Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have to restart often before windows loads and once it loads windows runs slow.


  • Please log in to reply
7 replies to this topic

#1 dsanchezjr73

dsanchezjr73

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 February 2013 - 08:33 PM

I want to thank you in advance for helping me. This is my wife's pc and hopefully we can sort it out. I had it done once about three years ago with my laptop and donated to the guy who helped me. So here's the log files..

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19190  BrowserJavaVersion: 10.5.0
Run by Gaby's Computer at 20:19:32 on 2013-02-26
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.958.326 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Gaby's Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\WSqmCons.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Bar = Preserve
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Spotify Web Helper] "c:\users\gaby's computer\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{280477A9-A363-4A54-951B-91179F0EC811} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{366283D1-EB2E-4F0A-AED3-0C1F37BAF55A} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{3F766A2F-A0E0-480B-9828-5874B9B23BF2} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{52B386B2-0F85-46B1-9A30-D8369F21C56F} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{6B62D9D2-EC9C-4420-B6B1-1BADF68E5840} : DHCPNameServer = 192.168.15.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files\cozi express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= avgrsstx.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gaby's computer\appdata\roaming\mozilla\firefox\profiles\v7ot3kiu.default\
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2009-7-20 21728]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-24 226016]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-24 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-24 243152]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-8 33112]
R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-24 494368]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2009-7-20 288768]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-02-18 23:20:43    33112    -c--a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-02-08 03:41:40    697712    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-08 03:41:39    74096    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-16 02:22:26    226016    -c--a-w-    c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 20:23:01.23 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:41 AM

Posted 01 March 2013 - 05:58 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


To enter System Recovery Options by using the Windows installation disc:


  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer, find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter.
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.


Edited by The Dark Knight, 01 March 2013 - 05:58 PM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 dsanchezjr73

dsanchezjr73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 01 March 2013 - 08:19 PM

Thanks for the clear instructions. Here's the log file.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-02-2013
Ran by SYSTEM at 01-03-2013 20:08:47
Running from F:\
Windows Vista ™ Home Premium   (X86) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: []  [x]
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1480296 2006-11-16] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1480296 2006-11-16] (Hewlett-Packard)
HKU\Gaby's Computer\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Gaby's Computer\...\Run: [Spotify Web Helper] "C:\Users\Gaby's Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-21] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
AppInit_DLLs: avgrsstx.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
 
==================== Services (Whitelisted) ===================
 
2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [308136 2010-07-20] (AVG Technologies CZ, s.r.o.)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115608 2013-02-19] (Mozilla Foundation)
4 SCM_Service; C:\WINDOWS\System32\WinService.exe [180224 2007-07-17] ()
2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
2 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
4 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-07-15] (Symantec Corporation)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)
3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [288768 2007-12-26] (NETGEAR Inc.)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-18] (Windows ® Codename Longhorn DDK provider)
3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [x]
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [x]
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [x]
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [x]
3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [x]
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-03-01 16:59 - 2013-03-01 17:00 - 00909670 ___AC (Farbar) C:\Users\Gaby's Computer\Downloads\FRST.exe
2013-02-26 17:23 - 2013-02-26 17:26 - 00009828 ___AC C:\Users\Gaby's Computer\Desktop\dds.txt
2013-02-26 17:23 - 2013-02-26 17:26 - 00004526 ___AC C:\Users\Gaby's Computer\Desktop\attach.txt
2013-02-26 17:17 - 2013-02-26 17:17 - 00688992 ___AC (Swearware) C:\Users\Gaby's Computer\Downloads\dds(1).com
2013-02-26 17:08 - 2013-02-26 17:16 - 00688992 ___RC (Swearware) C:\Users\Gaby's Computer\Desktop\dds.com
2013-02-19 18:12 - 2013-02-19 18:13 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2013-02-17 13:00 - 2013-02-17 13:01 - 06955968 ___AC (Microsoft Corporation) C:\Users\Gaby's Computer\Downloads\Silverlight (1).exe
2013-02-11 17:14 - 2013-02-11 17:16 - 25038149 ___AC C:\Users\Gaby's Computer\Desktop\Untitled.wmv
2013-02-10 16:41 - 2013-02-10 16:43 - 24246127 ___AC C:\Users\Gaby's Computer\Desktop\Harlem Shake v.314.wmv
2013-02-10 16:17 - 2013-02-10 16:17 - 00000000 ___DC C:\Users\Gaby's Computer\Desktop\New Folder (2)
2013-02-10 16:16 - 2013-02-10 16:19 - 67964972 ___AC C:\Users\Gaby's Computer\Desktop\DSCN1295.AVI
2013-02-10 16:14 - 2013-02-10 16:19 - 364464916 ___AC C:\Users\Gaby's Computer\Desktop\DSCN1292.AVI
 
 
==================== One Month Modified Files and Folders ========
 
2013-03-01 20:08 - 2013-03-01 20:08 - 00000000 ___DC C:\FRST
2013-03-01 17:04 - 2009-07-19 21:00 - 01439463 ___AC C:\Windows\WindowsUpdate.log
2013-03-01 17:04 - 2006-11-02 05:01 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-01 17:04 - 2006-11-02 05:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-03-01 17:04 - 2006-11-02 04:47 - 00005120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-01 17:04 - 2006-11-02 04:47 - 00005120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-01 17:01 - 2011-08-27 18:47 - 00000904 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-01 17:01 - 2006-11-02 04:52 - 00095315 ___AC C:\Windows\setupact.log
2013-03-01 17:01 - 2006-11-02 02:33 - 00709582 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-03-01 17:00 - 2013-03-01 16:59 - 00909670 ___AC (Farbar) C:\Users\Gaby's Computer\Downloads\FRST.exe
2013-03-01 16:56 - 2010-03-24 17:57 - 00000000 ___DC C:\Windows\System32\Drivers\Avg
2013-03-01 16:50 - 2011-08-27 18:47 - 00000900 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-28 19:41 - 2012-04-30 02:47 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-28 18:10 - 2011-03-06 18:12 - 00000442 __AHC C:\Windows\Tasks\User_Feed_Synchronization-{00B290C2-3FEC-4F2E-8AC5-CFBFAEF4BFF4}.job
2013-02-27 19:41 - 2012-04-30 02:47 - 00691568 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-27 19:41 - 2011-09-30 09:09 - 00071024 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-26 17:26 - 2013-02-26 17:23 - 00009828 ___AC C:\Users\Gaby's Computer\Desktop\dds.txt
2013-02-26 17:26 - 2013-02-26 17:23 - 00004526 ___AC C:\Users\Gaby's Computer\Desktop\attach.txt
2013-02-26 17:17 - 2013-02-26 17:17 - 00688992 ___AC (Swearware) C:\Users\Gaby's Computer\Downloads\dds(1).com
2013-02-26 17:16 - 2013-02-26 17:08 - 00688992 ___RC (Swearware) C:\Users\Gaby's Computer\Desktop\dds.com
2013-02-26 16:41 - 2009-07-28 17:19 - 00000000 ___DC C:\Windows\Minidump
2013-02-26 16:41 - 2009-07-19 20:56 - 00159044 ____A C:\Windows\Minidump\Mini022613-01.dmp
2013-02-24 15:40 - 2012-11-11 09:38 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2013-02-22 19:19 - 2012-06-29 19:44 - 00000000 ___DC C:\Users\Gaby's Computer\Application Data\vlc
2013-02-22 19:19 - 2012-06-29 19:44 - 00000000 ___DC C:\Users\Gaby's Computer\AppData\Roaming\vlc
2013-02-22 19:15 - 2012-07-01 07:17 - 00000000 ___DC C:\Users\Gaby's Computer\Application Data\dvdcss
2013-02-22 19:15 - 2012-07-01 07:17 - 00000000 ___DC C:\Users\Gaby's Computer\AppData\Roaming\dvdcss
2013-02-19 18:13 - 2013-02-19 18:12 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2013-02-18 15:22 - 2012-01-23 17:23 - 00000000 ___DC C:\Windows\System32\cache
2013-02-18 15:22 - 2011-12-15 16:53 - 00000000 ___DC C:\Program Files\AVG Secure Search
2013-02-18 15:20 - 2012-11-08 16:02 - 00033112 ___AC (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-02-18 15:18 - 2009-07-25 20:32 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-02-17 13:01 - 2013-02-17 13:00 - 06955968 ___AC (Microsoft Corporation) C:\Users\Gaby's Computer\Downloads\Silverlight (1).exe
2013-02-11 17:16 - 2013-02-11 17:14 - 25038149 ___AC C:\Users\Gaby's Computer\Desktop\Untitled.wmv
2013-02-11 17:16 - 2009-07-19 18:20 - 00041472 ___AC C:\Users\Gaby's Computer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 17:16 - 2009-07-19 18:20 - 00041472 ___AC C:\Users\Gaby's Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-11 17:16 - 2009-07-19 18:20 - 00041472 ___AC C:\Users\Gaby's Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-10 16:43 - 2013-02-10 16:41 - 24246127 ___AC C:\Users\Gaby's Computer\Desktop\Harlem Shake v.314.wmv
2013-02-10 16:19 - 2013-02-10 16:16 - 67964972 ___AC C:\Users\Gaby's Computer\Desktop\DSCN1295.AVI
2013-02-10 16:19 - 2013-02-10 16:14 - 364464916 ___AC C:\Users\Gaby's Computer\Desktop\DSCN1292.AVI
2013-02-10 16:17 - 2013-02-10 16:17 - 00000000 ___DC C:\Users\Gaby's Computer\Desktop\New Folder (2)
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-02-20 16:36:23
Restore point made on: 2013-02-22 18:36:33
Restore point made on: 2013-02-23 11:04:44
Restore point made on: 2013-02-24 15:55:25
Restore point made on: 2013-02-28 18:16:37
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 957.94 MB
Available physical RAM: 547.28 MB
Total Pagefile: 738.02 MB
Available Pagefile: 605.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.55 MB
 
==================== Partitions =============================
 
1 Drive c: () (Fixed) (Total:291.83 GB) (Free:198.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:6.26 GB) (Free:0.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (TOSHIBA) (Removable) (Total:7.21 GB) (Free:6.67 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       298 GB  2000 KB         
  Disk 1    Online      7397 MB      0 B         
  Disk 2    No Media        0 B      0 B         
  Disk 3    No Media        0 B      0 B         
  Disk 4    No Media        0 B      0 B         
  Disk 5    No Media        0 B      0 B         
 
Partitions of Disk 0:
===============
 
ACTIVE      - Mark the selected basic partition as active.
ADD         - Add a mirror to a simple volume.
ASSIGN      - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES  - Manipulate volume attributes.
AUTOMOUNT   - Enable and disable automatic mounting of basic volumes.
BREAK       - Break a mirror set.
CLEAN       - Clear the configuration information, or all information, off the
              disk.
CONVERT     - Convert between different disk formats.
CREATE      - Create a volume or partition.
DELETE      - Delete an object.
DETAIL      - Provide details about an object.
EXIT        - Exit DiskPart.
EXTEND      - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT      - Format the volume or partition.
GPT         - Assign attributes to the selected GPT partition.
HELP        - Display a list of commands.
IMPORT      - Import a disk group.
INACTIVE    - Mark the selected basic partition as inactive.
LIST        - Display a list of objects.
ONLINE      - Online a disk that is currently marked as offline.
REM         - Does nothing. This is used to comment scripts.
REMOVE      - Remove a drive letter or mount point assignment.
REPAIR      - Repair a RAID-5 volume with a failed member.
RESCAN      - Rescan the computer looking for disks and volumes.
RETAIN      - Place a retained partition under a simple volume.
SELECT      - Shift the focus to an object.
SETID       - Change the partition type.
SHRINK      - Reduce the size of the selected volume.
 
=========================================================
 
Partitions of Disk 1:
===============
 
ACTIVE      - Mark the selected basic partition as active.
ADD         - Add a mirror to a simple volume.
ASSIGN      - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES  - Manipulate volume attributes.
AUTOMOUNT   - Enable and disable automatic mounting of basic volumes.
BREAK       - Break a mirror set.
CLEAN       - Clear the configuration information, or all information, off the
              disk.
CONVERT     - Convert between different disk formats.
CREATE      - Create a volume or partition.
DELETE      - Delete an object.
DETAIL      - Provide details about an object.
EXIT        - Exit DiskPart.
EXTEND      - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT      - Format the volume or partition.
GPT         - Assign attributes to the selected GPT partition.
HELP        - Display a list of commands.
IMPORT      - Import a disk group.
INACTIVE    - Mark the selected basic partition as inactive.
LIST        - Display a list of objects.
ONLINE      - Online a disk that is currently marked as offline.
REM         - Does nothing. This is used to comment scripts.
REMOVE      - Remove a drive letter or mount point assignment.
REPAIR      - Repair a RAID-5 volume with a failed member.
RESCAN      - Rescan the computer looking for disks and volumes.
RETAIN      - Place a retained partition under a simple volume.
SELECT      - Shift the focus to an object.
SETID       - Change the partition type.
SHRINK      - Reduce the size of the selected volume.
 
=========================================================
 
Last Boot: 2013-03-01 16:56
 
==================== End Of Log ============================


#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:41 AM

Posted 02 March 2013 - 08:15 PM

Good afternoon dsanchesjr73,

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 dsanchezjr73

dsanchezjr73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 03 March 2013 - 05:27 AM

Here's the latest log.

 

 

 

ComboFix 13-03-02.01 - Gaby's Computer 03/03/2013   4:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.958.351 [GMT -5:00]
Running from: c:\users\Gaby's Computer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gaby's Computer\Documents\ppt516E.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\0699d3726d961e49.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\52b19eee1621714a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\79ec839b989c4512.fb
c:\windows\system32\Cache\83acd7bb09c13013.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b22d62399b231173.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e225a64b5d42dcc8.fb
c:\windows\system32\Cache\f8e309a42ca99898.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fb1ad3cf89d78ad1.fb
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-03 to 2013-03-03  )))))))))))))))))))))))))))))))
.
.
2013-03-03 10:11 . 2013-03-03 10:11    --------    dc----w-    c:\users\Gaby's Computer\AppData\Local\temp
2013-03-03 10:11 . 2013-03-03 10:11    --------    dc----w-    c:\users\Default\AppData\Local\temp
2013-03-02 04:08 . 2013-03-02 04:08    --------    dc----w-    C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 03:41 . 2012-04-30 10:47    691568    -c--a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-28 03:41 . 2011-09-30 17:09    71024    -c--a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 23:20 . 2012-11-09 00:02    33112    -c--a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-01-16 02:22 . 2010-03-25 01:58    226016    -c--a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-02-20 02:13 . 2013-02-20 02:12    263064    -c--a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 23:20    1929392    -c--a-w-    c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify Web Helper"="c:\users\Gaby's Computer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-22 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-7-20 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48    58656    -c--a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTBFirstRun]
2006-11-14 19:30    20480    -c--a-w-    c:\program files\Hewlett-Packard\SDP\HPRun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 03:33    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 12:03    75008    -c--a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11    49152    -c--a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-16 22:59    1480296    -c--a-w-    c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42    65536    ----a-w-    c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32    421160    -c--a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 15:16    65536    -c--a-w-    c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-23 01:49    13539872    -c--a-w-    c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-23 01:49    92704    ----a-w-    c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 23:55    323584    -c--a-w-    c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38    421888    -c--a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 21:38    583048    -c--a-w-    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-27 01:03    1629648    -c--a-w-    c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 03:41]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 02:46]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-28 02:46]
.
2013-03-03 c:\windows\Tasks\User_Feed_Synchronization-{00B290C2-3FEC-4F2E-8AC5-CFBFAEF4BFF4}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.15.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Gaby's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\v7ot3kiu.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
MSConfigStartUp-Facebook Update - c:\users\Gaby's Computer\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Google Update - c:\users\Gaby's Computer\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HBLiteSA - c:\program files\HBLite\bin\11.0.163.0\HBLiteSA.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-03 05:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-03  05:14:47
ComboFix-quarantined-files.txt  2013-03-03 10:14
.
Pre-Run: 212,368,564,224 bytes free
Post-Run: 214,684,000,256 bytes free
.
- - End Of File - - 5F4714645503583DB4657B956C685F72


#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:41 AM

Posted 04 March 2013 - 03:38 PM

Howdy dsanchesjr73,

 

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.


Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 dsanchezjr73

dsanchezjr73
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 04 March 2013 - 08:40 PM

Hmm. I must be doing something wrong. No log files were created, or I can't find the correct directory for them... Also, the pc seems way easier to start up and much smoother overall. Let me know which way to go. Thanks,



#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:11:41 AM

Posted 05 March 2013 - 03:34 PM

Hey dsanchezjr73,

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users