Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC suddenly acting fishy


  • This topic is locked This topic is locked
6 replies to this topic

#1 motoxfmx27

motoxfmx27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 21 October 2013 - 06:59 AM

BleepingComputer.com,

 

My desktop computer has suddenly started acting very weird. Firefox is crashing nonstop, crash after crash. The computer will suddenly shut itself off and restart to a "system recovered from a serious error" error. I am getting all sorts of error reports. I have no idea what any of what I am experiencing means. I am far from a computer guru.

 

Please help if you can. I appreciate any help and reponses I may receive.

 

Thank you.

 

Below is the log from HijackThis.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:51:52 AM, on 10/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 24.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Family\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259589741796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7580 bytes

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 21 October 2013 - 07:16 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 motoxfmx27

motoxfmx27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 October 2013 - 04:16 AM

Thank you for wanting to help TB-Psychotic.

 

Below is the DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Family at 7:24:19 on 2013-10-21
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.235 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - LocalServer32 - <no file>
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259589741796
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{000FFD6B-EC0F-41B8-AB7A-EB70256BB4DE} : DHCPNameServer = 64.7.11.2 66.80.131.5
TCP: Interfaces\{810F7034-0107-484F-9668-DD2A052567B1} : DHCPNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\7o9y7q17.default-1382254264359\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 211560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-4-7 38144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S0 cerc6;cerc6; [x]
S0 ftsncw;ftsncw;c:\windows\system32\drivers\pgmkjp.sys --> c:\windows\system32\drivers\pgmkjp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FreemakeVideoCapture;FreemakeVideoCapture; [x]
S3 MRVW225;Zonet 802.11g USB  Drive for Windows XP;c:\windows\system32\drivers\mrvw225.sys --> c:\windows\system32\drivers\MRVW225.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-11-22 627072]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
UnknownUnknown MpKsl8319f39d;MpKsl8319f39d; [x]
.
=============== Created Last 30 ================
.
2013-10-21 11:41:29    7796464    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{45c269d4-1179-405a-83c8-f2dd72b574e3}\mpengine.dll
2013-10-21 11:11:06    --------    d-sha-r-    C:\cmdcons
2013-10-21 11:08:21    256000    ----a-w-    c:\windows\PEV.exe
2013-10-21 11:08:21    208896    ----a-w-    c:\windows\MBR.exe
2013-10-21 11:08:20    98816    ----a-w-    c:\windows\sed.exe
2013-10-20 08:34:03    7796464    ------w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-13 08:47:36    --------    d-----w-    c:\documents and settings\family\local settings\application data\PCHealth
2013-10-13 08:00:24    --------    d-----w-    C:\61b9494d9ea0a87c27dd
2013-10-10 08:13:13    --------    d-----w-    C:\e9810aa8399865b5aecc
2013-10-10 07:33:27    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-10 07:33:00    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-10 07:33:00    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-09-22 17:30:01    --------    d-----w-    c:\program files\Mozilla Maintenance Service
.
==================== Find3M  ====================
.
2013-10-08 23:49:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 23:49:23    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ----a-w-    c:\windows\system32\html.iec
2013-09-18 21:14:40    90112    ----a-w-    c:\windows\DUMP50ee.tmp
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18:38    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
.
============= FINISH:  7:25:35.16 ===============
 

Below is the Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/2/2011 7:55:10 PM
System Uptime: 10/21/2013 6:27:30 AM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0ND237
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 30.986 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1145: 9/25/2013 1:54:04 PM - Software Distribution Service 3.0
RP1146: 9/26/2013 1:50:09 PM - Software Distribution Service 3.0
RP1147: 9/27/2013 2:16:48 PM - System Checkpoint
RP1148: 9/27/2013 6:23:05 PM - Software Distribution Service 3.0
RP1149: 9/28/2013 8:14:58 PM - System Checkpoint
RP1150: 9/28/2013 10:36:07 PM - Software Distribution Service 3.0
RP1151: 9/29/2013 2:15:08 AM - Software Distribution Service 3.0
RP1152: 9/29/2013 3:00:20 AM - Software Distribution Service 3.0
RP1153: 9/30/2013 3:40:04 AM - System Checkpoint
RP1154: 9/30/2013 7:36:04 PM - Software Distribution Service 3.0
RP1155: 10/1/2013 7:34:39 PM - Software Distribution Service 3.0
RP1156: 10/2/2013 7:31:49 PM - Software Distribution Service 3.0
RP1157: 10/3/2013 7:28:48 PM - Software Distribution Service 3.0
RP1158: 10/4/2013 7:32:46 PM - Software Distribution Service 3.0
RP1159: 10/5/2013 7:20:32 PM - Software Distribution Service 3.0
RP1160: 10/6/2013 1:56:35 AM - Software Distribution Service 3.0
RP1161: 10/7/2013 2:49:01 AM - System Checkpoint
RP1162: 10/7/2013 8:03:19 AM - Software Distribution Service 3.0
RP1163: 10/8/2013 7:59:06 AM - Software Distribution Service 3.0
RP1164: 10/9/2013 8:46:50 AM - System Checkpoint
RP1165: 10/10/2013 2:43:49 AM - Software Distribution Service 3.0
RP1166: 10/10/2013 3:00:17 AM - Software Distribution Service 3.0
RP1167: 10/10/2013 3:19:27 AM - Software Distribution Service 3.0
RP1168: 10/11/2013 5:56:41 AM - Software Distribution Service 3.0
RP1169: 10/12/2013 5:39:47 AM - Software Distribution Service 3.0
RP1170: 10/12/2013 5:40:24 AM - Software Distribution Service 3.0
RP1171: 10/12/2013 5:42:45 AM - Software Distribution Service 3.0
RP1172: 10/13/2013 1:43:53 AM - Software Distribution Service 3.0
RP1173: 10/13/2013 1:59:54 AM - Software Distribution Service 3.0
RP1174: 10/13/2013 3:00:19 AM - Software Distribution Service 3.0
RP1175: 10/13/2013 3:11:34 AM - Software Distribution Service 3.0
RP1176: 10/13/2013 4:30:06 AM - Software Distribution Service 3.0
RP1177: 10/14/2013 4:49:48 AM - System Checkpoint
RP1178: 10/15/2013 1:46:56 AM - Software Distribution Service 3.0
RP1179: 10/16/2013 2:06:25 AM - System Checkpoint
RP1180: 10/16/2013 3:00:37 AM - Software Distribution Service 3.0
RP1181: 10/16/2013 3:14:51 AM - Software Distribution Service 3.0
RP1182: 10/16/2013 2:59:32 PM - Software Distribution Service 3.0
RP1183: 10/17/2013 3:41:02 AM - Software Distribution Service 3.0
RP1184: 10/18/2013 2:21:19 AM - Software Distribution Service 3.0
RP1185: 10/18/2013 2:23:53 AM - Software Distribution Service 3.0
RP1186: 10/18/2013 3:37:12 AM - Software Distribution Service 3.0
RP1187: 10/19/2013 3:32:03 AM - Software Distribution Service 3.0
RP1188: 10/20/2013 2:34:46 AM - Software Distribution Service 3.0
RP1189: 10/20/2013 3:33:52 AM - Software Distribution Service 3.0
RP1190: 10/21/2013 3:39:17 AM - System Checkpoint
RP1191: 10/21/2013 6:41:14 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS RT-N10+ Wireless Router Utilities
ATI - Software Uninstall Utility
Bonjour
Broadcom Gigabit Integrated Controller
BrowseToSave
CCleaner
Cisco Network Magic
Eusing Free Registry Cleaner
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IBFX MT4
Intel® Graphics Media Accelerator Driver
iTunes
Jarte 4.4
K-Lite Codec Pack 7.6.0 (Basic)
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Report Viewer Redistributable 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Network Magic
NirSoft VideoCacheView
OpenOffice.org 3.4.1
PowerDVD
Pure Networks Platform
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sonic Activation Module
SoundMAX
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
10/21/2013 1:27:44 AM, error: System Error [1003]  - Error code 0000004e, parameter1 00000099, parameter2 0000914e, parameter3 00000000, parameter4 00000000.
10/18/2013 2:25:07 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.159.2309.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9901.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
10/18/2013 2:25:07 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.159.2309.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9901.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
10/18/2013 2:24:07 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80246002: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.150.0).
10/18/2013 2:24:02 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.159.2309.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9901.0     Error code: 0x80246002     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/18/2013 2:23:17 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.150.0).
10/18/2013 2:23:10 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.159.2309.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9901.0     Error code: 0x80070643     Error description: Fatal error during installation.
10/18/2013 2:23:07 AM, error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.     New Engine Version: 1.1.10003.0     Previous Engine Version: 1.1.9901.0     Engine Type: Antimalware     User: NT AUTHORITY\SYSTEM     Error Code: 0x80096010     Error description: The digital signature of the object did not verify.
10/18/2013 2:23:07 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version: 1.161.150.0     Previous Signature Version: 1.159.2309.0     Update Source: User     Update Stage: Install     Source Path:      Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version: 1.1.10003.0     Previous Engine Version: 1.1.9901.0     Error code: 0x80096010     Error description: The digital signature of the object did not verify.
10/18/2013 2:23:07 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version: 1.161.150.0     Previous Signature Version: 1.159.2309.0     Update Source: User     Update Stage: Install     Source Path:      Signature Type: AntiSpyware     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version: 1.1.10003.0     Previous Engine Version: 1.1.9901.0     Error code: 0x80096010     Error description: The digital signature of the object did not verify.
10/17/2013 3:42:53 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.161.84.0).
10/17/2013 3:42:33 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.159.2309.0     Update Source: Microsoft Update Server     Update Stage: Install     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.9901.0     Error code: 0x80070643     Error description: Fatal error during installation.
10/16/2013 3:31:40 AM, error: Service Control Manager [7000]  - The FreemakeVideoCapture service failed to start due to the following error:  The system cannot find the path specified.
10/15/2013 9:38:03 AM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/15/2013 9:38:03 AM, error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort1.
10/15/2013 2:27:10 AM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error:  An instance of the service is already running.
10/15/2013 2:26:55 AM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/15/2013 2:26:43 AM, error: Microsoft Antimalware [5008]  - Microsoft Antimalware engine has been terminated due to an unexpected error.     Failure Type: Crash     Exception code: 0xc0000005     Resource: file:C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\ilngq0m0.default\sessionstore.js.tmp
10/14/2013 1:40:00 AM, error: System Error [1003]  - Error code 0000004e, parameter1 00000099, parameter2 00013e26, parameter3 00000000, parameter4 00000000.
.
==== End Of File ===========================
 

Below is the Gmer/ark.txt log

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-23 04:13:58
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-75MSA1 rev.10.01E01 74.51GB
Running: 5wpvvzwy.exe; Driver: C:\DOCUME~1\Family\LOCALS~1\Temp\kwlcyfoc.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                       fltMgr.sys

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                         DLAIFS_M.SYS

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\viddossoftware.com@*                                                                       4
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\viddossoftware.com\www                                                                     
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\vifdilio.it@*                                                                              4
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\vifdilio.it\www                                                                            
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\vifdilio.it\www@*                                                                          4
Reg             HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD,8B9E-E82E48AE5DF6}@                                                                                                            CPSCategoryPlugin Class
Reg             HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD,8B9E-E82E48AE5DF6}@App\bD                                                                                                      
Reg             HKLM\SOFTWARE\Classes\Installer\Assemblies\Global@System.Serv(ceProcess,Version="1.0.5000.0",\20ublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573"  %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg             HKLM\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,\24ersion="1.0.5000.0",PublicKeyTo(en="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573"             %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg             HKLM\SOFTWARE\Classes\Interface\{71DEE430-3482-4F8C-9824-9D11F53A6F86}\Pro8yStubClsid32@                                                                                       {00020424-0000-0000-C000-000000000046}
Reg             HKLM\SOFTWARE\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29                                                                                                            
Reg             HKLM\SOFTWARE\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29\NumMethods                                                                                                 
Reg             HKLM\SOFTWARE\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29\NumMethods@                                                                                                5
Reg             HKLM\SOFTWARE\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29\ProxyStubClsid32                                                                                           
Reg             HKLM\SOFTWARE\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29\ProxyStubClsid32@                                                                                          {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 23 October 2013 - 04:44 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 motoxfmx27

motoxfmx27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 23 October 2013 - 05:17 AM

Below is the ComboFix log. Thank you for helping.

 

ComboFix 13-10-23.01 - Family 10/23/2013   5:02.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.606 [GMT -5:00]
Running from: c:\documents and settings\Family\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-23 to 2013-10-23  )))))))))))))))))))))))))))))))
.
.
2013-10-22 08:21 . 2013-10-22 08:21    62576    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C269D4-1179-405A-83C8-F2DD72B574E3}\offreg.dll
2013-10-21 12:25 . 2013-10-21 12:25    40392    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C269D4-1179-405A-83C8-F2DD72B574E3}\MpKsl4cfff493.sys
2013-10-21 11:41 . 2013-10-14 04:39    7796464    ------w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C269D4-1179-405A-83C8-F2DD72B574E3}\mpengine.dll
2013-10-20 08:34 . 2013-10-14 04:39    7796464    ------w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-13 08:47 . 2013-10-13 08:47    --------    d-----w-    c:\documents and settings\Family\Local Settings\Application Data\PCHealth
2013-10-13 08:00 . 2013-10-13 08:04    --------    d-----w-    C:\61b9494d9ea0a87c27dd
2013-10-10 08:13 . 2013-10-10 08:13    --------    d-----w-    C:\e9810aa8399865b5aecc
2013-10-10 07:33 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-10 07:33 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-10 07:33 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 23:49 . 2012-04-04 22:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-08 23:49 . 2011-06-03 19:12    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2008-04-14 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2008-04-14 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-09-18 21:14 . 2009-09-29 09:14    90112    ----a-w-    c:\windows\DUMP50ee.tmp
2013-08-29 01:31 . 2008-04-14 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 12:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2008-04-14 12:00    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-14 19:46    77824    ----a-w-    c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-14 19:49    94208    ----a-w-    c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 18:35    152392    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23    118784    ----a-w-    c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-10-14 19:50    114688    ----a-w-    c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00    1116920    ----a-w-    c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22    221184    ----a-w-    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42    1404928    ----a-w-    c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\Rescue.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\LiveUpdate.exe"=
"c:\\Program Files\\ASUS\\RT-N10+ Wireless Router Utilities\\QISWizard.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl4cfff493;MpKsl4cfff493;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C269D4-1179-405A-83C8-F2DD72B574E3}\MpKsl4cfff493.sys [10/21/2013 7:25 AM 40392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [4/7/2010 3:20 PM 38144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S0 cerc6;cerc6; [x]
S0 ftsncw;ftsncw;c:\windows\system32\drivers\pgmkjp.sys --> c:\windows\system32\drivers\pgmkjp.sys [?]
S2 FreemakeVideoCapture;FreemakeVideoCapture; [x]
S3 MRVW225;Zonet 802.11g USB  Drive for Windows XP;c:\windows\system32\DRIVERS\MRVW225.sys --> c:\windows\system32\DRIVERS\MRVW225.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KWLCYFOC
*NewlyCreated* - MPKSL4CFFF493
*NewlyCreated* - WS2IFSL
*Deregistered* - kwlcyfoc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:49]
.
2013-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 08:42]
.
2013-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-13 08:42]
.
2013-10-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 15:12]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\7o9y7q17.default-1382254264359\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-23 05:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29*5}\NumMethods]
@="5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{860A99A0-21BC-11D0-82B4-00A0C90C29*5}\ProxyStubClsid32]
@Class="REG_SZ"
@="{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(5976)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-10-23  05:18:06
ComboFix-quarantined-files.txt  2013-10-23 10:18
ComboFix2.txt  2013-10-21 11:43
.
Pre-Run: 33,206,587,392 bytes free
Post-Run: 33,191,145,472 bytes free
.
- - End Of File - - 1725FC210C306E8704F7CB8E9F74B138
8F558EB6672622401DA993E1E865C861
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 26 October 2013 - 06:31 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 30 October 2013 - 03:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users