Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HRUPPROG.DIE.NOW on startup


  • This topic is locked This topic is locked
20 replies to this topic

#1 destraction9

destraction9

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 30 April 2013 - 04:52 AM

Hi, I am new to the forums and I saw that you helped someone with a problem while trying to find aid with mine, this is a recent thing that has appeared and through searching I have seen tales of people telling of this, some saying they could not get on the internet from the infected machine and others saying their taskbars arent working. This of course worries me. On startup when I got home from work a documents folder appeared with 2 files in them HRUPPROG.DIE.NOW and HRUPPROG.txt and when opening the .txt all that was in there was the number 70, besides this there has been nothing else that has occoured but of course like anyone else I am worried and I am not sure if I delete the files if it will trigger anything. I am currently running a scan with Kaspersky PURE to see if it can detect anything. I am not very tech savy at these type of things with logs and what not but with a explination of how to do things I should be able to get through any instructions given. Thank you and I eagerly await any response.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 03 May 2013 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 03 May 2013 - 09:27 PM

I earlier went and deleted the files HRUPPROG.DIE.NOW and HRUPPROG.TXT however even after the scans the documents folder that they use to be in still persists to open on start up.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by User at 11:28:30 on 2013-05-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.1371 [GMT 10:00]
.
AV: Kaspersky PURE *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHJP.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={C2B35BF4-3997-40A6-B106-117740E7E8FD}&mid=6c6a76687e2947d1a316d16f5ede5a7c-7b0b8108a0bb740a751793d17015cec5ed27dd1f&lang=en&ds=hk014&pr=sa&d=2012-09-22 23:07:19&v=12.2.5.34&sap=hp
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX130 TX130 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihjp.exe /fu "c:\docume~1\user\locals~1\temp\E_S52.tmp" /EF "HKCU"
uRun: [AdobeBridge] <no file>
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [ProfilerU] c:\program files\smarttechnology\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\smarttechnology\software\SaiMfd.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GamecomSound] c:\program files\plantronics\gamecom780\GameCom780.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mExplorerRun: [windows] c:\documents and settings\user\application data\bin.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1310076171953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{051C5CB1-AD8C-45DE-927F-DE4F219182D7} : DHCPNameServer = 10.0.0.138
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\izbggr67.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2012-2-8 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-22 33112]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2012-2-8 39352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-22 233024]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-2-8 315408]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AVP;Kaspersky PURE;c:\program files\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\common files\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-6-7 9216]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-4-15 3289208]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-17 968880]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-11-7 285152]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2012-11-22 520576]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2012-8-13 11680]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-1-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-1-22 139648]
R3 Plantronics_GameCom;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2013-4-10 1825792]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2012-8-13 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2012-8-13 13728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2012-9-8 29184]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-25 18432]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-11-7 50704]
S3 SaiK0CD7;SaiK0CD7;c:\windows\system32\drivers\SaiK0CD7.sys [2011-9-20 147264]
S3 SaiU0CD7;SaiU0CD7;c:\windows\system32\drivers\SaiU0CD7.sys [2011-9-20 41152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-30 09:01:10    --------    d-----w-    c:\documents and settings\user\application data\TeamViewer
2013-04-29 06:34:49    --------    d-----w-    C:\Documents
2013-04-26 12:57:43    --------    d-----w-    c:\documents and settings\user\local settings\application data\LogMeIn Hamachi
2013-04-26 12:57:29    --------    d-----w-    c:\program files\LogMeIn Hamachi
2013-04-26 12:48:26    --------    d-----w-    c:\program files\j
2013-04-15 05:32:30    6128760    ----a-w-    c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-04-15 05:32:30    6128760    ----a-w-    c:\program files\mozilla firefox\browser\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2013-04-10 06:32:16    --------    d-----w-    c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-04-10 06:01:44    315392    ----a-r-    c:\windows\system\fltrPLTGC.dll
2013-04-10 06:01:44    1825792    ----a-r-    c:\windows\system32\drivers\PLTGC.sys
2013-04-10 05:53:49    568552    ------w-    c:\windows\system32\PLTGC.exe
2013-04-10 05:53:49    --------    d-----w-    c:\program files\Plantronics
2013-04-10 05:53:38    303104    ------w-    c:\windows\system32\CmiInstallResAll.dll
2013-04-10 05:53:31    319968    ----a-r-    c:\windows\difxapi.dll
2013-04-05 04:20:47    --------    d-----w-    c:\documents and settings\user\application data\.minecraft
2013-04-04 06:19:57    --------    d-----w-    C:\e8ce78e0e38c783b24
.
==================== Find3M  ====================
.
2013-05-04 01:09:32    78848    ----a-w-    c:\windows\KMSEmulator.exe
2013-04-02 12:14:09    139832    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2013-04-02 12:13:57    281768    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2013-04-02 12:13:57    281768    ----a-w-    c:\windows\system32\PnkBstrB.exe
2013-03-26 03:02:16    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-26 03:02:14    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-26 03:02:13    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-26 03:02:13    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 13:39:38    281768    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2013-03-17 06:57:45    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-03-15 06:49:50    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 06:49:50    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-10 02:45:12    98304    ----a-w-    c:\windows\DUMPef9f.tmp
2013-03-10 02:32:40    98304    ----a-w-    c:\windows\DUMPfc03.tmp
2013-03-10 02:30:20    98304    ----a-w-    c:\windows\DUMPfa00.tmp
2013-03-10 02:27:59    90112    ----a-w-    c:\windows\DUMPf54c.tmp
2013-03-10 01:13:38    98304    ----a-w-    c:\windows\DUMPf58b.tmp
2013-03-10 01:09:25    98304    ----a-w-    c:\windows\DUMPf760.tmp
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 04:12:23    114688    ----a-w-    c:\windows\DUMPedda.tmp
2013-03-07 04:10:05    114688    ----a-w-    c:\windows\DUMPef13.tmp
2013-03-07 04:07:56    114688    ----a-w-    c:\windows\DUMPec05.tmp
2013-03-07 04:03:21    114688    ----a-w-    c:\windows\DUMPec44.tmp
2013-03-07 04:01:12    114688    ----a-w-    c:\windows\DUMPe9d3.tmp
2013-03-07 03:58:54    114688    ----a-w-    c:\windows\DUMPeabd.tmp
2013-03-07 03:56:45    114688    ----a-w-    c:\windows\DUMPecd1.tmp
2013-03-07 03:54:37    114688    ----a-w-    c:\windows\DUMPed4e.tmp
2013-03-07 03:52:28    114688    ----a-w-    c:\windows\DUMPe9a5.tmp
2013-03-07 03:50:19    114688    ----a-w-    c:\windows\DUMPeca2.tmp
2013-03-07 03:46:03    114688    ----a-w-    c:\windows\DUMPec34.tmp
2013-03-07 03:43:54    114688    ----a-w-    c:\windows\DUMPee19.tmp
2013-03-07 03:41:35    114688    ----a-w-    c:\windows\DUMPeb2b.tmp
2013-03-07 03:39:26    114688    ----a-w-    c:\windows\DUMPf6f2.tmp
2013-03-07 03:37:15    114688    ----a-w-    c:\windows\DUMPec82.tmp
2013-03-07 03:34:57    114688    ----a-w-    c:\windows\DUMPec73.tmp
2013-03-07 03:32:49    114688    ----a-w-    c:\windows\DUMPe80e.tmp
2013-03-07 03:30:41    114688    ----a-w-    c:\windows\DUMPe9a4.tmp
2013-03-07 03:28:32    114688    ----a-w-    c:\windows\DUMPe7cf.tmp
2013-03-07 03:26:15    114688    ----a-w-    c:\windows\DUMPf04b.tmp
2013-03-07 03:23:56    114688    ----a-w-    c:\windows\DUMPe88b.tmp
2013-03-07 03:21:48    114688    ----a-w-    c:\windows\DUMPf378.tmp
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-06 08:08:10    114688    ----a-w-    c:\windows\DUMPea02.tmp
2013-03-06 08:06:20    114688    ----a-w-    c:\windows\DUMPf155.tmp
2013-03-03 03:42:19    114688    ----a-w-    c:\windows\DUMPe781.tmp
2013-03-03 03:40:13    114688    ----a-w-    c:\windows\DUMPf6c3.tmp
2013-03-03 03:37:53    114688    ----a-w-    c:\windows\DUMPe714.tmp
2013-03-03 03:35:46    114688    ----a-w-    c:\windows\DUMPee67.tmp
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-23 04:24:09    114688    ----a-w-    c:\windows\DUMPe5fb.tmp
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
.
============= FINISH: 11:31:02.60 ===============
 

 

 

 

 

 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 AVG Security Toolbar    
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 JavaFX 2.0.3    
 Java™ 6 Update 22  
 Java™ 6 Update 29  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky PURE avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

 

 

# AdwCleaner v2.300 - Logfile created 05/04/2013 at 12:13:42
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater14.2.0

***** [Files / Folders] *****

Deleted on reboot : C:\DOCUME~1\User\LOCALS~1\Temp\Zynga
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={C2B35BF4-3997-40A6-B106-117740E7E8FD}&mid=6c6a76687e2947d1a316d16f5ede5a7c-7b0b8108a0bb740a751793d17015cec5ed27dd1f&lang=en&ds=hk014&pr=sa&d=2012-09-22 23:07:19&v=12.2.5.34&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\izbggr67.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B70d5b7ce-fc90-8d0c-fe14[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"backup":{"session":{"urls_to_restore_on_startup":["hxxp://isearch.avg.com/[...]

*************************

AdwCleaner[R1].txt - [59210 octets] - [04/05/2013 12:13:19]
AdwCleaner[S1].txt - [7291 octets] - [04/05/2013 12:13:42]

########## EOF - C:\AdwCleaner[S1].txt - [7351 octets] ##########

 

Thank you for your assistance so far and I cant wait to hear back from you.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 04 May 2013 - 07:27 AM

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

POST THE LOGS FOR MY REVIEW.
===

While I check your logs execute these updates.



Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 22
Java 6 Update 29
Java 7 Update 17


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#5 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 04 May 2013 - 11:04 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 05/05/2013 12:47:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\Run : windows (C:\Documents and Settings\User\Application Data\bin.exe) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UI +++++
--- User ---
[MBR] 573fff2277e0bb177c8ab9b987482f8c
[BSP] 2a67e9ba4f7cd70bccb7f19bffdc866b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05052013_02d1247.txt >>
RKreport[1]_S_05052013_02d1247.txt
 

 

 

 

 

 

 

ComboFix 13-05-04.01 - User 05/05/2013  13:07:31.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2332 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\invs.vbs
c:\documents and settings\User\Application Data\java.bat
c:\documents and settings\User\Application Data\java2.bat
c:\documents and settings\User\Application Data\keylog
c:\documents and settings\User\Application Data\Love
c:\documents and settings\User\Application Data\Love\mari0\options.txt
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8e927b6121212fbd.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c171b1f37b93cd2c.fb
c:\windows\system32\Cache\c19cfed3ae68341e.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e40667ff75f6c46f.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\npf.sys
c:\windows\system32\frapsvid.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
c:\windows\wininit.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\services.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-05 to 2013-05-05  )))))))))))))))))))))))))))))))
.
.
2013-04-30 09:01 . 2013-04-30 09:01    --------    d-----w-    c:\documents and settings\User\Application Data\TeamViewer
2013-04-29 06:34 . 2013-05-02 05:35    --------    d-----w-    C:\Documents
2013-04-26 12:57 . 2013-05-05 03:27    --------    d-----w-    c:\documents and settings\User\Local Settings\Application Data\LogMeIn Hamachi
2013-04-26 12:57 . 2013-05-05 03:23    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2013-04-26 12:57 . 2013-04-26 12:57    --------    d-----w-    c:\program files\LogMeIn Hamachi
2013-04-26 12:48 . 2013-04-26 12:48    --------    d-----w-    c:\program files\j
2013-04-10 06:32 . 2013-04-10 06:32    --------    d-----w-    c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-04-10 06:01 . 2011-10-04 03:03    1825792    ----a-r-    c:\windows\system32\drivers\PLTGC.sys
2013-04-10 06:01 . 2004-04-14 19:28    315392    ----a-r-    c:\windows\system\fltrPLTGC.dll
2013-04-10 05:53 . 2013-04-10 05:53    --------    d-----w-    c:\program files\Plantronics
2013-04-10 05:53 . 2011-12-01 20:11    568552    ------w-    c:\windows\system32\PLTGC.exe
2013-04-10 05:53 . 2009-08-20 09:00    303104    ------w-    c:\windows\system32\CmiInstallResAll.dll
2013-04-10 05:53 . 2006-10-06 22:47    319968    ----a-r-    c:\windows\difxapi.dll
2013-04-05 04:20 . 2013-05-04 06:35    --------    d-----w-    c:\documents and settings\User\Application Data\.minecraft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 03:26 . 2012-07-24 05:58    78848    ----a-w-    c:\windows\KMSEmulator.exe
2013-04-02 12:14 . 2011-10-25 11:03    139832    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2013-04-02 12:13 . 2011-10-28 22:34    281768    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2013-04-02 12:13 . 2011-10-25 11:03    281768    ----a-w-    c:\windows\system32\PnkBstrB.exe
2013-03-26 03:02 . 2013-03-26 03:02    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-26 03:02 . 2011-08-22 10:31    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-03-26 03:02 . 2012-04-19 06:00    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-26 03:02 . 2011-08-22 10:31    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 13:39 . 2011-10-25 11:03    281768    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2013-03-17 06:57 . 2012-09-22 13:07    33112    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-03-15 06:49 . 2012-04-24 10:52    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-03-15 06:49 . 2011-07-07 22:33    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 02:45 . 2011-07-07 23:11    98304    ----a-w-    c:\windows\DUMPef9f.tmp
2013-03-10 02:32 . 2011-07-07 23:11    98304    ----a-w-    c:\windows\DUMPfc03.tmp
2013-03-10 02:30 . 2011-07-07 23:11    98304    ----a-w-    c:\windows\DUMPfa00.tmp
2013-03-10 02:27 . 2011-07-07 23:11    90112    ----a-w-    c:\windows\DUMPf54c.tmp
2013-03-10 01:13 . 2011-07-07 23:11    98304    ----a-w-    c:\windows\DUMPf58b.tmp
2013-03-10 01:09 . 2011-07-07 23:11    98304    ----a-w-    c:\windows\DUMPf760.tmp
2013-03-08 08:36 . 2004-08-04 12:00    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 04:12 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPedda.tmp
2013-03-07 04:10 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPef13.tmp
2013-03-07 04:07 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPec05.tmp
2013-03-07 04:03 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPec44.tmp
2013-03-07 04:01 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe9d3.tmp
2013-03-07 03:58 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPeabd.tmp
2013-03-07 03:56 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPecd1.tmp
2013-03-07 03:54 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPed4e.tmp
2013-03-07 03:52 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe9a5.tmp
2013-03-07 03:50 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPeca2.tmp
2013-03-07 03:46 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPec34.tmp
2013-03-07 03:43 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPee19.tmp
2013-03-07 03:41 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPeb2b.tmp
2013-03-07 03:39 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPf6f2.tmp
2013-03-07 03:37 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPec82.tmp
2013-03-07 03:34 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPec73.tmp
2013-03-07 03:32 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe80e.tmp
2013-03-07 03:30 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe9a4.tmp
2013-03-07 03:28 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe7cf.tmp
2013-03-07 03:26 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPf04b.tmp
2013-03-07 03:23 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe88b.tmp
2013-03-07 03:21 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPf378.tmp
2013-03-07 01:32 . 2004-08-04 12:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-06 08:08 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPea02.tmp
2013-03-06 08:06 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPf155.tmp
2013-03-03 03:42 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe781.tmp
2013-03-03 03:40 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPf6c3.tmp
2013-03-03 03:37 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe714.tmp
2013-03-03 03:35 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPee67.tmp
2013-03-02 02:06 . 2004-08-04 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2011-07-07 21:17    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-23 04:24 . 2011-07-07 23:11    114688    ----a-w-    c:\windows\DUMPe5fb.tmp
2013-02-12 00:32 . 2008-04-13 18:56    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-04-12 03:33 . 2013-04-12 03:32    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 12:05    129624    ----a-w-    c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-23 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 313856]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 122880]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-03 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-01 15524712]
"NvMediaCenter"="NvMCTray.dll" [2012-12-01 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-12-03 1982312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-10-8 40136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-07 15:36    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-14 01:08    2255360    ----a-w-    c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 12:12    3872080    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 08:50    18642024    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-04-19 21:10    1631144    ----a-w-    c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Dead Island\\DeadIslandGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\User\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\magic 2012 demo\\Magic_2012.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\AppLaunch.exe"=
"c:\\Program Files\\Omni\\Omni.exe"=
"c:\\Documents and Settings\\User\\Application Data\\F62IPU9EJ.exe"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blacklightretribution\\Blacklight Retribution.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\PlanetSide 2\\LaunchPad.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Torchlight II\\Torchlight2.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Warframe\\Downloaded\\Public\\Tools\\Launcher.exe"=
"c:\\Program Files\\Warframe\\Downloaded\\Public\\Warframe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Sid Meier's Civilization V\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\apocalypse45\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Dishonored\\Binaries\\Win32\\Dishonored.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Torchlight II\\ModLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Counter-Strike Global Offensive\\csgo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Natural Selection 2\\NS2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Team Fortress 2\\hl2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58775:TCP"= 58775:TCP:Pando Media Booster
"58775:UDP"= 58775:UDP:Pando Media Booster
"58304:TCP"= 58304:TCP:Pando Media Booster
"58304:UDP"= 58304:UDP:Pando Media Booster
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2/8/2012 6:28 PM 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/22/2011 10:56 PM 685816]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/22/2012 11:07 PM 33112]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2/8/2012 6:28 PM 39352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/22/2011 11:14 PM 233024]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [9/14/2011 10:06 PM 169624]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2009 5:34 PM 743992]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 2:22 PM 822624]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/14/2012 11:08 AM 1436160]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [6/7/2012 2:31 PM 9216]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 8:30 AM 508776]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [4/15/2013 3:27 PM 3289208]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [11/22/2012 3:36 PM 520576]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [8/13/2012 4:44 PM 11680]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [1/22/2010 12:21 PM 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [1/22/2010 12:21 PM 139648]
R3 Plantronics_GameCom;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [4/10/2013 4:01 PM 1825792]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 8:30 AM 219496]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [8/13/2012 4:44 PM 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [8/13/2012 4:44 PM 13728]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [11/7/2012 9:48 AM 285152]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [9/8/2012 11:39 AM 29184]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/25/2011 10:53 AM 18432]
S3 SaiK0CD7;SaiK0CD7;c:\windows\system32\drivers\SaiK0CD7.sys [9/20/2011 9:34 AM 147264]
S3 SaiU0CD7;SaiU0CD7;c:\windows\system32\drivers\SaiU0CD7.sys [9/20/2011 9:34 AM 41152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 06:49]
.
2013-04-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-24 20:09]
.
2013-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2013-05-05 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-03-21 06:55]
.
2013-05-05 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-03-21 06:55]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:32]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:32]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1303643608-682003330-1004Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-07 02:49]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1303643608-682003330-1004UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-07 02:49]
.
2011-12-19 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-10-12 05:31]
.
2013-05-05 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-10-12 05:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\izbggr67.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-LAME for Audacity_is1 - c:\fraps\New Folder\unins000.exe
AddRemove-PaintToolSAI - c:\documents and settings\User\Desktop\PaintToolSAI\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-05 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c8,eb,9f,b9,91,d4,35,d7,2a,7a,12,29,40,52,19,55,db,85,3d,8c,91,
   66,79,da,76,1d,ba,36,96,84,ce,74,91,1b,1f,c9,cf,9d,c4,aa,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ae9d23b8-7920-465f-bb63-f025c6dadd28}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6088)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files\Tablet\Wacom\Wacom_Tablet.exe
c:\program files\Tablet\Wacom\Wacom_TouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-05-05  13:31:58 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-05 03:31
.
Pre-Run: 631,140,311,040 bytes free
Post-Run: 637,631,283,200 bytes free
.
- - End Of File - - EF71426700366843B346E24580031271
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 05 May 2013 - 07:48 AM

Looking better,

Please run the RogueKiller tool again but this time select the Delete option.

Post a fresh log.

Let me know what problem persists.

#7 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 06 May 2013 - 12:30 AM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 05/06/2013 15:22:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UI +++++
--- User ---
[MBR] 573fff2277e0bb177c8ab9b987482f8c
[BSP] 2a67e9ba4f7cd70bccb7f19bffdc866b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05062013_02d1522.txt >>
RKreport[1]_S_05062013_02d1521.txt ; RKreport[2]_D_05062013_02d1522.txt



Very happy to say that I have not gotten any pop up on start up and cant see any problems currently :D



#8 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 06 May 2013 - 03:50 AM

Something to add however I am not sure if it has anything to do with a virus or such, I have been experiencing a bad spot of laggy internet on websites, mainly youtube and what not. Usually I have no problems with it at all however lately I have had to leave it on for a while to buffer before watching, the only programs open at the time being skype however not in a call and Kaspersky. Could this be the result of something?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 06 May 2013 - 07:39 AM


Your logs show a good number of .tmp file such as these.

2013-03-10 02:45 . 2011-07-07 23:11 98304 ----a-w- c:\windows\DUMPef9f.tmp
2013-03-10 02:32 . 2011-07-07 23:11 98304 ----a-w- c:\windows\DUMPfc03.tmp
2013-03-10 02:30 . 2011-07-07 23:11 98304 ----a-w- c:\windows\DUMPfa00.tmp
2013-03-10 02:27 . 2011-07-07 23:11 90112 ----a-w- c:\windows\DUMPf54c.tmp
2013-03-10 01:13 . 2011-07-07 23:11 98304 ----a-w- c:\windows\DUMPf58b.tmp
2013-03-10 01:09 . 2011-07-07 23:11 98304 ----a-w- c:\windows\DUMPf760.tmp


Are they still being created?
Please check your Windows folder and find out.

Check also your Virtual Memory settings.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sysdm_advancd_perform_change_vmpagefile.mspx?mfr=true
How does your compare with the recommended size?

#10 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 06 May 2013 - 07:56 AM

Yes, there are a total of 34 dump files when I checked just now,

 

Aswell for the second part my Initial Size is (MB): 2046

Maximum size (MB): 4092

recommended: 4606 MB

So C:            2046 - 4092


Edited by destraction9, 06 May 2013 - 07:57 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 06 May 2013 - 08:13 AM

Aswell for the second part my Initial Size is (MB): 2046
Maximum size (MB): 4092
recommended: 4606 MB
So C: 2046 - 4092


Change it to the recommended size 4606.

Delete all the DUMPxxxx.tmp files.

Restart the computer. Was a DUMPxxxx.tmp file created?

#12 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 06 May 2013 - 08:42 AM

I have deleted all of the dump files and changed the maximum to 4606, after the restart I have check WINDOWS and I do not see any DUMP files currently there.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 06 May 2013 - 09:24 AM

Is your problem still persisting?

#14 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 07 May 2013 - 04:13 AM

I am currently experiencing no forms of lag  and I am seeing no form of suspicions to any viruses that may be lingering.



#15 destraction9

destraction9
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 07 May 2013 - 05:15 AM

I have been noticing that I have been getting some random spikes in my ping and i was wondering if this could be a thing?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users