~?/V???????????B~????????????????????????????s??|?????????/V?????????????w?C~S?B~??B~?vB~????????????????????????(???????&???H???????4????IB~????????????????????????????????T????JB~?????????????D????????????????C~??????????????C~????????8???????????`?? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2013-11-24  14:17:44
ComboFix-quarantined-files.txt  2013-11-24 20:17
.
Pre-Run: 112,979,017,728 bytes free
Post-Run: 113,697,734,656 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 46E5150BD183836EE025B1730B925F5E
5CB90281D1A59B251F6603134774EEC3
Link to post
Share on other sites

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

 

SecCenter::

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Ok. so i ran the script twice by mistake.  I wasn't sure if I accidentally clicked the icon, so I let it run.  Then I dragged the script over there again and it ran the same scan but it looked like the AVG was gone this time. No alerts.  So I'm not sure if this log will have the same info as the previous one it created.  I didn't expect it to still run a full scan along with the removal process so I got confused.  Anyway, here it is. 

 

ComboFix 13-11-23.02 - Fugina Inc 11/24/2013  15:56:36.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3317.2572 [GMT -6:00]
Running from: c:\documents and settings\Fugina Inc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fugina Inc\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-24 to 2013-11-24  )))))))))))))))))))))))))))))))
.
.
2013-11-24 20:18 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40530CA6-C926-4DD8-B60B-30D1AB13DBDB}\mpengine.dll
2013-11-22 19:57 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-21 03:53 . 2013-11-21 03:53 -------- d-----w- c:\windows\Temp6F2B27D5-D6BD-1E2D-2708-5667EF9E6F2D-Signatures
2013-11-17 16:51 . 2013-11-17 16:51 -------- d-sh--w- c:\documents and settings\Fugina Inc\PrivacIE
2013-11-17 16:50 . 2013-11-17 16:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-11-17 16:46 . 2013-10-13 07:25 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2013-11-17 16:46 . 2013-10-13 07:25 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-11-17 16:46 . 2013-10-13 07:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2013-11-17 16:46 . 2013-10-13 07:25 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2013-11-17 16:46 . 2013-10-13 07:24 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2013-11-17 16:46 . 2013-10-13 07:25 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2013-11-17 16:46 . 2013-10-13 07:24 2006016 ------w- c:\windows\system32\dllcache\iertutil.dll
2013-11-17 16:46 . 2013-10-13 07:24 11113472 ------w- c:\windows\system32\dllcache\ieframe.dll
2013-11-17 16:37 . 2013-11-17 16:37 -------- d-sh--w- c:\documents and settings\Fugina Inc\IETldCache
2013-11-17 16:34 . 2013-11-17 16:36 -------- dc-h--w- c:\windows\ie8
2013-11-13 19:32 . 2013-11-13 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-13 19:32 . 2013-11-13 19:32 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-13 19:26 . 2013-11-13 19:30 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2012-09-26 14:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-03 22:02 . 2012-12-11 03:54 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-11-03 22:02 . 2012-12-11 03:54 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-11-03 22:02 . 2012-12-11 03:54 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-11-03 22:02 . 2012-12-11 03:54 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-13 07:25 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-10 17:51 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-10 17:51 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-10 17:50 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-04-17 02:57 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 15:53 . 2012-08-31 03:03 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-24 20:38 . 2013-09-24 20:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-24 20:38 . 2008-06-11 16:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-24 20:38 . 2012-09-23 22:08 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-24 20:38 . 2010-09-25 15:12 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-06 20:43 . 2013-10-16 14:25 188176 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-09-06 20:42 . 2013-09-06 20:42 174864 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-09-06 20:42 . 2013-09-06 20:42 115984 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 20:42 . 2013-09-06 20:42 104720 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-09-06 20:42 . 2013-01-31 03:53 93968 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-08-29 01:31 . 2004-08-10 17:51 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 20:25 . 2013-06-05 20:10 11019776 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickenScheduledUpdates"="c:\program files\Quicken\billmind.exe" [2008-10-27 34080]
"Auto EPSON Stylus Photo R320 Series on DAVID"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Auto EPSON Stylus Photo R320 Series on DAVID"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-10-10 63048]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\Administrator.FUGINA\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\Regular User\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-6-5 11019776]
.
c:\documents and settings\Fugina Inc\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files\Quicken\billmind.exe [2008-11-6 34080]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-11 16:33 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-11-03 22:02 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Documents and Settings\\Fugina Inc\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Fugina Inc\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [10/16/2013 8:25 AM 188176]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [1/30/2013 9:53 PM 93968]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/19/2012 6:08 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/24/2012 2:41 PM 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/25/2013 1:13 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/29/2009 4:14 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/29/2009 4:14 PM 22856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [9/6/2013 2:42 PM 115984]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [7/2/2009 4:28 PM 30720]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [4/22/2013 6:39 PM 245760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [9/6/2013 2:42 PM 104720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 17:38 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-03 00:26]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-03 00:26]
.
2013-11-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Fugina Inc\Application Data\Mozilla\Firefox\Profiles\g7u22b3m.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-24 16:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Auto EPSON Stylus Photo R320 Series on DAVID = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P44 "Auto EPSON Stylus Photo R320 Series on DAVID" /M "Stylus Photo R320" /EF "HKCU"??????????????????p?????D~0?A~????*?A~??B~????w?C~?????????????????/V???B~????????????????????T???p6????????D~??B~??????B~o?B~?/V???????????B~????????????????????????????s??|?????????/V?????????????w?C~S?B~??B~?vB~????????????????????????(???????&???H???????4????IB~????????????????????????????????T????JB~?????????????D????????????????C~??????????????C~????????8???????????`?? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\documents and settings\Fugina Inc\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-24  16:02:33
ComboFix-quarantined-files.txt  2013-11-24 22:02
ComboFix2.txt  2013-11-24 21:53
ComboFix3.txt  2013-11-24 20:17
.
Pre-Run: 113,734,565,888 bytes free
Post-Run: 113,717,989,376 bytes free
.
- - End Of File - - 673A71A587052AAFB02F4946062519B4
5CB90281D1A59B251F6603134774EEC3
Link to post
Share on other sites

OK.....

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Here is the Adwcleaner log.  running the Malwarebytes scan next. 

 

# AdwCleaner v3.013 - Report created 25/11/2013 at 11:28:12
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Fugina Inc - FUGINA
# Running from : C:\Documents and Settings\Fugina Inc\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\Fugina Inc\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Fugina Inc\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Fugina Inc\Application Data\Mozilla\Firefox\Profiles\g7u22b3m.default\FoxTab
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\4mbgc78d.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Fugina Inc\Application Data\Mozilla\Firefox\Profiles\g7u22b3m.default\prefs.js ]
 
Line Deleted : user_pref("avg.toolbar.searchhistory", "[\"farmtown\", \"L train+chicago+map\", \"l train\", \"chicago l+train+map\", \"chicago midway+airport\", \"weekend bed+and+breakfast+rental+chicago\", \"weeken[...]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Fugina Inc\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5508 octets] - [25/11/2013 11:26:22]
AdwCleaner[s0].txt - [5537 octets] - [25/11/2013 11:28:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5597 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.