SpyWare BeWare! ASAP
March 28, 2017, 05:09:10 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2   Go Down
  Print  
Author Topic: disk antivirus professional / GetSavin Ads  (Read 2735 times)
0 Members and 1 Guest are viewing this topic.
Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« on: March 13, 2013, 09:23:56 PM »

DDS.scr Logs:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by Nick at 19:02:25 on 2013-03-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.675 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Updater26276\Updater26276.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {DD73DE73-4B2F-46C4-B57B-B86B4B9F39F4} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Updater26276.exe] c:\documents and settings\nick\local settings\application data\updater26276\Updater26276.exe /extensionid=26276 /extensionname='Deal Spy' /chromeid=dieckmbeafcedhihaiadnaanclccfihd /stayidle /delay=300
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BFC2AB17-789C-478D-B21E-512238566BCE} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-13 00:10; {dbc6177e-58a2-454e-9ddc-173ee6ba17e1}; c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\extensions\{dbc6177e-58a2-454e-9ddc-173ee6ba17e1}.xpi
FF - ExtSQL: 2013-03-13 01:07; cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com; c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
RUnknown SASKUTIL;SASKUTIL;
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\program files\emsisoft anti-malware\a2ddax86.sys --> c:\program files\emsisoft anti-malware\a2ddax86.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\fxxandroidusb.sys [2010-3-30 25728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\fxx\qcusbser.sys [2010-3-30 103424]
S3 RtlPacket;RtlPacket;c:\windows\system32\drivers\packet.sys --> c:\windows\system32\drivers\packet.sys [?]
.
=============== Created Last 30 ================
.
2013-03-13 13:19:13   --------   d-----w-   c:\program files\STOPzilla!
2013-03-13 13:19:13   --------   d-----w-   c:\documents and settings\all users\application data\STOPzilla!
2013-03-13 12:39:24   --------   d-----w-   c:\program files\Enigma Software Group
2013-03-13 12:39:07   --------   d-----w-   c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-13 12:39:03   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2013-03-13 12:00:31   --------   d-----w-   c:\documents and settings\nick\application data\Anvisoft
2013-03-13 11:48:46   --------   d-----w-   c:\documents and settings\all users\application data\Anvisoft
2013-03-13 11:48:19   --------   d-----w-   c:\program files\Anvisoft
2013-03-13 08:19:06   --------   d-----w-   c:\program files\AVAST Software
2013-03-13 08:18:00   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2013-03-13 08:07:42   --------   d-----w-   c:\documents and settings\nick\local settings\application data\Updater26276
2013-03-13 08:07:30   --------   d-----w-   c:\program files\Deal Spy
2013-03-13 08:02:11   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-03-13 07:41:34   --------   d-sh--w-   c:\windows\system32\AI_RecycleBin
2013-03-13 07:41:25   --------   d-----w-   c:\documents and settings\all users\application data\Strongvault Online Backup
2013-03-13 07:41:09   --------   d-sh--w-   C:\AI_RecycleBin
2013-03-13 07:07:55   --------   d-----w-   c:\documents and settings\all users\application data\89008F6A02243A7300008900066E3EB6
2013-03-13 07:07:11   338451   ----a-w-   c:\documents and settings\nick\application data\dcbas.dll
2013-03-13 07:06:29   --------   d-----w-   c:\documents and settings\nick\application data\PriceGong
2013-03-05 07:11:23   --------   d-----w-   c:\documents and settings\nick\local settings\application data\WMTools Downloaded Files
.
==================== Find3M  ====================
.
2013-03-12 22:12:15   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 22:12:15   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-14 23:49:28   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:02:55.26 ===============


DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2010 9:03:56 PM
System Uptime: 3/13/2013 6:39:01 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. |  |       
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 3.821 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AIM 7
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
B57Inst
BCM V.92 56K Modem
Broadcom Driver Installer
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer The First Decade
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Free Picture Resize Starter 4.5
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 10.0
HP Photo Creations
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Update
HPPhotoSmartPhotobookWebPack1
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet II
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
MSXML 6 Service Pack 2 (KB973686)
OCR Software by I.R.I.S. 10.0
OpenAL
PanoStandAlone
Phone F USB Driver
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skins
SmartWebPrintingOC
Sound Blaster Live!
Status
STOPzilla
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
VLC media player 1.1.4
WebFldrs XP
WebReg
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.3.5
Wondershare Video Converter Ultimate(Build 5.7.1.1)
.
==== Event Viewer Messages From Past Week ========
.
3/13/2013 6:29:18 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm is3srv PCIIde
3/13/2013 6:29:18 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
3/13/2013 6:27:58 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2013 6:11:18 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
3/13/2013 5:26:48 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  asdnet asdrm aswSnx aswSP aswTdi Fips intelppm
3/13/2013 5:10:29 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
3/13/2013 4:29:22 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi Fips intelppm
3/13/2013 4:26:01 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/13/2013 3:52:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:39:15 PM, error: Service Control Manager [7000]  - The STOPzilla Service service failed to start due to the following error:  The system cannot find the file specified.
3/13/2013 3:39:15 PM, error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================


Hello,

Need some help removing a rogue antivirus and GetSavin ads. Was looking up slingshot bands on google and clicked on a image. Once I clicked on the image my pc slowed down a bit and my firefox browser just shut down. About 3 mins later I start getting pop ups and a rogue antivirus started up.

When ever I try opeining up websites I have booked marked I will either get redirected or I get a blank white screen. I also noticed that Internet Explorer keeps trying to open every sec. My anti virus would provent and close the adds but it just keeps trying.


Steps taken:

I reset my pc and put it into safe mode. I ran Rkill and did a full scan with Malwarebytes. That seemed to remove the rogue antivirus that kept poping up. It didn't remove the GetSavin ads or the redirects. I decided to go back into safe mode ran Rkill again and ran Superantispyware. That stoped the Internet explorer pops up but I still can't get rid of the Getsavin ads or redirects. I went back into Safe mode and ran Rkill one more time and did one last full scan with Malewarebytes. Still has not removed the virus completely.

I tried removing Stopzilla but It keeps freezing up my pc.

Logged
Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #1 on: March 13, 2013, 09:26:30 PM »

I did uninstall Utorrent just forgot to restart my pc. Plz do not close my thread.
Logged
Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #2 on: March 13, 2013, 09:32:54 PM »

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by Nick at 19:28:57 on 2013-03-13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.537 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Nick\Local Settings\Application Data\Updater26276\Updater26276.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {DD73DE73-4B2F-46C4-B57B-B86B4B9F39F4} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Updater26276.exe] c:\documents and settings\nick\local settings\application data\updater26276\Updater26276.exe /extensionid=26276 /extensionname='Deal Spy' /chromeid=dieckmbeafcedhihaiadnaanclccfihd /stayidle /delay=300
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BFC2AB17-789C-478D-B21E-512238566BCE} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-03-13 00:10; {dbc6177e-58a2-454e-9ddc-173ee6ba17e1}; c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\extensions\{dbc6177e-58a2-454e-9ddc-173ee6ba17e1}.xpi
FF - ExtSQL: 2013-03-13 01:07; cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com; c:\documents and settings\nick\application data\mozilla\firefox\profiles\pnjd1yr2.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\program files\emsisoft anti-malware\a2ddax86.sys --> c:\program files\emsisoft anti-malware\a2ddax86.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\fxxandroidusb.sys [2010-3-30 25728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\fxx\qcusbser.sys [2010-3-30 103424]
S3 RtlPacket;RtlPacket;c:\windows\system32\drivers\packet.sys --> c:\windows\system32\drivers\packet.sys [?]
.
=============== Created Last 30 ================
.
2013-03-13 13:19:13   --------   d-----w-   c:\program files\STOPzilla!
2013-03-13 13:19:13   --------   d-----w-   c:\documents and settings\all users\application data\STOPzilla!
2013-03-13 12:39:24   --------   d-----w-   c:\program files\Enigma Software Group
2013-03-13 12:39:07   --------   d-----w-   c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-13 12:39:03   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2013-03-13 12:00:31   --------   d-----w-   c:\documents and settings\nick\application data\Anvisoft
2013-03-13 11:48:46   --------   d-----w-   c:\documents and settings\all users\application data\Anvisoft
2013-03-13 11:48:19   --------   d-----w-   c:\program files\Anvisoft
2013-03-13 08:19:06   --------   d-----w-   c:\program files\AVAST Software
2013-03-13 08:18:00   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2013-03-13 08:07:42   --------   d-----w-   c:\documents and settings\nick\local settings\application data\Updater26276
2013-03-13 08:07:30   --------   d-----w-   c:\program files\Deal Spy
2013-03-13 08:02:11   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-03-13 07:41:34   --------   d-sh--w-   c:\windows\system32\AI_RecycleBin
2013-03-13 07:41:25   --------   d-----w-   c:\documents and settings\all users\application data\Strongvault Online Backup
2013-03-13 07:41:09   --------   d-sh--w-   C:\AI_RecycleBin
2013-03-13 07:07:55   --------   d-----w-   c:\documents and settings\all users\application data\89008F6A02243A7300008900066E3EB6
2013-03-13 07:07:11   338451   ----a-w-   c:\documents and settings\nick\application data\dcbas.dll
2013-03-13 07:06:29   --------   d-----w-   c:\documents and settings\nick\application data\PriceGong
2013-03-05 07:11:23   --------   d-----w-   c:\documents and settings\nick\local settings\application data\WMTools Downloaded Files
.
==================== Find3M  ====================
.
2013-03-12 22:12:15   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 22:12:15   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-14 23:49:28   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:29:41.28 ===============



DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/3/2010 9:03:56 PM
System Uptime: 3/13/2013 7:27:26 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  |       
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 3.821 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
AIM 7
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
B57Inst
BCM V.92 56K Modem
Broadcom Driver Installer
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer The First Decade
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Free Picture Resize Starter 4.5
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 10.0
HP Photo Creations
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Update
HPPhotoSmartPhotobookWebPack1
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet II
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
MSXML 6 Service Pack 2 (KB973686)
OCR Software by I.R.I.S. 10.0
OpenAL
PanoStandAlone
Phone F USB Driver
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skins
SmartWebPrintingOC
Sound Blaster Live!
Status
STOPzilla
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
VLC media player 1.1.4
WebFldrs XP
WebReg
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinSCP 4.3.5
Wondershare Video Converter Ultimate(Build 5.7.1.1)
.
==== Event Viewer Messages From Past Week ========
.
3/13/2013 6:29:18 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm is3srv PCIIde
3/13/2013 6:29:18 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
3/13/2013 6:27:58 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2013 6:11:18 AM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
3/13/2013 5:26:48 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  asdnet asdrm aswSnx aswSP aswTdi Fips intelppm
3/13/2013 5:10:29 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
3/13/2013 4:29:22 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi Fips intelppm
3/13/2013 4:26:01 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/13/2013 3:52:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:52:11 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 3:39:15 PM, error: Service Control Manager [7000]  - The STOPzilla Service service failed to start due to the following error:  The system cannot find the file specified.
3/13/2013 3:39:15 PM, error: Service Control Manager [7000]  - The sbapifs service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================

Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #3 on: March 14, 2013, 02:43:58 AM »

Hi and welcome to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================



ROOTKIT

Your computer has multiple infections, including a ROOTKIT - Win32/Sirefef. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. The rootkit gives an intruder remote backdoor access to your computer. This gives intruders complete control of your computer to log your keystrokes, steal personal & critical system information, and Download and Execute files
 
You are strongly advised to do the following:

If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information:

  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
    DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
.

Though the malware has been identified and can be killed, due to its rootkit & backdoor functionality, and there is no way that it can be sure it can be trusted again. Many experts in the security community believe that once infected with this type of malware, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

Please read these for more information:
   
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.


Please let me know what you have decided to do in your next post.
Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #4 on: March 14, 2013, 04:28:03 PM »

Melboy,

Thank you for the swift reply. Yes I would like you to help me remove the rootkit on my pc. I am aware of the risk and would like to proceed.

Thanks.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #5 on: March 14, 2013, 04:33:34 PM »

Hi

ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:
 Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications

  • Double click combofix.exe & follow the prompts.
  • Combofix may reboot your PC several times. This is normal.
  • When finished, it will produce a log.  Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix.
.

A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.
Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #6 on: March 14, 2013, 07:16:39 PM »

ComboFix 13-03-14.02 - Nick 03/14/2013  17:01:23.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.685 [GMT -7:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Nick\Application Data\dcbas.dll
c:\documents and settings\Nick\Application Data\PriceGong
c:\documents and settings\Nick\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Nick\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Nick\Local Settings\Application Data\Updater26276\Updater26276.exe
c:\windows\system32\SET54.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET69F.tmp
c:\windows\system32\SET6A0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-15 to 2013-03-15  )))))))))))))))))))))))))))))))
.
.
2013-03-14 23:41 . 2013-02-19 11:58   6954968   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50018EFC-D5F4-4D0D-A3D0-085E3F9E2F3B}\mpengine.dll
2013-03-14 23:39 . 2011-07-13 03:39   6881616   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 13:19 . 2013-03-14 01:51   --------   d-----w-   c:\program files\STOPzilla!
2013-03-13 13:19 . 2013-03-13 13:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2013-03-13 12:39 . 2013-03-13 12:39   --------   d-----w-   c:\program files\Enigma Software Group
2013-03-13 12:39 . 2013-03-13 13:11   --------   d-----w-   c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-13 12:39 . 2013-03-13 12:39   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2013-03-13 12:00 . 2013-03-13 12:00   --------   d-----w-   c:\documents and settings\Nick\Application Data\Anvisoft
2013-03-13 11:48 . 2013-03-13 11:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Anvisoft
2013-03-13 11:48 . 2013-03-13 12:28   --------   d-----w-   c:\program files\Anvisoft
2013-03-13 08:22 . 2013-03-06 22:32   228600   ----a-w-   c:\windows\system32\aswBoot.exe
2013-03-13 08:19 . 2013-03-13 08:19   --------   d-----w-   c:\program files\AVAST Software
2013-03-13 08:18 . 2013-03-13 13:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-13 08:07 . 2013-03-15 00:07   --------   d-----w-   c:\documents and settings\Nick\Local Settings\Application Data\Updater26276
2013-03-13 08:07 . 2013-03-13 10:51   --------   d-----w-   c:\program files\Deal Spy
2013-03-13 08:02 . 2013-03-13 08:02   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-sh--w-   c:\windows\system32\AI_RecycleBin
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Strongvault Online Backup
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-----w-   C:\AI_RecycleBin
2013-03-13 07:15 . 2013-03-13 13:19   --------   d-----w-   c:\documents and settings\Administrator.EXPLICIT.000
2013-03-13 07:07 . 2013-03-13 07:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\89008F6A02243A7300008900066E3EB6
2013-03-05 07:11 . 2013-03-05 07:11   --------   d-----w-   c:\documents and settings\Nick\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 22:12 . 2012-07-19 09:51   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-12 22:12 . 2012-06-12 14:06   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 22:59 . 2013-01-20 22:59   195296   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2012-06-16 11:15 . 2012-05-03 09:44   85472   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-21 1406976]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
backup=c:\windows\pss\MultiMon Taskbar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Nick\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17   427328   ----a-w-   c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   --sh--w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32   74752   ----a-w-   c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\program files\Emsisoft Anti-Malware\a2ddax86.sys --> c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\fxxandroidusb.sys [3/30/2010 12:31 PM 25728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\FXX\qcusbser.sys [3/30/2010 12:31 PM 103424]
S3 RtlPacket;RtlPacket;c:\windows\system32\Drivers\packet.sys --> c:\windows\system32\Drivers\packet.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 22:12]
.
2013-03-14 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-03-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF - ExtSQL: 2013-03-13 00:10; {dbc6177e-58a2-454e-9ddc-173ee6ba17e1}; c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\{dbc6177e-58a2-454e-9ddc-173ee6ba17e1}.xpi
FF - ExtSQL: 2013-03-13 01:07; cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com; c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
BHO-{DD73DE73-4B2F-46C4-B57B-B86B4B9F39F4} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-Updater26276.exe - c:\documents and settings\Nick\Local Settings\Application Data\Updater26276\Updater26276.exe
Notify-TPSvc - TPSvc.dll
SafeBoot-80245056.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 17:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-14  17:14:36 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-15 00:14
.
Pre-Run: 3,811,155,968 bytes free
Post-Run: 6,704,844,800 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 470C10C113FB2716C2C106C5577596E5
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #7 on: March 14, 2013, 07:33:22 PM »

Hi

Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Quote
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
STOPzilla
VLC media player 1.1.4



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:

  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.

    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #8 on: March 14, 2013, 09:47:59 PM »

I did as instructed. I'm still unable to uninstall Stopzilla. Malwarebytes did not save the latest log. Malwarebytes did detect a rootkit and some other malware.

What should I do?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #9 on: March 15, 2013, 02:48:40 AM »

Hi

Don't worry about stopzilla for now, but I do need to see that mbam log.


Malwarebytes' Anti-Malware (MBAM)

    The log can also be found here:

  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.
.

If not, go to the settings tab > General settings tab and ensure "Automatically save log file after scan completes" is checked.

Then re-scan as above and post the log.
Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #10 on: March 16, 2013, 12:46:53 AM »

Database version: v2013.03.13.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: [administrator]

3/15/2013 10:33:50 PM
mbam-log-2013-03-15 (22-33-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258563
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #11 on: March 16, 2013, 03:12:37 AM »

Hi

Is there any reason you run it in safe mode? Please run it again in normal mode & post the contents of the log.

Let me know if you are having problems running it in normal mode.





Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #12 on: March 16, 2013, 03:15:53 PM »

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.16.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nick :: EXPLICIT [administrator]

3/16/2013 12:57:05 PM
mbam-log-2013-03-16 (12-57-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262521
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #13 on: March 17, 2013, 05:10:28 AM »

Thanks.

FYI - always run mbam from normal mode wherever possible - it's where it's at it's best . If you find that malware blocks mbam from starting in normal mode, use chameleon. This is explained in the FAQ's.

http://helpdesk.malwarebytes.org/entries/21892442-Should-I-scan-with-Malwarebytes-Anti-Malware-in-Safe-Mode-

We're nearly done - how are things running?


COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not for everyday use.

If combofix prompts you an update is available, please allow it to update.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (Do not include Code:):

Code:
http://maddoktor2.com/forums/index.php?PHPSESSID=21493d27bb02c99f42e5773ebeaea879&topic=64629.msg161122#msg161122

Collect::[136]
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\{dbc6177e-58a2-454e-9ddc-173ee6ba17e1}.xpi

Folder::
c:\program files\STOPzilla!
c:\program files\Enigma Software Group
c:\documents and settings\Nick\Local Settings\Application Data\Updater26276
c:\program files\Deal Spy

Firefox::
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\
FF - prefs.js: keyword.URL -

DirLook::
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com


    .

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    .
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
    .

    .
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.
===========





Logged

Deftones4Life
Newbie
*
Offline Offline

Date Registered:March 13, 2013, 09:00:02 PM
Posts: 16


« Reply #14 on: March 17, 2013, 08:07:20 PM »

ComboFix 13-03-17.01 - Nick 03/17/2013  17:52:20.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.728 [GMT -7:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
file zipped: c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\{dbc6177e-58a2-454e-9ddc-173ee6ba17e1}.xpi
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nick\Local Settings\Application Data\Updater26276
c:\program files\Deal Spy
c:\program files\Deal Spy\background.html
c:\program files\Deal Spy\ButtonUtil.dll
c:\program files\Deal Spy\Deal Spy-bg.exe
c:\program files\Deal Spy\Deal Spy.exe
c:\program files\Deal Spy\Deal Spy.ico
c:\program files\Deal Spy\Deal Spy.ini
c:\program files\Deal Spy\Installer.log
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130313_053939.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
c:\program files\STOPzilla!
c:\program files\STOPzilla!\f_in_box.dll
c:\program files\STOPzilla!\gfiarksh.dll
c:\program files\STOPzilla!\IS3Base5.dll
c:\program files\STOPzilla!\IS3DBA5.dll
c:\program files\STOPzilla!\IS3Hks5.dll
c:\program files\STOPzilla!\IS3HTUI5.dll
c:\program files\STOPzilla!\IS3Inet5.dll
c:\program files\STOPzilla!\IS3Svc5.dll
c:\program files\STOPzilla!\IS3UI5.dll
c:\program files\STOPzilla!\IS3Win325.dll
c:\program files\STOPzilla!\sbap.dll
c:\program files\STOPzilla!\sbte.dll
c:\program files\STOPzilla!\STOPzilla.exe
c:\program files\STOPzilla!\SZBase5.dll
c:\program files\STOPzilla!\SZCfgSvc.dll
c:\program files\STOPzilla!\SZClientCom.dll
c:\program files\STOPzilla!\SZClLic.dll
c:\program files\STOPzilla!\SZComp5.dll
c:\program files\STOPzilla!\SZEngine.dll
c:\program files\STOPzilla!\SZExtrSS.dll
c:\program files\STOPzilla!\SZHistory.dll
c:\program files\STOPzilla!\SZHistUI.dll
c:\program files\STOPzilla!\SZIO5.dll
c:\program files\STOPzilla!\SZJustice.dll
c:\program files\STOPzilla!\SZLMScn.dll
c:\program files\STOPzilla!\SZQrntn.dll
c:\program files\STOPzilla!\SZRes5En.dll
c:\program files\STOPzilla!\SZRollup.dll
c:\program files\STOPzilla!\SZSchSvc.dll
c:\program files\STOPzilla!\SZScnSvc.dll
c:\program files\STOPzilla!\SZSnsrSv.dll
c:\program files\STOPzilla!\SZSplash.dll
c:\program files\STOPzilla!\SZSvcHost.dll
c:\program files\STOPzilla!\SZTrayIcon.dll
c:\program files\STOPzilla!\SZTrgSS.dll
c:\program files\STOPzilla!\SZUniTrg.dll
c:\program files\STOPzilla!\SZWndSnsr.dll
c:\program files\STOPzilla!\vipre.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_szserver
-------\Service_szserver
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-18 to 2013-03-18  )))))))))))))))))))))))))))))))
.
.
2013-03-13 13:19 . 2013-03-13 13:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2013-03-13 12:39 . 2013-03-13 13:11   --------   d-----w-   c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-03-13 12:39 . 2013-03-13 12:39   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2013-03-13 12:00 . 2013-03-13 12:00   --------   d-----w-   c:\documents and settings\Nick\Application Data\Anvisoft
2013-03-13 11:48 . 2013-03-13 11:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\Anvisoft
2013-03-13 11:48 . 2013-03-13 12:28   --------   d-----w-   c:\program files\Anvisoft
2013-03-13 08:22 . 2013-03-06 22:32   228600   ----a-w-   c:\windows\system32\aswBoot.exe
2013-03-13 08:19 . 2013-03-13 08:19   --------   d-----w-   c:\program files\AVAST Software
2013-03-13 08:18 . 2013-03-13 13:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-13 08:02 . 2013-03-13 08:02   --------   d-----w-   C:\TDSSKiller_Quarantine
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-sh--w-   c:\windows\system32\AI_RecycleBin
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Strongvault Online Backup
2013-03-13 07:41 . 2013-03-13 07:54   --------   d-----w-   C:\AI_RecycleBin
2013-03-13 07:15 . 2013-03-13 13:19   --------   d-----w-   c:\documents and settings\Administrator.EXPLICIT.000
2013-03-13 07:07 . 2013-03-13 07:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\89008F6A02243A7300008900066E3EB6
2013-03-05 07:11 . 2013-03-05 07:11   --------   d-----w-   c:\documents and settings\Nick\Local Settings\Application Data\WMTools Downloaded Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 03:42 . 2012-07-19 09:51   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-15 03:42 . 2012-06-12 14:06   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2010-10-18 08:04   232336   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\pnjd1yr2.default\extensions\cca2b8f2-77b0-4282-9533-b31982107a80@ef5174e8-db70-4d61-88df-24b975460bd0.com ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2011-12-21 1406976]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MultiMon Taskbar.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk
backup=c:\windows\pss\MultiMon Taskbar.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nick^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Nick\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17   427328   ----a-w-   c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   --sh--w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32   74752   ----a-w-   c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\program files\Emsisoft Anti-Malware\a2ddax86.sys --> c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [?]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\fxxandroidusb.sys [3/30/2010 12:31 PM 25728]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\FXX\qcusbser.sys [3/30/2010 12:31 PM 103424]
S3 RtlPacket;RtlPacket;c:\windows\system32\Drivers\packet.sys --> c:\windows\system32\Drivers\packet.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-16 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-17 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-17  18:05:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-18 01:05
ComboFix2.txt  2013-03-15 00:14
.
Pre-Run: 6,338,838,528 bytes free
Post-Run: 7,085,371,392 bytes free
.
- - End Of File - - 74C77BD698FAF51925FBEE403C73F037
Upload was successful
Logged
Pages: [1] 2   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!