Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, i think that im infected


  • This topic is locked This topic is locked
7 replies to this topic

#1 WeGotSunshine

WeGotSunshine

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 29 November 2011 - 12:10 PM

Hi my computer is really slow and i need help. ive posted below a hijackthis log. in the task manager i got like 50 entries of regedit and this isnt normal.
and by the way i didnt installed PC Optimiser and PC maximiser and such things, we have alot of games that installed by itself on browsing internet.

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:13:29, on 2011-11-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Registry Helper\RegistryHelperService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
C:\Program Files\PC Speed Maximizer\SPMTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PC Optimizer Pro] "C:\Program Files\PC Optimizer Pro\StartApps.exe" -s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [lkg126.tmp.exe] C:\WINDOWS\system32\lkg126.tmp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe
O4 - HKCU\..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: PalTalk.lnk.disabled
O8 - Extra context menu item: &Search - ?s=100000345&p=ZLxdm018YYCA&si=&a=b15_cmRK8y.m.UihssH6Fg&n=2010041616
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} (GameDesire Solitaires) - http://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_32.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SKIP-BO%20Castaway%20Caper/Images/stg_drm.ocx
O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} (GameDesire Card Games) - http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {41ACD49D-791A-1974-0981-AA9872721044} (Ganymede Board Games) - http://cached.gamedesire.com/g_bin/eng/boards_2_0_0_39.cab
O16 - DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_34.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {9085316E-11D4-42BA-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_31.cab
O16 - DPF: {A1FE3DE0-11D4-CF77-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://cached.gamedesire.com/g_bin/eng/demon_2_0_0_34.cab
O16 - DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab
O16 - DPF: {AC120B1D-4111-9411-AF52-118052D85D45} (GameDesire Darts Games) - http://cached.gamedesire.com/g_bin/eng/darts_2_0_0_49.cab
O16 - DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} (GameDesire BreakOut) - http://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_33.cab
O16 - DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} (GameDesire 1Player Word Games) - http://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E23FABEE-33DA-12E3-DA12-195DAC123984} (GameDesire Mahjong) - http://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_35.cab
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Registry Helper Service - SafeApp Software, LLC - C:\Program Files\Registry Helper\RegistryHelperService.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 21758 bytes



Thank you for your time and help!

Edited by WeGotSunshine, 29 November 2011 - 12:41 PM.


BC AdBot (Login to Remove)

 


#2 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 29 November 2011 - 03:27 PM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org



Version de la base de données: 8271



Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702



2011-11-29 03:28:44

mbam-log-2011-11-29 (03-28-37).txt



Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 267460

Temps écoulé: 2 heure(s), 41 minute(s), 50 seconde(s)



Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 5

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 5

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 31



Processus mémoire infecté(s):

c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> 532 -> No action taken.



Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)



Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rushmore Casino (Adware.Casino) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Adware.Casino) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service (Rogue.RegistryHelper) -> No action taken.



Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)



Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.



Dossier(s) infecté(s):

c:\program files\personalsec (Rogue.PersonalSecurity) -> No action taken.

c:\program files\registry helper (Rogue.RegistryHelper) -> No action taken.



Fichier(s) infecté(s):

c:\program files\slot nuts french\miniprocess.exe (Adware.Casino) -> No action taken.

c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.

c:\program files\rushmore casino\auslots.dll (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\bj.dll (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\casino.exe (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\directsound.dll (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\extgame.dll (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\Install.exe (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\lbyinst.exe (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\miniprocess.exe (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\plibc32.dll (Adware.Casino) -> No action taken.

c:\program files\rushmore casino\winsound.dll (Adware.Casino) -> No action taken.

c:\documents and settings\administrateur\local settings\Temp\WSAlot.exe (Trojan.Downloader) -> No action taken.

c:\documents and settings\administrateur\local settings\Temp\setup[1].exe.exe (PUP.Casino) -> No action taken.

c:\documents and settings\administrateur\local settings\Temp\all2E.tmp (PUP.Casino.Gen) -> No action taken.

c:\documents and settings\administrateur\mes documents\downloads\non confirmé 73805.crdownload (Adware.Hotbar) -> No action taken.

c:\documents and settings\administrateur\mes documents\mes fichiers reçus\filmfanatic.exe (Adware.FunWeb) -> No action taken.

c:\program files\shellmenu.dll (Spyware.OnlineGames) -> No action taken.

c:\program files\personalsec\psecurity.exe.tmp1 (Rogue.PersonalSecurity) -> No action taken.

c:\program files\registry helper\header.gif (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\help.chm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\letter1.htm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\letter2.htm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\letter3.htm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\letter4.htm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\letter5.htm (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\registry helper screen saver setup.exe (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\registryhelperservice.exe (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\registryhelpersetupcb.exe (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\registryhelpersetuptr.exe (Rogue.RegistryHelper) -> No action taken.

c:\program files\registry helper\uninst.exe (Rogue.RegistryHelper) -> No action taken.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 PM

Posted 04 December 2011 - 12:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429881 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 WeGotSunshine

WeGotSunshine
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 07 December 2011 - 04:16 PM

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.18702

Run by Administrateur at 4:14:15 on 2011-12-07

Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.510.84 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\BellCanada\McciTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\mmc.exe

C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.fr/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://search.imesh.com/

mStart Page = hxxp://home.sweetim.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s

uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File

TB: !{28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {59ED24C5-0745-4256-9F4A-8C86DF2891C3} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - No File

TB: {03FEE850-0101-4E9E-B6D4-6FC74D3DB360} - No File

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll

uRun: [lkg126.tmp.exe] c:\windows\system32\lkg126.tmp.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe

uRun: [Google Update] "c:\documents and settings\administrateur\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED

uRun: [SoftBarrier] c:\program files\softbarrier software\softbarrier\SoftBarrier.exe -min

mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe

mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"

mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

StartupFolder: c:\docume~1\admini~1\menudm~1\progra~1\dmarra~1\dorafa~1.lnk - d:\ATR1.exe

StartupFolder: c:\docume~1\admini~1\menudm~1\progra~1\dmarra~1\notifi~1.lnk - c:\documents and settings\administrateur\application data\microsoft\notification de cadeaux msn\lsnfier.exe

StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\PalTalk.lnk.disabled

uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

uPolicies-explorer: NoWelcomeScreen = 1 (0x1)

dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

dPolicies-explorer: NoSMBalloonTip = 1 (0x1)

dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: &Search - ?s=100000345&p=ZLxdm018YYCA&si=&a=b15_cmRK8y.m.UihssH6Fg&n=2010041616

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrateur\menu démarrer\programmes\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {112857FE-11D5-03FF-9A3F-0080C8D85044} - hxxp://cached.gamedesire.com/g_bin/eng/solitaire_2_0_0_32.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SKIP-BO%20Castaway%20Caper/Images/stg_drm.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} - hxxp://cached.gamedesire.com/g_bin/eng/cards_2_0_0_81.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {41ACD49D-791A-1974-0981-AA9872721044} - hxxp://cached.gamedesire.com/g_bin/eng/boards_2_0_0_39.cab

DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} - hxxp://cached.gamedesire.com/g_bin/eng/navy_2_0_0_34.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 

DPF: {9085316E-11D4-42BA-BAA3-0080C8D7ED4A} - hxxp://cached.gamedesire.com/g_bin/eng/hunter_2_0_0_31.cab

DPF: {A1FE3DE0-11D4-CF77-8340-0080C8D7ED4A} - hxxp://cached.gamedesire.com/g_bin/eng/demon_2_0_0_34.cab

DPF: {A9ED6AA2-4D71-D9D4-9586-E293E2E3580B} - hxxp://cached.gamedesire.com/g_bin/eng/marbles_2_0_0_36.cab

DPF: {AC120B1D-4111-9411-AF52-118052D85D45} - hxxp://cached.gamedesire.com/g_bin/eng/darts_2_0_0_49.cab

DPF: {AD7013FF-4F36-1D9A-94A6-3CD408A663F9} - hxxp://cached.gamedesire.com/g_bin/eng/breakout_2_0_0_33.cab

DPF: {BFA1F11D-AFE1-3121-4112-983219421AEF} - hxxp://cached.gamedesire.com/g_bin/eng/wordssingle_2_0_0_52.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {E23FABEE-33DA-12E3-DA12-195DAC123984} - hxxp://cached.gamedesire.com/g_bin/eng/mahjong_2_0_0_35.cab

TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1

TCP: Interfaces\{B8C61553-7056-438F-A7BA-EC6BA13B70D4} : DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

LSA: Authentication Packages = msv1_0 nwprovau

Hosts: 127.0.0.1	www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrateur\application data\mozilla\firefox\profiles\j1y3t4y8.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=

FF - plugin: c:\documents and settings\administrateur\application data\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\administrateur\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\ganymede\plugins\npganymedenet.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmidas.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

/* Added by Bell GamesMania */

/* Enable the codebase security principal */

FF - user.js: signed.applets.codebase_principal_support - true

/* To avoid the user interaction, add the following lines: */

FF - user.js: capability.principal.codebase.YummyPlayer.granted - UniversalXPConnect

FF - user.js: capability.principal.codebase.YummyPlayer.id - hxxP://yummy.gamesmania.com/

.

============= SERVICES / DRIVERS ===============

.

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-22 54752]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-25 22216]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-2-24 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-2-24 8576]

S4 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-4-13 20480]

S4 fsssvc;Service Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S4 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S4 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-25 366152]

S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

.

=============== Created Last 30 ================

.

2011-12-03 11:47:25	--------	d-----w-	c:\program files\Pogo Games

2011-11-28 23:32:34	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-28 23:32:33	89048	----a-w-	c:\program files\mozilla firefox\libEGL.dll

2011-11-28 23:32:33	801752	----a-w-	c:\program files\mozilla firefox\mozsqlite3.dll

2011-11-28 23:32:33	719832	----a-w-	c:\program files\mozilla firefox\mozcpp19.dll

2011-11-28 23:32:33	478168	----a-w-	c:\program files\mozilla firefox\libGLESv2.dll

2011-11-28 23:32:33	2106216	----a-w-	c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-11-28 23:32:33	1998168	----a-w-	c:\program files\mozilla firefox\d3dx9_43.dll

2011-11-28 23:32:33	1989592	----a-w-	c:\program files\mozilla firefox\mozjs.dll

2011-11-28 23:32:33	16856	----a-w-	c:\program files\mozilla firefox\plugin-container.exe

2011-11-28 23:32:33	15832	----a-w-	c:\program files\mozilla firefox\mozalloc.dll

2011-11-27 02:04:50	--------	d-----w-	C:\a8189a33a8637c4cc1

2011-11-25 19:32:11	22216	----a-w-	c:\windows\system32\drivers\mbam.sys

2011-11-25 19:32:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware

2011-11-25 19:29:51	--------	d-----w-	c:\documents and settings\administrateur\application data\Malwarebytes

2011-11-25 19:29:43	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes

2011-11-25 19:26:17	--------	d-----w-	c:\program files\CCleaner

2011-11-25 19:18:19	388096	----a-r-	c:\documents and settings\administrateur\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-25 19:18:17	--------	d-----w-	c:\program files\Trend Micro

2011-11-25 02:04:54	--------	d-----w-	C:\68316a083e387e93ca

2011-11-13 04:31:47	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2011-11-13 04:31:47	--------	d-----w-	c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-11-09 02:00:22	--------	d-----w-	C:\baf4acf00d9154523728a1

.

==================== Find3M  ====================

.

2011-11-28 23:29:30	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:23:00	692736	----a-w-	c:\windows\system32\inetcomm.dll

2011-09-28 07:06:46	606208	----a-w-	c:\windows\system32\crypt32.dll

2011-09-26 09:41:40	614400	----a-w-	c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:40	22528	----a-w-	c:\windows\system32\oleaccrc.dll

2011-09-26 09:41:20	220160	----a-w-	c:\windows\system32\oleacc.dll

2006-08-11 13:10:16	5516039	----a-w-	c:\program files\jtf.exe

2006-08-11 13:10:04	6713344	----a-w-	c:\program files\workshop.exe

2006-08-08 15:59:46	53248	----a-w-	c:\program files\PhysXLoader.dll

2006-08-08 15:59:46	327680	----a-w-	c:\program files\NxCooking.dll

2006-08-08 15:59:46	2388176	----a-w-	c:\program files\d3dx9_30.dll

2006-08-08 15:59:46	193024	----a-w-	c:\program files\binkw32.dll

2006-08-02 18:57:14	473600	----a-w-	c:\program files\microsoft.directx.direct3d.dll

2006-08-02 18:57:12	223232	----a-w-	c:\program files\microsoft.directx.dll

2006-02-14 10:32:32	577536	----a-w-	c:\program files\microsoft.directx.direct3dx.dll

.

============= FINISH:  4:15:43,28 ===============



#5 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:19 PM

Posted 08 December 2011 - 08:57 AM

Hello WeGotSunshine,

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic.

  • Click on the Watch Topic button
  • Select Immediate Notification
  • Click on Proceed.

Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were having, we would appreciate you letting us know.

I will look over your logs and get back to you. :thumbup2:



Thanks!!
PW

#6 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:19 PM

Posted 08 December 2011 - 09:54 AM

Hello WeGotSunshine,


Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs in XP or Programs and Features in Vista and Windows 7

If you wish to keep it, please do not use it until your computer is cleaned.



Step 1.

We need to disable Spybot S&D's "TeaTimer"

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy



Step 2.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Step 3.

Uninstall Programs

SoftBarrier: ROGUE! anti-spyware program
http://www.systemlookup.com/search.php?list=&type=filename&search=SoftBarrier.exe&s=


  • Click "start" on the taskbar and then click on the "Control Panel" icon.
  • Please doubleclick the "Add or Remove Programs" icon
  • A list of programs installed will be "populated" this may take a bit of time.
  • If they exist, uninstall the following by clicking on the following entries and selecting "remove":

SoftBarrier anti-spyware

Please let me know if the program uninstalled.


Step 4.

Please read and follow these directions carefully.

Please rerun MBAM that appears to already be installed on your computer.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Step 5.


Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.


In your next reply please include the following:

MBAM log
Combofix.txt


How is your computer running now? Any problems?


Thanks!!
PW

#7 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:19 PM

Posted 12 December 2011 - 03:38 AM

Hello WeGotSunshine,


Do you still need assistance?
PW

#8 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:19 PM

Posted 14 December 2011 - 04:49 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users